lauborges · April 2, 2017 02:12
diff --git a/index.js b/index.js
 // file: index.js

 var _ = require("lodash");
 var express = require("express");
 var bodyParser = require("body-parser");
 var jwt = require('jsonwebtoken');

 var passport = require("passport");
 var passportJWT = require("passport-jwt");

 var ExtractJwt = passportJWT.ExtractJwt;
 var JwtStrategy = passportJWT.Strategy;

 var users = [
  {
    id: 1,
    name: 'jonathanmh',
    password: '%2yx4'
  },
  {
    id: 2,
    name: 'test',
    password: 'test'
  }
 ];

 var jwtOptions = {}
 jwtOptions.jwtFromRequest = ExtractJwt.fromAuthHeader();
 jwtOptions.secretOrKey = 'tasmanianDevil';

 var strategy = new JwtStrategy(jwtOptions, function(jwt_payload, next) {
  console.log('payload received', jwt_payload);
  // usually this would be a database call:
  var user = users[_.findIndex(users, {id: jwt_payload.id})];
  if (user) {
    next(null, user);
  } else {
    next(null, false);
  }
 });

 passport.use(strategy);

 var app = express();
 app.use(passport.initialize());

 // parse application/x-www-form-urlencoded
 // for easier testing with Postman or plain HTML forms
 app.use(bodyParser.urlencoded({
  extended: true
 }));

 // parse application/json
 app.use(bodyParser.json())

 app.get("/", function(req, res) {
  res.json({message: "Express is up!"});
 });

 app.post("/login", function(req, res) {
  if(req.body.name && req.body.password){
    var name = req.body.name;
    var password = req.body.password;
  }
  // usually this would be a database call:
  var user = users[_.findIndex(users, {name: name})];
  if( ! user ){
    res.status(401).json({message:"no such user found"});
  }

  if(user.password === req.body.password) {
    // from now on we'll identify the user by the id and the id is the only personalized value that goes into our token
    var payload = {id: user.id};
    var token = jwt.sign(payload, jwtOptions.secretOrKey);
    res.json({message: "ok", token: token});
  } else {
    res.status(401).json({message:"passwords did not match"});
  }
 });

 app.get("/secret", passport.authenticate('jwt', { session: false }), function(req, res){
  res.json({message: "Success! You can not see this without a token"});
 });

 app.get("/secretDebug",
  function(req, res, next){
    console.log(req.get('Authorization'));
    next();
  }, function(req, res){
    res.json("debugging");
 });

 app.listen(3000, function() {
  console.log("Express running");
 });
diff --git a/package.json b/package.json
 {
  "name": "jwt-tutorial",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "keywords": [],
  "author": "",
  "license": "ISC",
  "dependencies": {
    "body-parser": "^1.15.2",
    "express": "^4.14.0",
    "jsonwebtoken": "^7.1.9",
    "lodash": "^4.16.4",
    "passport": "^0.3.2",
    "passport-jwt": "^2.1.0"
  }
 }
	// file: index.js

	var _ = require("lodash");
	var express = require("express");
	var bodyParser = require("body-parser");
	var jwt = require('jsonwebtoken');

	var passport = require("passport");
	var passportJWT = require("passport-jwt");

	var ExtractJwt = passportJWT.ExtractJwt;
	var JwtStrategy = passportJWT.Strategy;

	var users = [
	{
	id: 1,
	name: 'jonathanmh',
	password: '%2yx4'
	},
	{
	id: 2,
	name: 'test',
	password: 'test'
	}
	];

	var jwtOptions = {}
	jwtOptions.jwtFromRequest = ExtractJwt.fromAuthHeader();
	jwtOptions.secretOrKey = 'tasmanianDevil';

	var strategy = new JwtStrategy(jwtOptions, function(jwt_payload, next) {
	console.log('payload received', jwt_payload);
	// usually this would be a database call:
	var user = users[_.findIndex(users, {id: jwt_payload.id})];
	if (user) {
	next(null, user);
	} else {
	next(null, false);
	}
	});

	passport.use(strategy);

	var app = express();
	app.use(passport.initialize());

	// parse application/x-www-form-urlencoded
	// for easier testing with Postman or plain HTML forms
	app.use(bodyParser.urlencoded({
	extended: true
	}));

	// parse application/json
	app.use(bodyParser.json())

	app.get("/", function(req, res) {
	res.json({message: "Express is up!"});
	});

	app.post("/login", function(req, res) {
	if(req.body.name && req.body.password){
	var name = req.body.name;
	var password = req.body.password;
	}
	// usually this would be a database call:
	var user = users[_.findIndex(users, {name: name})];
	if( ! user ){
	res.status(401).json({message:"no such user found"});
	}

	if(user.password === req.body.password) {
	// from now on we'll identify the user by the id and the id is the only personalized value that goes into our token
	var payload = {id: user.id};
	var token = jwt.sign(payload, jwtOptions.secretOrKey);
	res.json({message: "ok", token: token});
	} else {
	res.status(401).json({message:"passwords did not match"});
	}
	});

	app.get("/secret", passport.authenticate('jwt', { session: false }), function(req, res){
	res.json({message: "Success! You can not see this without a token"});
	});

	app.get("/secretDebug",
	function(req, res, next){
	console.log(req.get('Authorization'));
	next();
	}, function(req, res){
	res.json("debugging");
	});

	app.listen(3000, function() {
	console.log("Express running");
	});
	{
	"name": "jwt-tutorial",
	"version": "1.0.0",
	"description": "",
	"main": "index.js",
	"scripts": {
	"test": "echo \"Error: no test specified\" && exit 1"
	},
	"keywords": [],
	"author": "",
	"license": "ISC",
	"dependencies": {
	"body-parser": "^1.15.2",
	"express": "^4.14.0",
	"jsonwebtoken": "^7.1.9",
	"lodash": "^4.16.4",
	"passport": "^0.3.2",
	"passport-jwt": "^2.1.0"
	}
	}