JWT

const crypto = require("crypto-js");
const jwt = require("jsonwebtoken")

const loginUser_jwt = async(req, res) => {
    if(req.cookies.jwt) {
        console.log("token exist");
        return loginPage(req,res);
    }

    const user = await Users.findOne({name : req.body.name});
    const password = req.body.password;
    const hashPassword = crypto.SHA256(password).toString();
    if(user.password === hashPassword) {
        const token = jwt.sign({user: {id:user.id,name:user.name}},process.env.JWT_SECRET,{expiresIn: process.env.JWT_LIFETIME});
        return res.cookie("jwt",token,{ maxAge: 3600000 }).status(200).redirect("/");
    }
    return loginPage(req,res);
}


const logout_jwt = (req, res) => {
    res.clearCookie('jwt');
    return res.status(200).redirect("/");
}

module.exports = {loginUser_jwt, logout_jwt};

 

jwt.sign으로 원하는 토큰을 만들고

res.cookie로 토큰을 cookie에 넣어서

authentication을 진행 한다.

 

res.clearCookie()로 특정 쿠키를 없앤다

 

const jwt = require('jsonwebtoken');
const {unAthentication} = require('../errors');


const authenticationMiddleware = async (req, res, next) => {
    const token = req.cookies.jwt;
    
    if(typeof token == "undefined") {
        console.log("no token")
        return next();
    }
    try {
        const decoded = jwt.verify(token,process.env.JWT_SECRET)
        const {user} = decoded
        req.user = user;
        return next();

    } catch (err) {
        throw new unAthentication('not authorized to access this token',401);
    }
}

module.exports = authenticationMiddleware;

 

토큰은 jwt.verify()와 토큰을 만들때 썼던 키값으로 verify해서
authorization을 진행할 수 있다