From 2a09c979baef7c09303b0dd5c3a8030a485e080a Mon Sep 17 00:00:00 2001 From: xfarrow Date: Mon, 16 Oct 2023 15:35:37 +0200 Subject: [PATCH] jwt key in .env --- backend/apis/nodejs/.env | 1 + backend/apis/nodejs/api_controller.js | 10 ++++++---- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/backend/apis/nodejs/.env b/backend/apis/nodejs/.env index 3f3d8b6..7ef04df 100644 --- a/backend/apis/nodejs/.env +++ b/backend/apis/nodejs/.env @@ -2,6 +2,7 @@ # API server settings API_SERVER_PORT = 3000 +JWT_SECRET_KEY = jwt-secret # Change this # Database settings POSTGRES_SERVER = localhost diff --git a/backend/apis/nodejs/api_controller.js b/backend/apis/nodejs/api_controller.js index 1f2d260..111c0c7 100644 --- a/backend/apis/nodejs/api_controller.js +++ b/backend/apis/nodejs/api_controller.js @@ -283,7 +283,9 @@ function generateToken(person_id) { person_id: person_id }; - const token = jwt.sign(payload, 'your-secret-key', { expiresIn: '1h' }); + const token = jwt.sign(payload, process.env.JWT_SECRET_KEY, { + expiresIn: '1h' + }); return token; } @@ -292,12 +294,12 @@ function verifyToken(req, res, next) { const token = req.headers.authorization; if (!token) { - return res.status(403).send('No token provided'); + return res.status(401).send({error : 'No token provided'}); } - jwt.verify(token, 'your-secret-key', (err, decoded) => { + jwt.verify(token, process.env.JWT_SECRET_KEY, (err, decoded) => { if (err) { - return res.status(401).send('Failed to authenticate token'); + return res.status(401).send({error : 'Failed to authenticate token'}); } // If the token is valid, store the decoded data in the request object