Sunday, 21 May 2017

Segregation of multiple routes for pages and Apis with JWT using Express in Node.js

Is there any way by which i could segregate my multi Modules Api(S) like employees Api and its page redirection and customer Api and its page redirection etc ! Since currently what i am doing is

var employees = require('./routes/employees');
app.use('/employees', isAuth, employees);

My JWT Part look like this

    function isAuth(req, res, next) {
        var token = req.body.token || req.param('token') || req.headers['x-access-token'];

    if (token != undefined) {

        // decode token
        if (token) {

            // verifies secret and checks exp
            jwt.verify(token, app.get('superSecret'), function(err, decoded) {
                if (err) {
                    return res.json({
                        success: false,
                        message: 'Failed to authenticate token.'
                    });
                } else {
                    // if everything is good, save to request for use in other routes
                    req.decoded = decoded;
                    next();
                }
            });

        } else {

            // if there is no token
            // return an error
            return res.status(403).send({
                success: false,
                message: 'No token provided.'
            })

        }
    } else {
//check whether request is api or normal request !
        var string = req.url,
            substring = "api";
        if (string.indexOf(substring) !== -1) {
            res.status(403).send({
                success: false,
                message: 'No token provided.'
            })
        } else {
          //check whether request is authenticated or not !
            if (req.isAuthenticated())
                return next();
            /* res.status(401).json({authenticated: false});*/
            res.redirect('/login');
        }




    }



}

Any recommendation, improvements how to improve on same BOTH for

  1. separate routes of page redirection and apis much like in phoenixframework of elixir
  2. jwt api routes authentications without current overcomplications !.

here is my phoenix framework of elixir with simple api and page level segregation not with jwt

defmodule HelloPhoenix.Router do
  use HelloPhoenix.Web, :router

  pipeline :browser do
    plug :accepts, ["html"]
    plug :fetch_session
    plug :fetch_flash
    plug :protect_from_forgery
    plug :put_secure_browser_headers
  end

  pipeline :api do
    plug :accepts, ["json"]
  end

  scope "/", HelloPhoenix do
    pipe_through :browser # Use the default browser stack
    get "/", PageController, :index
  end

  # Other scopes may use custom stacks.
   scope "/api", HelloPhoenix do
    pipe_through :api
   # resources "/users", UserController, except: [:new, :edit]
    resources "/users", UserController do
    post "/filterbackend", UserController,:filterbackend
    post "/bulkcreate", UserController,:bulkcreate
    post "/testpost", UserController,:testpost
    post "/filterRecordset", UserController,:filterRecordset
   end
   end
end


via Rizwan Patel
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)