· 7 years ago · Apr 21, 2018, 10:54 PM
1app.post('/api/register*', function(request,response, next){
2console.log("Entered register/user function");
3registerProxy(request, response, next);});
4
5app.get('/api/users*', protected, function(request, response, next){
6console.log('Entered userinfo function');
7userInformationProxy(request,response,next);});
8
9function protected(request, response, next){
10console.log('Entered function to strip jwt');
11console.log(request.method, request.url);
12const bearerHeader = request.headers['authorization'];
13if(typeof bearerHeader !== 'undefined'){
14 console.log('JWT is present');
15 const bearer = bearerHeader.split(' ');
16 const bearerToken = bearer[1];
17 request.token = bearerToken;
18 jwt.verify(request.token, secretKey, function(error, authData){
19 if(error){
20 response
21 .status(403)
22 .json({'message': 'Forbidden'})
23 } else{
24 console.log(authData);
25 if(request.url.includes(authData.username)){
26 next();
27 } else{
28 response
29 .status(403)
30 .json({'message': 'Forbidden'})
31 }
32 }
33 });
34} else{
35 response
36 .status(403)
37 .json({'message': 'Forbidden'})
38}}
39
40app.get('/api/search', function(request, response, next){
41console.log('Entered search function');
42searchProxy(request, response,next);});