I understand that there was a similar question asked to this one but it was never answered clearly (NodeJS Express Router, pass decoded object between middleware and route?).
I try to use the VerifyOrdinaryUser function as middleware in the favorites.js route. This function should create a field in the request called req.decoded containing user information. I need to access this user information in favorites.js but it shows up as undefined when I try to log it. Is there an issue regarding asynchronous code? I'm not sure how to fix this. Thank you!
Verify.js:
//verify.js
var User = require('../models/users');
var jwt = require('jsonwebtoken'); // used to create, sign, and verify tokens
var config = require('../config.js');
exports.getToken = function (user) {
return jwt.sign(user, config.secretKey, {
expiresIn: 3600
});
};
exports.verifyOrdinaryUser = function (req, res, next) {
// check header or url parameters or post parameters for token
var token = req.body.token || req.query.token || req.headers['x-access-token'];
// decode token
if (token) {
// verifies secret and checks exp
jwt.verify(token, config.secretKey, function (err, decoded) {
if (err) {
var err = new Error('You are not authenticated!');
err.status = 401;
return next(err);
} else {
// if everything is good, save to request for use in other routes
req.decoded = decoded;
req.params.id = req.decoded._doc_id;
next();
}
});
} else {
// if there is no token
// return an error
var err = new Error('No token provided!');
err.status = 403;
return next(err);
}
};
exports.verifyAdmin = function (req, res, next) {
if (req.decoded._doc.admin == false) {
next();
} else {
// if the user is not admin
// return an error
var err = new Error('You are not authorized to perform this operation!');
err.status = 403;
return next(err);
}
};
Favorites.js:
var express = require('express');
var router = express.Router();
var passport = require('passport');
var User = require('../models/users');
var Favorite = require('../models/favorites');
var Verify = require('./verify');
router.get('/', Verify.verifyOrdinaryUser, function(res, req, next){
console.log(req.decoded);
});
App.js: (not necessary to look at)
var express = require('express');
var path = require('path');
var favicon = require('serve-favicon');
var logger = require('morgan');
var cookieParser = require('cookie-parser');
var bodyParser = require('body-parser');
var mongoose = require('mongoose');
var passport = require('passport');
var LocalStrategy = require('passport-local').Strategy;
var index = require('./routes/index');
var users = require('./routes/users');
var dishes = require('./routes/dishes');
var favorites = require('./routes/favorites');
var app = express();
// view engine setup
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'jade');
// uncomment after placing your favicon in /public
//app.use(favicon(path.join(__dirname, 'public', 'favicon.ico')));
app.use(logger('dev'));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));
app.use(cookieParser());
var User = require('./models/users');
app.use(passport.initialize());
passport.use(new LocalStrategy(User.authenticate()));
passport.serializeUser(User.serializeUser());
passport.deserializeUser(User.deserializeUser());
app.use(express.static(path.join(__dirname, 'public')));
var url = 'mongodb://localhost:27017/conFusion';
mongoose.connect(url);
var db = mongoose.connection;
db.on('error', console.error.bind(console, 'connection error:'));
db.once('open', function () {
// we're connected!
console.log("Connected correctly to server");
});
app.use('/', index);
app.use('/dishes', dishes);
app.use('/users', users);
app.use('/favorites', favorites);
// catch 404 and forward to error handler
app.use(function(req, res, next) {
var err = new Error('Not Found');
err.status = 404;
next(err);
});
// error handler
app.use(function(err, req, res, next) {
// set locals, only providing error in development
res.locals.message = err.message;
res.locals.error = req.app.get('env') === 'development' ? err : {};
// render the error page
res.status(err.status || 500);
res.render('error');
});
module.exports = app;
via screvival
No comments:
Post a Comment