|
|
|
|
@ -170,33 +170,77 @@ app.post('/token', function(req, res) {
|
|
|
|
|
}); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Restricted route
|
|
|
|
|
// Restricted route root
|
|
|
|
|
const restrictedRoutes = express.Router(); |
|
|
|
|
app.use('/restricted', restrictedRoutes); |
|
|
|
|
|
|
|
|
|
restrictedRoutes.use((req, res) => { |
|
|
|
|
if (req.headers['token']) { |
|
|
|
|
jwt.verify(req.headers['token'], secret), (err, decoded) => { |
|
|
|
|
restrictedRoutes.use(function (req, res, next) { |
|
|
|
|
let sentToken = req.headers['token']; |
|
|
|
|
if (sentToken) { |
|
|
|
|
jwt.verify(sentToken, secret, function (err, decoded) { |
|
|
|
|
if (err) { |
|
|
|
|
return res.json({ message: 'invalid token' }); |
|
|
|
|
} else { |
|
|
|
|
req.decoded = decoded; |
|
|
|
|
console.log(decoded); |
|
|
|
|
next(); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
}); |
|
|
|
|
} else { |
|
|
|
|
res.status(500).send('no token found'); |
|
|
|
|
} |
|
|
|
|
res.status(500).send({ message: 'no token found' }); |
|
|
|
|
}; |
|
|
|
|
}); |
|
|
|
|
|
|
|
|
|
// // Restricted route root stupid
|
|
|
|
|
// const restrictedRoutes = express.Router();
|
|
|
|
|
// app.use('/restricted', restrictedRoutes);
|
|
|
|
|
|
|
|
|
|
// restrictedRoutes.use( function(req, res, next){
|
|
|
|
|
// let sentToken = req.headers['token'];
|
|
|
|
|
// console.log('hello there, do not mind me.');
|
|
|
|
|
// console.log('next line will show the JWT token:');
|
|
|
|
|
// console.log(sentToken);
|
|
|
|
|
// console.log('okay, so, next line will show the decoded JWT token:');
|
|
|
|
|
// let decodedToken = jwt.decode(sentToken);
|
|
|
|
|
// console.log(decodedToken);
|
|
|
|
|
// console.log('yay, so now I am going to verify it and show again the decoded token if successful.');
|
|
|
|
|
// console.log('if NOT successful I will not let you see the secret message');
|
|
|
|
|
// console.log('here we go...');
|
|
|
|
|
// let verifiedToken = jwt.verify(sentToken, secret);
|
|
|
|
|
// console.log(verifiedToken);
|
|
|
|
|
// if (verifiedToken) {
|
|
|
|
|
// console.log('success! secret message will be shown.');
|
|
|
|
|
// next();
|
|
|
|
|
// } else {
|
|
|
|
|
// res.status(401).json({message: 'nope, you are not authorized'});
|
|
|
|
|
// }
|
|
|
|
|
// });
|
|
|
|
|
|
|
|
|
|
// Restricted endpoint
|
|
|
|
|
restrictedRoutes.get('/restricted', (req, res) => { |
|
|
|
|
res.json([{secret:'you can see this message if you have access'}]) |
|
|
|
|
restrictedRoutes.get('/access', (req, res) => { |
|
|
|
|
res.status(200).json([{secret:'you can see this message if you have access'}]) |
|
|
|
|
}); |
|
|
|
|
|
|
|
|
|
// Restricted route root test (KISS)
|
|
|
|
|
const router = express.Router(); |
|
|
|
|
app.use('/api', router); |
|
|
|
|
|
|
|
|
|
router.use( function(req, res, next){ |
|
|
|
|
console.log('yo, this should always be called whenever /api or anything inside is called'); |
|
|
|
|
next(); |
|
|
|
|
}); |
|
|
|
|
|
|
|
|
|
// Restricted route endpoint test (KISS)
|
|
|
|
|
router.get('/inside', (req, res) => { |
|
|
|
|
console.log('I am inside /api, hopefully'); |
|
|
|
|
res.status(200).json({message: 'it worked'}); |
|
|
|
|
}) |
|
|
|
|
|
|
|
|
|
// JWT decode test
|
|
|
|
|
app.get('/decode', function(req, res){ |
|
|
|
|
if (req.headers['token']) { |
|
|
|
|
var decode = jwt.verify(req.headers['token'], secret); |
|
|
|
|
let sentToken = req.headers['token']; |
|
|
|
|
if (sentToken) { |
|
|
|
|
var decode = jwt.verify(sentToken, secret); |
|
|
|
|
console.log(decode); |
|
|
|
|
res.status(200).send('success'); |
|
|
|
|
} |
|
|
|
|
|
