What steps should I take to create code that can generate a JWT token for user authentication and authorization?

Question

What steps should I take to create code that can generate a JWT token for user authentication and authorization?

I'm struggling to get this working. I have a dilemma with two files: permissionCtrl.js and tokenCtrl.js. My tech stack includes nJWT, Node.js/Express.js, Sequelize & Postgres.

The permission file contains a function called hasPermission that is linked to the token file. This function is supposed to verify the token generated in the token file and return either a successful result callback or a 403 response with messages provided below. If successful, it will allow the user access to a secure route based on their role and access level. Please note that the tokenCtrl.hasPermission.js is imported into this file.

hasPermission.js

exports.hasPermission = (req, res, permission, success) => {
  const token = req.get('Authorization');
  const hasPermission = tokenCtrl.hasPermission(token, permission); //throws an error here
  console.log('permission', permission);
  if (hasPermission) {
    return success();
  } else {
    res.status(403);
    return res.json({
      error: {
        status: 403,
        message: 'Unauthorized',
      },
    });
  }
};

tokenCtrl.js

const nJwt = require('njwt');
const secureRandom = require('secure-random');
const signingKey = secureRandom(512, {type: 'Buffer'}); // Generates a highly random byte array of 256 bytes
const base64SigningKey = signingKey.toString('base64');

const claims = {
  iss: "mysite.com",  
  sub: "users/user1234",    
  scope: "user, admins"
};

module.exports = {

  getToken: (claims, signingKey) => {
    const jwt = nJwt.create(claims, signingKey, 'HS512');
    console.log(jwt);
    const token = jwt.compact();
     console.log("Token :" + token);
    return (token);
},

    validateToken: (token, signingKey) => {
      nJwt.verify(token, signingKey, 'HS512', function(err, verifiedJwt){
        if(err){
          console.log(err); 
        }else{
          console.log(verifiedJwt);
        }
        return (verifiedJwt);
      });
  },

  token_post: (req, res) => {
  res.send(this.validateToken(req.header.Authorization, signingKey));
},

getSecret: () => {
  const secret = require('../config/secret.json').secret;
  console.log('secret', secret);
  return secret;
},

hasPermission: (token, resource) => {
  const result = this.validateToken(token, signingKey); 
  console.log(result);
  if (result.name === 'JsonWebTokenError') {
    return false;
  } else if (result.permissions) {
    let permissionSet = new Set(result.permissions);
    console.log('permissions in token', JSON.stringify(permissionSet));
    return permissionSet.has(resource);
  } else {
    return false;
  }
}

}

ERRORS

Error occurs at this line: 'this.validateToken not a function' as indicated in the code comment.
Error occurs at this line: 'tokenCtrl.hasPermission not a function' as shown in the code comment.

IMPORTANT: The getSecret function in the tokenCtrl file is utilized by other files.

javascript node.js express jwt

Answer 1

Answer №1

Your code is encountering issues with how this behaves in arrow functions. Previously, functions would create a new empty this in their inner scope; however, in arrow functions, this is bound to the enclosing scope. Since you are declaring the function inside the exports object, you might expect this to bind to the enclosing object, but it does not.

A solution would be to declare your functions first and then add them to your exports afterwards. This way, you can avoid using this and simply call your validateToken function.

const validateToken = (token, signingKey) => {
      nJwt.verify(token, signingKey, 'HS512', function(err, verifiedJwt){
        if(err){
          console.log(err); // Token has expired, has been tampered with, etc
        }else{
          console.log(verifiedJwt); // Will contain the header and body
        }
        return (verifiedJwt);
      });
  };

const hasPermission = (token, resource) => {
  const result = validateToken(token, signingKey); //this.validateToken not a function error here
  console.log(result);
  if (result.name === 'JsonWebTokenError') {
    return false;
  } else if (result.permissions) {
    let permissionSet = new Set(result.permissions);
    console.log('permissions in token', JSON.stringify(permissionSet));
    return permissionSet.has(resource);
  } else {
    return false;
  }
};

module.exports = {
  vaildiateToken,
  hasPermission
}

Answer 2

Your code is encountering issues with how this behaves in arrow functions. Previously, functions would create a new empty this in their inner scope; however, in arrow functions, this is bound to the enclosing scope. Since you are declaring the function inside the exports object, you might expect this to bind to the enclosing object, but it does not.

A solution would be to declare your functions first and then add them to your exports afterwards. This way, you can avoid using this and simply call your validateToken function.

const validateToken = (token, signingKey) => {
      nJwt.verify(token, signingKey, 'HS512', function(err, verifiedJwt){
        if(err){
          console.log(err); // Token has expired, has been tampered with, etc
        }else{
          console.log(verifiedJwt); // Will contain the header and body
        }
        return (verifiedJwt);
      });
  };

const hasPermission = (token, resource) => {
  const result = validateToken(token, signingKey); //this.validateToken not a function error here
  console.log(result);
  if (result.name === 'JsonWebTokenError') {
    return false;
  } else if (result.permissions) {
    let permissionSet = new Set(result.permissions);
    console.log('permissions in token', JSON.stringify(permissionSet));
    return permissionSet.has(resource);
  } else {
    return false;
  }
};

module.exports = {
  vaildiateToken,
  hasPermission
}

What steps should I take to create code that can generate a JWT token for user authentication and authorization?

Answer №1

Similar questions

a function that is not returning a boolean value, but rather returning

React components need to refresh after fetching data from an API

can you explain which documents outline the parameters that are passed into the express app.METHOD callback function?

Is it possible to continuously divide or multiply numbers by 2 without encountering any rounding errors when working with floating point numbers?

What is the best way to switch between light and dark themes with the ability to locally store the current theme?

Vue.js is like the modern version of jquery-cron

Tips for automatically filling in fields when a button is clicked in a React application

What are some effective methods for concealing API request payloads in a web browser?

How can I retrieve the width of a responsive React element during its initial rendering phase?

Develop a Modal Form using Bootstrap (HTML)

Is there a way to make my code on Google Sheets work across multiple tabs?

Use JQuery's $ajax to exclusively retrieve items that have a date prior to the current date

What is the best way to enable a DOM element's height to be resized?

Mapping an array using getServerSideProps in NextJS - the ultimate guide!

What is the best way to locate a member using a particular nickname?

What steps do I need to take in order to transform this code into a MUI component complete with

Encountering a problem while trying to execute npm run serve on a newly created Vue-CLI project

Overabundance of Recursive Calls in Node.js Project Dependencies

Error received on Node.js controller when calling Jquery getJSON from Ajax form

Optimal approach for organizing code in Sails.js (Node.js) applications