0

Here is the git if you want to take a look at it https://github.com/Gjonathan252/Team-Salesforce.

I am in charge of creating a user db and have most of it done. What is causing me problem right now is when the user logs in, the token created, which holds the us _id is not saved. I want to be able to save that token so that I can display the user name in every html page.

auth.js

//Login
router.post('/login', async (req, res) => {
    //Validate befor use
    const { error } = loginValidation(req.body);
    if (error) return res.status(400).send(error.details[0].message);

    //CHANGE .send msg to 'Email or password is wrong' for security reasons
    //Check if email exist
    const user = await User.findOne({ email: req.body.email });
    if (!user) return res.status(400).send('Email is not found');

    //CHANGE .send msg to 'Email or password is wrong' for security reasons
    //Check if password is correct
    const validPass = await bcrypt.compare(req.body.password, user.password);
    if (!validPass) return res.status(400).send('Invalid pasword');

    //Create and assign a token
    const token = jwt.sign({ _id: user._id }, process.env.Token_SECRET);
    res.header('auth-token', token);
    if (!error) res.redirect('/public/index.html');
});

login.html

<form action="/" method="/api/user/login">
                <label for="username" id="name__pass">Username</label>
                <input type="text" id="name__passbox" name="username" placeholder="Username">
                <label for="password" id="name__pass">Password</label>
                <input type="text" id="name__passbox" name="password" placeholder="Password">
                <a href="/" class="log__button">LOGIN</a>
            </form>

Long story short, I want to save token so I can GET username from db or save username to display on all html pages. This will eventually be used to verify which user has permissions to post and manage things on the website. I really need to get this solved, which is why I am offering a reward.

Joe
  • 41,484
  • 20
  • 104
  • 125
Alpha
  • 67
  • 1
  • 5

1 Answers1

2

I would suggest you store the token in cookies and then use your middleware to access it.request.headers don't persist for an express app Some example implementations are here just make sure you use cookies rather than local storage.Add cookie-parser Add to your /routes/auth.js at the end of login:

res.cookie("auth",token);

And to your /routes/verifyToken.js:

const token = req.header('auth-token') || req.cookies.auth;

I have an link for example auth(using middleware rather than you manula addition of verify) so you can also look at it.

Girish Srivatsa
  • 323
  • 1
  • 2
  • 10
  • Thank you. This was correct but, I also forgot I needed to add POST to the login form. Had to take a step back and I noticed I wasn't getting a response anymore. At some point my team edit the login.html file and it messed up my testing. I am sure you don't want the $50 so I will donate to a charity of your choice if you want. Thank you a million – Alpha Jan 27 '21 at 21:05