Added middleware compatible with JWT

.gitignore

@@ -113,6 +113,7 @@ dist
 
 # testing
 /coverage
+*.rest
 
 # production
 /build

server/controllers/auth.controller.js

@@ -8,9 +8,14 @@ const jwt = require('jsonwebtoken')
 const bcrypt = require('bcryptjs')
 
 // reading the content of the private key
-const fs = require('fs');
-pathToKey = require('path').join(__dirname, '..', './config/id_rsa_priv.pem');
-const PRIV_KEY = fs.readFileSync(pathToKey, 'utf8'); //private key is used for signing the token
+// const fs = require('fs');
+// pathToKey = require('path').join(__dirname, '..', './config/id_rsa_priv.pem');
+// const PRIV_KEY = fs.readFileSync(pathToKey, 'utf8'); //private key is used for signing the token
+require('dotenv').config()
+const PRIV_KEY = process.env.PRIV_KEY;
+
+// token expiration time
+const tokenExpirationTime = "1m";
 
 /*
     This function is used to authenticate the user when he/she tries to login
@@ -38,11 +43,10 @@ const signin = async (req, res, next) => {
         if (user && (await bcrypt.compare(password, user.password))) {
             const payload = {
                 user: user,
-                iat: Date.now()
             }
             // Create token
             const token = "Bearer " + jwt.sign(
-                payload, PRIV_KEY, { expiresIn: "1d", algorithm: 'RS256' }
+                payload, PRIV_KEY, { expiresIn: tokenExpirationTime, algorithm: 'RS256' }
             );
             // send user
             res.status(200).json({ token, user });
@@ -97,11 +101,10 @@ const signup = async (req, res, next) => {
 
         const payload = {
             user: user,
-            iat: Date.now()
         }
         // Create token
         const token = "Bearer " + jwt.sign(
-            payload, PRIV_KEY, { expiresIn: "1d", algorithm: 'RS256' }
+            payload, PRIV_KEY, { expiresIn: tokenExpirationTime, algorithm: 'RS256' }
         );
         // return new user
         res.status(201).json({ token, user });

server/middlewares/auth.middleware.js

@@ -0,0 +1,40 @@
+const jwt = require("jsonwebtoken");
+
+// reading the content of the private key
+// const fs = require("fs");
+// pathToKey = require("path").join(__dirname, "..", "./config/id_rsa_priv.pem");
+// const PRIV_KEY = fs.readFileSync(pathToKey, "utf8"); //private key is used for signing the token
+require('dotenv').config()
+const PRIV_KEY = process.env.PRIV_KEY;
+
+const tokenCheck = (req, res, next) => {
+    // Get the token from the header if present
+    let getToken =
+        req.body.token ||
+        req.query.token ||
+        req.headers["authorization"] ||
+        req.headers["x-access-token"];
+
+    // If token is not present
+    if (!getToken) {
+        return res.status(403).send("A token is required for authentication");
+    }
+
+    const token = getToken.split(" ")[1]; //removing the Bearer from the token
+
+    // Verify the token
+    jwt.verify(token, PRIV_KEY, { algorithms: ["RS256"] }, (err, user) => {
+        // If token is not valid
+        if (err) {
+            return res.status(401).send(err);
+        } else {
+            // If token is valid
+            console.log("Token verified");
+            // Save the user in the request object
+            req.user = user;
+        }
+    });
+    next(); //calling next() to move to the next middleware
+};
+
+module.exports = tokenCheck;

server/models/user.models.js

@@ -1,5 +1,5 @@
 const mongoose = require("mongoose");
-import {isEmail} from "validator"
+const isEmail = require("validator/lib/isEmail");
 
 const userSchema = new mongoose.Schema({
   name: String,

server/routes/auth.routes.js

@@ -1,10 +1,15 @@
 const express = require('express');
-const router = express.Router()
+const router = express.Router();
+const authMiddleWare = require('../middlewares/auth.middleware');
 const authController = require('../controllers/auth.controller');
 
 
 router.post('/signin', authController.signin);
 
 router.post('/signup', authController.signup);
 
+router.get('/test', authMiddleWare,(req, res) => {
+    res.json(req.user);
+});
+
 module.exports = router;