-
Notifications
You must be signed in to change notification settings - Fork 7
Expand file tree
/
Copy pathindex.js
More file actions
53 lines (45 loc) · 1.85 KB
/
index.js
File metadata and controls
53 lines (45 loc) · 1.85 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
const express = require('express')
const app = express()
const port = 3000
const jwt = require("jsonwebtoken")
const fs = require('fs')
app.get('/', (req, res) => res.send('Hello World!'))
// let's first add a /secret api endpoint that we will be protecting
app.get('/secret', isAuthorized, (req, res) => {
res.json({ "message" : "THIS IS SUPER SECRET, DO NOT SHARE!" })
})
// and a /readme endpoint which will be open for the world to see
app.get('/readme', (req, res) => {
res.json({ "message" : "This is open to the world!" })
})
app.get('/jwt', (req, res) => {
let privateKey = fs.readFileSync('./private.pem', 'utf8');
let token = jwt.sign({ "body": "stuff" }, privateKey, { algorithm: 'HS256'});
res.send(token);
})
function isAuthorized(req, res, next) {
if (typeof req.headers.authorization !== "undefined") {
// retrieve the authorization header and parse out the
// JWT using the split function
let token = req.headers.authorization.split(" ")[1];
let privateKey = fs.readFileSync('./private.pem', 'utf8');
// Here we validate that the JSON Web Token is valid and has been
// created using the same private pass phrase
jwt.verify(token, privateKey, { algorithm: "HS256" }, (err, user) => {
// if there has been an error...
if (err) {
// shut them out!
res.status(500).json({ error: "Not Authorized" });
}
// if the JWT is valid, allow them to hit
// the intended endpoint
return next();
});
} else {
// No authorization header exists on the incoming
// request, return not authorized
res.status(500).json({ error: "Not Authorized" });
}
}
app.listen(port,
() => console.log(`Simple Express app listening on port ${port}!`))