Tuesday 16 May 2017

checking Jwt token on every request?

I am developing a android aplication with nodejs and postgreSQL, at the moment i just have the login and the register.

When i do a login and everything is fine the server send me a token, that token is stored on the device SharedPreference, now my confusion is, do i need to decode this token on every request, or do i need to do it just 1 time?

in this tutorial at the end, he decodes on every route the token, but i don't need to do that when i do for example a request to register.

What is the best way to implement this?

here is my server code:

//****************************************************Begin of login request **********************************/
router.post('/login', function (req, res, next) {
    if (JSON.stringify(req.body) == "{}") {
        return res.status(400).json({ Error: "Login request body is empty" });
    }
    if (!req.body.username || !req.body.password) {
        return res.status(400).json({ Error: "Missing fields for login" });
    }

    // search a user to login
    User.findOne({ where: { username: req.body.username } }) // searching a user with the same username and password sended in req.body
        .then(function (user) {
            if (user && user.validPassword(req.body.password)) {
                //return res.status(200).json({ message: "loged in!" }); // username and password match


                var payload = { user: user };

                // create a token
                var token = jwt.sign(payload, 'superSecret', {
                    expiresIn: 60 * 60 * 24
                });


                // return the information including token as JSON
                res.json({
                    success: true,
                    message: 'Enjoy your token!',
                    token: token
                });

            }
            else {
                return res.status(401).json({ message: "Unauthorized" }); // if there is no user with specific fields send
            }
        }).catch(function (err) {
            console.error(err.stack)
            return res.status(500).json({ message: "server issues when trying to login!" }); // server problems
        });
});
//****************************************************End of Login request **********************************/



//****************************************************Begin of register request******************************/
router.post('/register', function (req, res, next) {

    if (JSON.stringify(req.body) == "{}") {
        return res.status(400).json({ Error: "Register request body is empty" });
    }
    if (!req.body.email || !req.body.username || !req.body.password) {
        return res.status(400).json({ Error: "Missing fields for registration" });
    }

    var password = User.generateHash(req.body.password);


    User.create({
        username: req.body.username,
        email: req.body.email,
        password: password
    }).then(function () {
        return res.status(200).json({ message: "user created" });
    }).catch(function (err) {
        return res.status(400).send({ message: err.message }); // 
    }).catch(function (err) {
        return res.status(400).json({ message: "issues trying to connect to database" });
    })

});
//****************************************************End of register request **********************************/



module.exports = router;


via Cris dois
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)