Scribd Logo
Upload

Welcome to Scribd!

  • Verify Token

    Uploaded by

    Huy Tống
    4 views2 pages
    This document defines functions to verify JSON web tokens (JWTs) for authentication. It includes a verifyToken function that checks for and validates a token from the request cookies. If valid, it attaches the user object to the request. There are also verifyUser and verifyAdmin functions that use verifyToken and check the user role, allowing the request to continue or returning a 401 error.

    Original Description:

    Original Title

    verifyToken

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document defines functions to verify JSON web tokens (JWTs) for authentication. It includes a verifyToken function that checks for and validates a token from the request cookies. If valid, it attaches the user object to the request. There are also verifyUser and verifyAdmin functions that use verifyToken and check the user role, allowing the request to continue or returning a 401 error.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    4 views2 pages

    Verify Token

    Uploaded by

    Huy Tống
    This document defines functions to verify JSON web tokens (JWTs) for authentication. It includes a verifyToken function that checks for and validates a token from the request cookies. If valid, it attaches the user object to the request. There are also verifyUser and verifyAdmin functions that use verifyToken and check the user role, allowing the request to continue or returning a 401 error.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    import jwt from "jsonwebtoken";

    const verifyToken = (req,res,next) =>{


    const token = req.cookies.accessToken

    if(!token){
    return res.status(401).json({success:false, message: "You're not
    authorize"})

    //neu token ton tai => verify the token


    jwt.verify(token, process.env.JWT_SECRET_KEY, (err, user) =>{
    if(err){
    return res.status(401).json({success:false, message:"token is
    invalid"})
    }

    req.user = user
    next()
    })
    }

    export const verifyUser = (req, res, next) =>{


    verifyToken(req, res, next, ()=> {
    if(req.user.id === req.params.id || req.user.role ==="user"){
    next();

    } else {
    return req.status(401).json({success: false, message: "You're not
    authenticated"});

    }
    })
    }

    export const verifyAdmin = (req, res, next) =>{


    verifyToken(req, res, next, ()=> {
    if( req.user.role ==="admin"){
    next();

    } else {
    return res.status(401).json({success: false, message: "You're not
    authorize"});
    }
    })
    }
    # JWT_SECRET_KEY =
    f4a804c2162faa99da1308457ef05d43a51bf837a4c0b91af7b26c03338de2de

    You might also like