mirror of
https://github.com/xfarrow/blink
synced 2025-03-19 12:40:03 +01:00
The API server now respects the Bearer token scheme
This commit is contained in:
xfarrow
parent
1565cab2ba
commit
572ca83a8f
File diff suppressed because one or more lines are too long
@ -100,8 +100,8 @@ async function findByOrganizationId(req, res) {
|
||||
|
||||
const routes = express.Router();
|
||||
routes.get('/:id/joboffers', findByOrganizationId);
|
||||
routes.post('/:id/joboffers', jwtUtils.verifyToken, insert);
|
||||
routes.delete('/joboffers/:jobOfferId', jwtUtils.verifyToken, remove);
|
||||
routes.post('/:id/joboffers', jwtUtils.extractToken, insert);
|
||||
routes.delete('/joboffers/:jobOfferId', jwtUtils.extractToken, remove);
|
||||
|
||||
module.exports = {
|
||||
routes
|
||||
|
||||
@ -78,8 +78,8 @@ async function removeOrganizationAdmin(req, res) {
|
||||
}
|
||||
|
||||
const routes = express.Router();
|
||||
routes.post('/:organizationId/admins', jwtUtils.verifyToken, organizationAdminValidator.addOrganizationAdminValidator, addOrganizationAdmin);
|
||||
routes.delete('/:organizationId/admins/me', jwtUtils.verifyToken, organizationAdminValidator.removeOrganizationAdminValidator, removeOrganizationAdmin);
|
||||
routes.post('/:organizationId/admins', jwtUtils.extractToken, organizationAdminValidator.addOrganizationAdminValidator, addOrganizationAdmin);
|
||||
routes.delete('/:organizationId/admins/me', jwtUtils.extractToken, organizationAdminValidator.removeOrganizationAdminValidator, removeOrganizationAdmin);
|
||||
|
||||
module.exports = {
|
||||
routes
|
||||
|
||||
@ -95,8 +95,8 @@ async function deleteOrganizationPost(req, res) {
|
||||
}
|
||||
|
||||
const routes = express.Router();
|
||||
routes.post('/:idOrganization/posts', jwtUtils.verifyToken, createOrganizationPost);
|
||||
routes.delete('/posts/:id', jwtUtils.verifyToken, deleteOrganizationPost);
|
||||
routes.post('/:idOrganization/posts', jwtUtils.extractToken, createOrganizationPost);
|
||||
routes.delete('/posts/:id', jwtUtils.extractToken, deleteOrganizationPost);
|
||||
|
||||
// Exporting a function
|
||||
// means making a JavaScript function defined in one
|
||||
|
||||
@ -181,15 +181,15 @@ async function filter(req, res) {
|
||||
}
|
||||
}
|
||||
|
||||
// Here we can not use the jwtUtils.verifyToken as the Router's middleware directly, as the latter
|
||||
// Here we can not use the jwtUtils.extractToken as the Router's middleware directly, as the latter
|
||||
// will be mounted under /organizations, but there are other resources under /organizations
|
||||
// that do not require the authorization, e.g. job offers
|
||||
const routes = express.Router();
|
||||
routes.get('/:id', organizationValidator.deleteOrGetOrganizationValidator, getOrganization);
|
||||
routes.post('/filter', organizationValidator.filterValidator, filter);
|
||||
routes.post('/', jwtUtils.verifyToken, organizationValidator.createOrganizationValidator, createOrganization);
|
||||
routes.patch('/:id', jwtUtils.verifyToken, organizationValidator.updateOrganizationValidator, updateOrganization);
|
||||
routes.delete('/:id', jwtUtils.verifyToken, organizationValidator.deleteOrGetOrganizationValidator, deleteOrganization);
|
||||
routes.post('/', jwtUtils.extractToken, organizationValidator.createOrganizationValidator, createOrganization);
|
||||
routes.patch('/:id', jwtUtils.extractToken, organizationValidator.updateOrganizationValidator, updateOrganization);
|
||||
routes.delete('/:id', jwtUtils.extractToken, organizationValidator.deleteOrGetOrganizationValidator, deleteOrganization);
|
||||
|
||||
module.exports = {
|
||||
routes
|
||||
|
||||
@ -329,7 +329,7 @@ publicRoutes.get('/:id/details', getPerson);
|
||||
publicRoutes.post('/me/activation', personValidator.confirmActivationValidator, confirmActivation);
|
||||
|
||||
const protectedRoutes = express.Router(); // Routes requiring token
|
||||
protectedRoutes.use(jwtUtils.verifyToken);
|
||||
protectedRoutes.use(jwtUtils.extractToken);
|
||||
protectedRoutes.get('/me', getMyself);
|
||||
protectedRoutes.patch('/me', personValidator.updatePersonValidator, updatePerson);
|
||||
protectedRoutes.delete('/me', deletePerson);
|
||||
|
||||
@ -25,31 +25,40 @@ function generateToken(person_id) {
|
||||
return token;
|
||||
}
|
||||
|
||||
// Middlware
|
||||
function verifyToken(req, res, next) {
|
||||
const token = req.headers.authorization;
|
||||
/**
|
||||
* Verifies the validity of the token. If it is valid,
|
||||
* sets the req.jwt property to the decoded object
|
||||
* contained within the jwt
|
||||
*/
|
||||
function extractToken(req, res, next) {
|
||||
|
||||
if (!token) {
|
||||
const authHeader = req.headers.authorization;
|
||||
|
||||
// Obtain the token using the Bearer scheme
|
||||
// The Bearer token, contained in the header, has the following
|
||||
// structure: "Bearer <jwt>"
|
||||
if (authHeader && authHeader.startsWith('Bearer ')) {
|
||||
const token = authHeader.substring(7);
|
||||
try {
|
||||
const decoded = jwt.verify(token, process.env.JWT_SECRET_KEY);
|
||||
// If the token is valid, store the decoded data in the request object
|
||||
// req.jwt will contain the payload created in generateToken
|
||||
req.jwt = decoded;
|
||||
next();
|
||||
} catch (error) {
|
||||
return res.status(401).send({
|
||||
error: 'Failed to authenticate token'
|
||||
});
|
||||
}
|
||||
} else {
|
||||
return res.status(401).send({
|
||||
error: 'No token provided'
|
||||
});
|
||||
}
|
||||
|
||||
jwt.verify(token, process.env.JWT_SECRET_KEY, (err, decoded) => {
|
||||
if (err) {
|
||||
return res.status(401).send({
|
||||
error: 'Failed to authenticate token'
|
||||
});
|
||||
}
|
||||
|
||||
// If the token is valid, store the decoded data in the request object
|
||||
// req.jwt will contain the payload created in generateToken
|
||||
req.jwt = decoded;
|
||||
next();
|
||||
});
|
||||
}
|
||||
|
||||
module.exports = {
|
||||
generateToken,
|
||||
verifyToken
|
||||
extractToken
|
||||
};
|
||||
Loading…
x
Reference in New Issue
Block a user