fEspYTHZ

1"use strict";
2
3const express = require("express");
4const cookieParser = require("cookie-parser");
5const jwt = require("jsonwebtoken");
6
7const app = express();
8app.use(cookieParser());
9
10// jwt variables
11let payload = { username: "Gustavo" };
12let secretKey = "mysecretkey";
13
14// TOPIC: middleware to verify if user is logged in
15function verifyAuth(req, res, next) {
16  const user = req.cookies.token;
17
18  if (!user) {
19    return res.send("Not logged in");
20  }
21
22  try {
23    const decoded = jwt.verify(user, secretKey);
24    req.username = decoded.username;
25    next();
26  } catch {
27    // NOTE: if expiresIn is passed to jwt.sign but no maxAge or expires is set to the cookie,
28    // token will be kept in the cookie for the rest of the session but will throw a error on jwt.verify
29    res.send("Token was tempered or expired");
30  }
31}
32
33app.get("/", verifyAuth, (req, res) => {
34  res.send(`User: ${req.username}`);
35});
36
37// TOPIC: login
38app.get("/login", (req, res) => {
39  try {
40    // NOTE: expiresIn takes seconds
41    const token = jwt.sign(payload, secretKey, { expiresIn: 30 });
42    // maxAge takes miliseconds
43    res.cookie("token", token, { maxAge: 30 * 1000 }).send("logged in");
44  } catch {
45    res.send("Error");
46  }
47});
48
49// TOPIC: logout
50app.get("/logout", (req, res) => {
51  res.clearCookie("token");
52  res.send("logged out");
53});
54
55app.listen(5500, () => console.log("!!!"));
56
57// TOPIC: to get cookies in JS at the client-side use doucment.cookie