CODEWITHSUNDEEP
javascriptnode.jsrest
Adha_setiawan
Adha_setiawan

Reputation: 27

How do I set role in Node JS JWT Authentication?

I'm really new with Node JS and now I'm learning about how to use JWT Authentication in my Rest API I already make token generator in my login function but when I try to verify the token with setting up some role where if the role equal 2 I could get a data. And now I having trouble because I can't verify my token

Log in:

exports.login = function(req, res){
    var post = {
        email : req.body.email,
        password : req.body.password
    }

    var query = "SELECT * FROM ?? WHERE ?? = ? AND ?? = ?";
    var table = ["user", "password", md5(post.password), "email",post.email];

    query = mysql.format(query,table);

    connection.query(query, function(error, rows){
        if(error){
            console.log(error);
        }else{
            if (rows.length == 1){
                //ini 1440 dalam second
                var token = jwt.sign({rows}, config.secret);
                id_user = rows[0].id;
                username = rows[0].username;
                email = rows[0].email;
                tanggal_daftar = rows[0].tanggal_daftar;
                role = rows[0].role;

                var data = {
                    id_user : id_user,
                    access_token : token,
                    username : username,
                    email : email,
                    tanggal_daftar : tanggal_daftar,
                    role : role,
                    ip_address : ip.address()
                }

                res.json({
                     success : true,
                     message : "Token JWT generate",
                     token : token,
                     idUser: data.id_user,
                     username : username,
                     email : data.email,
                     tanggal_daftar : tanggal_daftar,
                     role : data.role
                    });

            }else{
                 res.json({"Error": true, "Message":"Email atau password anda salah"});
            }
        }
    });
}

Token check:

const jwt = require('jsonwebtoken');
const config = require('../config/secret');

function verifikasi(role){
    return function (req, rest, next){
    // var role = req.body.role;
        //cek authorization header
        var tokenWithBearer = req.headers.authorization;
        if(tokenWithBearer){
            var token = tokenWithBearer.split(' ')[1];
            //verifikasi
            jwt.verify(token, config.secret, function(err, decoded){
                if(err){
                    return rest.status(401).send({auth:false, message:"Token tidak terdaftar!"});
                }else{
                    if(role == 2){
                        req.auth = decoded;
                        next();
                    }else{
                        return rest.status(401).send({auth:false, message:"gagal melakukan otorisasi!"});
                    }
                }
            });
        }else{
            return rest.status(401).send({auth:false, message:"Token tidak tersedia!"});
        }
    }
}

module.exports = verifikasi;

Index:

// alamat dengan otoritas khusus
router.get('/api/v1/rahasia', verifikasi(), auth.halamanrahasia);

Upvotes: 1

Views: 1101

Answers (1)

Nguyễn Tây Trung
Nguyễn Tây Trung

Reputation: 136

There's an error in your if(role == 2) you should change it to (decoded.role == 2)

Edit: change if(role == 2) to if(decoded.rows.role == 2)

Upvotes: 1

Related Questions