Merge pull request #33 from Shaurya0108/feat/jwt

Added JWT. Added middleware to authorize API requests
Shaurya0108 · Oct 20, 2023 · 52fba1d · 52fba1d
2 parents 730b9e8 + 244e657
commit 52fba1d
Show file tree

Hide file tree

Showing 7 changed files with 137 additions and 18 deletions.
diff --git a/Server/package-lock.json b/Server/package-lock.json
diff --git a/Server/package.json b/Server/package.json
@@ -13,6 +13,7 @@
         "dotenv": "^16.3.1",
         "express": "^4.18.2",
         "http": "^0.0.1-security",
+        "jsonwebtoken": "^9.0.2",
         "nodemon": "^3.0.1"
     }
 }
diff --git a/Server/src/classes/Error.js b/Server/src/classes/Error.js
@@ -1,13 +1,15 @@
 export class UnauthorizedError extends Error{
-    constructor(message) {
+    constructor(message, statusCode) {
         super(message);
         this.name = 'UnauthorizedError';
+        this.statusCode = statusCode;
       }
 }
 
 export class ConflictError extends Error{
   constructor(message) {
     super(message);
-    this.name = 'ConflictError'
+    this.name = 'ConflictError';
+    this.statusCode = 409;
   }
 }
diff --git a/Server/src/classes/User.js b/Server/src/classes/User.js
@@ -21,7 +21,7 @@ export class User{
                 };
                 const user = await DB.getByPrimaryKey(params);
                 if (user) {
-                    throw new ConflictError("Username already exist");
+                    throw new ConflictError("Username already exist", 409);
                 }
                 else {
                     const params = {
@@ -72,15 +72,15 @@ export class User{
                 };
                 const user = await DB.getByPrimaryKey(params);
                 if (!user) {
-                    throw new UnauthorizedError("Not Allowed");
+                    throw new UnauthorizedError("Not Allowed", 401);
                 }
                 const res = AWS.DynamoDB.Converter.unmarshall(user);
                 const password = res.password;
                 if (await bcrypt.compare(this.password, password)){
                     resolve(res.UserId);
                 }
                 else {
-                    throw new UnauthorizedError("Not Allowed");
+                    throw new UnauthorizedError("Not Allowed", 401);
                 }
             } catch (err) {
                 console.log(err);

diff --git a/Server/src/library/auth.js b/Server/src/library/auth.js
@@ -1,12 +1,19 @@
+import { UnauthorizedError } from '../classes/Error.js';
+import dotenv from 'dotenv';
+import jwt from 'jsonwebtoken';
 
+dotenv.config();
 
 export const auth = ({authorization}, resolve, reject) => {
-    if (authorization){
-        var authorized = true
-        resolve(authorized)
-    }
-    else {
-        throw new Error('no authorization');
+    const token = authorization && authorization.split(' ')[1];
+
+    if (!token){
+        throw new UnauthorizedError("Unauthorized", 401)
     }
+    jwt.verify(token, process.env.secret_access_token, (err, user) => {
+        if (err) throw new UnauthorizedError("Forbidden", 403);
+        resolve(true);
+    })
 
-}
+}
+
diff --git a/Server/src/routes/authroutes.js b/Server/src/routes/authroutes.js
@@ -2,6 +2,10 @@ import express from 'express';
 import  {DynamoDBConnector}  from '../classes/DynamoDBConnector.js';
 import {User} from '../classes/User.js';
 import { UnauthorizedError, ConflictError } from '../classes/Error.js';
+import jwt from 'jsonwebtoken';
+import dotenv from 'dotenv';
+
+dotenv.config();
 
 var dbConnection = new DynamoDBConnector();
 
@@ -25,22 +29,27 @@ export const authroutes = () => {
             return res.status(200).json(result);
         } catch (error) {
             if (error instanceof ConflictError) {
-                return res.status(409).json({"error": error.message});
+                return res.status(error.statusCode).json({"error": error.message});
             }
             else {
                 return res.status(500).json({"error": "Internal Server Error"});
             }
         }
     });
 
-    router.get('/getUserId', async (req, res) => {
+    router.get('/login', async (req, res) => {
         try {
             var user = new User(req.body.username, req.body.password);
             let result = await user.getUserId();
-            return res.status(200).json(result);
+
+            const accessToken = jwt.sign({
+                userId: result
+            }, process.env.secret_access_token, {expiresIn: '30m'})
+
+            return res.status(200).json({accessToken: accessToken});
         } catch (error) {
             if (error instanceof UnauthorizedError) {
-                return res.status(401).json({"error": error.message});
+                return res.status(error.statusCode).json({"error": error.message});
             }
             else {
                 return res.status(500).json({"error": "Internal Server Error"});

diff --git a/Server/src/server.js b/Server/src/server.js
@@ -5,6 +5,7 @@ import * as routes from './routes/index.js';
 import {auth} from './library/auth.js';
 import AWS from 'aws-sdk'
 import dotenv from 'dotenv'
+import { UnauthorizedError } from './classes/Error.js';
 
 dotenv.config();
 
@@ -31,10 +32,15 @@ virtualTAServer.use((req, res, next)=>{
     new Promise((resolve, reject)=> {
         auth(req.headers, resolve, reject)
     }).then(authorized =>{
-
         next()
     }).catch(Error =>{
-        res.status(401).json(Error)
+        if (Error instanceof UnauthorizedError){
+            res.status(Error.statusCode).json({error: Error.message});
+        }
+        else {
+            console.log(Error);
+            res.status(500).json({error: "Internal Server Error"});
+        }
     })
 })