Auth
There are two ways to verify if a user is authenticated:
- Using the
passport.authenticate()method, specifying 'JWT' as the strategy in the route declaration.
Example:
app.post('/route', passport.authenticate('jwt', { session: false}), function(req, res) { });After the passport.authenticate() method is called, the user object is accessible via req.user
- Check if the request header has the JSON web token (JWT).
Example:
getToken = function (headers) {
if (headers && headers.authorization) {
var parted = headers.authorization.split(' ');
if (parted.length === 2) {
return parted[1];
} else {
return null;
}
} else {
return null;
}
};
var token = getToken(req.headers);
if (token) {
var decoded = jwt.decode(token, config.get(mongodb.secret));
}Merge request reports
Activity
Added 1 commit:
- 4e7f70a6 - update config.json.example
Added 32 commits:
-
4e7f70a6...a32c8712 - 5 commits from branch
development - d2921d7b - First raw version of a simulation model
- a6f63136 - Changed simulation to object and set locations
- 9d567436 - Extending locations and simulations...
- 4512efc1 - Changed simulation object back to mongoose schema
- 2bfdf1fb - First persistent simulation model
- 56cee352 - Changed update to methods
- 68018f8f - Minor syntax changes
- 603944fa - Merge branch 'development' into simobject_20160927
- 95a94867 - First test for simulation creation - raw
- 68b8c84c - Added test_config.json
- 6e1112e7 - More simulation testing
- 90a2f1e8 - Better simulation testing
- cd664360 - Removed location models
- fac54082 - Even more simulation tests
- bb7f77a5 - Moved config files to config folder
- 873a1406 - Config file style changed
- 006998b2 - Merge branch 'development' into simobject_20160927
- 35e17fd7 - Simulation test coverage increase
- b1185494 - Sanitization of enrollments for simulation model
- a25508e0 - Changed uggly if chain for switch statement
- 17bb3627 - More simulation testing
- ff3da334 - More simulation tests and code cleaning
- c1a18e52 - Merge branch 'development' into simobject_20160927
- f2eb044f - Merge branch 'auth' into simobject_20160927
- d4647a7f - Some extra methods previously ignored for simulations
- aa701c4a - Test fixes
- a0bebadd - Merge branch 'simobject_20160927' into auth
Toggle commit list-
4e7f70a6...a32c8712 - 5 commits from branch
Added 1 commit:
- 4753e07e - add some tests for user (wip)
Added 1 commit:
- 533557c9 - finish tests for /user route
Added 1 commit:
- bbf84d45 - small fixes on some msgs
Added 1 commit:
- 459a5c28 - change info fecthed from config.json
Added 1 commit:
- ff65ca45 - add tests for /user/authenticate
@lgl15 some points before the request can be merged:
- replace the console.log with the application logger to log errors/warnings/info
- add documentation on how to check if a user is authenticated
Another thing that also would be nice to have, perhaps on a later refactor, is to gather all rrors on an array, and display them all at once. Because now you have a middleware to check for every req.body.* field. One I way I can think of doing that is:
-
Have an array with validators (can be objects that implement a common method) where you register your validators
-
Then you just loop over the array, running each validator and appending the error messages in an error array/object
-
Once you're done, check if the errors array is empty, if it is, then all is good and return success. Otherwise report all the errors at once.
Note that this would resemble how Rails deals with validation on top of models and maybe Mongoose has native support for it or this might be the proper way to do it in Express.
Other than that, nice work!
Edited by João Victor RissoAdded 1 commit:
- 73edd413 - replace the console.log with the application logger to log errors/warnings/info
Added 1 commit:
- 434a5106 - add documentation on how to check if a user is authenticated