DEV Community

Cover image for 65-Nodejs Course 2023: Auth: Decoupling JWT
Hasan Zohdy
Hasan Zohdy

Posted on

65-Nodejs Course 2023: Auth: Decoupling JWT

In our previous article, we'have made our first successful login, now let's decouple the JWT handler.

Decoupling JWT

Why would we do that? well, because of two main reasons, the first one is to make it accessible from everywhere in the application not in the http folder only and secondly if we wanted to change the JWT handler later, we can easily do it when it is decoupled.

Let's create a new folder called jwt in src/core/auth and create a new file called jwt.ts in it, then let's move the JWT handler from src/core/auth/registerAuthRoutes.ts to src/core/jwt/jwt.ts.

// src/core/auth/jwt.ts
import request from "core/http/request";
import { getServer } from "core/http/server";

const jwt = {
  /**
   * Generate a new JWT token for the user
   */
  async generate(payload: any, options?: any) {
    return getServer().jwt.sign(payload, options);
  },
  /**
   * Verify Current token from request which will be in the `Authorization` header
   */
  async verify() {
    return await request.baseRequest.jwtVerify();
  },
};

export default jwt;
Enter fullscreen mode Exit fullscreen mode

So basically what we did here is we created an object with tw methods, one to generate a new JWT token and the other to verify it, then we exported it, both methods are async because we are using await in the verify method.

Now let's import the JWT handler in src/core/auth/registerAuthRoutes.ts and use it instead of the old one.

// src/core/auth/registerAuthRoutes.ts
import { Response } from "core/http/response";
import { getServer } from "core/http/server";
import router from "core/router";
import jwt from "./jwt";
import AccessToken from "./models/access-token";

export default function registerAuthRoutes() {
  // get server instance
  const server = getServer();

  // now let's add a guests route in our routes to generate a guest token to our guests.
  router.post("/guests", (_request, response: Response) => {
    // use our own jwt generator to generate a token for the guest
    const token = jwt.generate({ userType: "guest" });

    AccessToken.create({
      token,
      userType: "guest",
    });

    return response.send({
      accessToken: token,
      userType: "guest",
    });
  });

  // now let's add an event to validate the request token
  server.addHook("onRequest", async (request, reply) => {
    if (request.url === "/guests") return;

    try {
      // use our own jwt verify to verify the token
      await jwt.verify();
    } catch (err) {
      reply.status(401).send({
        error: "Unauthorized: Invalid Access Token",
      });
    }
  });
}
Enter fullscreen mode Exit fullscreen mode

Now what remains is that we need to create the current user function which returns the current user model, which can be an instance of Guest model or User model and so on.

This is what we're going to do in our next chapter.

🎨 Conclusion

In this chapter, we've decoupled the JWT handler, so we can use it from everywhere in the application.

🚀 Project Repository

You can find the latest updates of this project on Github

😍 Join our community

Join our community on Discord to get help and support (Node Js 2023 Channel).

🎞️ Video Course (Arabic Voice)

If you want to learn this course in video format, you can find it on Youtube, the course is in Arabic language.

📚 Bonus Content 📚

You may have a look at these articles, it will definitely boost your knowledge and productivity.

General Topics

Packages & Libraries

React Js Packages

Courses (Articles)

Top comments (0)