Skip to content
Snippets Groups Projects
Commit 434a5106 authored by Lucas Gabriel Lima's avatar Lucas Gabriel Lima
Browse files

add documentation on how to check if a user is authenticated

parent 73edd413
No related branches found
No related tags found
2 merge requests!116Release v1.0.0,!25Auth
Pipeline #
......@@ -9,7 +9,7 @@ module.exports = function(passport){
opts.jwtFromRequest = ExtractJwt.fromAuthHeader();
opts.secretOrKey = config.get('mongodb:secret');
passport.use(new JwtStrategy(opts, function(jwt_payload, done){
User.find({id: jwt_payload.id}, function(err, user){
User.find({email: jwt_payload.email}, function(err, user){
if (err) {
return done(err);
}
......@@ -22,3 +22,29 @@ module.exports = function(passport){
});
}));
};
/* To check if a user has access to a route, one must use passport.authenticate() specifying 'JWT' as the strategy in the route declaration, like so:
app.post('/route', passport.authenticate('jwt', { session: false}), function(req, res) { });
the user object is then accessible via req.user
----
Another way to check if a user is authenticated, is to check the request header for the json web token, like so:
getToken = function (headers) {
if (headers && headers.authorization) {
var parted = headers.authorization.split(' ');
if (parted.length === 2) {
return parted[1];
} else {
return null;
}
} else {
return null;
}
};
var token = getToken(req.headers);
if (token) {
var decoded = jwt.decode(token, config.get(mongodb.secret));
}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment