Required packages
- jsonwebtokens
- passport
- passport-jwt
Import packages at root app.js
const passport= require("passport");
Initialize passport package
app.use(passport.initialize());
Use at routes
const JwtStrategy=require("passport-jwt").Strategy;
const ExtractJwt=require("passport-jwt").ExtractJwt;
const jwt=require("jsonwebtoken");
const passport = require('passport');
const options={
jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
secretOrKey:'ctalmora'
};
passport.use(new JwtStrategy(options, async function(jwt_payload, done){
const client=await clientPromise;
const db=client.db("react");
const user =await db.collection("users").findOne({_id: new ObjectId(jwt_payload.sub)});
if(!user){
return done("something wrong", false);
}
if(user){
return done(null, user);
}
else{
return done(null, false);
}
}));
router.get("/login", async (req, res)=>{
const client= await clientPromise;
const db=client.db("react");
const user= await db.collection("users").find({email:req.body.email}).toArray();
if(user.length>0){
const token= jwt.sign({sub: user[0]._id}, 'ctalmora');
res.json({token: token});
}
});
router.get("/profile", passport.authenticate('jwt', {session: false}), async(req, res)=>{
console.log(req.user);
res.send("verified");
});
Use at client
import axios from 'axios';
const token = 'your JWT token here';
axios.get('https://example.com/api/data', {
headers: {
'Authorization': `Bearer ${token}`
}
})
.then(response => {
console.log(response.data);
})
.catch(error => {
console.error(error);
});
Create private routes for admin only.
const isAdmin=(req, res, next)=>{
const user=req.user;
if(!user || user.role !== "admin"){
return res.status(403).json({message:'Access denied.'});
}
next();
}
}
use this middleware at private admin routes
router.get("/admin", passport.authenticate('jwt', {session: false}), isAdmin, function(req, res)=>{
res.send("Hello admin");
});
