jsheridanwells/Json-Server-w-Auth-SETUP.md

## Json-Server-w-Auth-SETUP.md

      
    Raw
  

              Json-Server-w-Auth-SETUP.md
            
          
Create public and private RSA keys (public.key, private.key). Generate them here.
npm install --save-dev jsonwebtokens json-server faker
create users.json with at least email and password for a fake user.
Add these to package.json (assumes code is in a directory called api):

    "api-noAuth": "node_modules/.bin/json-server api/seed.js",
    "api-auth": "node ./api/server.js",
    "api-seed": "node ./api/seed.js > api/db.json"

npm run api-seed will create db.json, npm run api-noAuth is just the api npm run api-auth will create and require tokens.


## seed.js
const faker = require('faker');

const seed = () => {
    let data = {
        teachers: [],
        students: [],
        tickets:[]
    };

    // generate 10 teachers
    for (let i = 0; i < 10; i++){
        data.teachers.push({
            email: faker.internet.email(),
            password: faker.internet.password(8, 1),
            name: faker.name.findName(),
            id: i + 1
        });
    }

    // generate 200 students
    for (let i = 0; i < 200; i++){
        data.students.push({
            name: faker.name.findName(),
            dob: faker.date.past(10),
            points: faker.random.number({min:5, max:100}),
            id: i + 1
        });
    }

    // generate 2000 tickets
    for (let i = 0; i < 2000; i++){
        data.tickets.push({
            student_id: faker.random.number({ min: 1, max: 200 }),
            teacher_id: faker.random.number({ min: 1, max: 10 }),
            datetime: faker.date.recent(),
            reason: faker.lorem.sentence(8),
            id: i + 1
        });
    }

    // return data;
    console.log(JSON.stringify(data));
};

// module.exports = seed;
seed();

## server.js
const fs = require('fs');
const bodyParser = require('body-parser');
const jsonServer = require('json-server');
const jwt = require('jsonwebtoken');
const tokenHelper = require('./tokenHelper');

const server = jsonServer.create();
const router = jsonServer.router('./api/db.json');
const userdb = JSON.parse(fs.readFileSync('./api/users.json', 'UTF-8'));

server.use(bodyParser.urlencoded({extended: true}));
server.use(bodyParser.json());

const isAuth = ({ email, password }) => {
    let authStatus = userdb.users.findIndex(u => u.email === email && u.password === password);
    return authStatus !== -1;
};

server.post('/auth/login', (req, res) => {
    const {email, password} = req.body
    if (!isAuth({ email, password })) {
        const status = 401;
        const message = 'Incorrect email or password';
        res.status(status).json({status, message});
        return;
    }
    const access_token = tokenHelper.sign({ email, password });
    res.status(200).json({ access_token });
});

server.use(/^(?!\/auth).*$/, (req, res, next) => {
    let token = '';

    if (req.headers.authorization === undefined || req.headers.authorization.split(' ')[0] !== 'Bearer'){
        const status = 401;
        const msg = 'Bad authorization header';
        res.status(status).json({ status, msg });
        return;
    }

    if (req.headers.authorization.split(' ')[1].length > 0)
        token = req.headers.authorization.split(' ')[1];

    try {
        if (tokenHelper.verify(token)) {
            next();
        } else {
            const status = 401;
            const msg = 'You are not authorized';
            res.status(status).json({ status, msg });
        };
    }
    catch (e) {
        const status = 401;
        const message = 'Auth token is not valid';
        res.status(status).json({status, message});
    }
});

server.use(router);

server.listen(3000, () => {
  console.log('Running the api server with auth');
});

## tokenHelper.js
const fs = require('fs');
const jwt = require('jsonwebtoken');

const privateKey = fs.readFileSync('./api/private.key', 'utf8');
const publicKey = fs.readFileSync('./api/public.key', 'utf8');

module.exports = {
    sign: payload => {
        let options = {
            expiresIn: '30d',
            algorithm: 'RS256'
        };

        let token = jwt.sign(payload, privateKey, options);

        return token;
    },

    verify: token => {
        let options = {
            expiresIn: '30d',
            algorithm: ['RS256']
        };

        try {
            return jwt.verify(token, publicKey, options);
        }
        catch (e) {
            return false;
        }
    },

    decode: token => jwt.decode(token, { complete: true })
};
	const faker = require('faker');

	const seed = () => {
	let data = {
	teachers: [],
	students: [],
	tickets:[]
	};

	// generate 10 teachers
	for (let i = 0; i < 10; i++){
	data.teachers.push({
	email: faker.internet.email(),
	password: faker.internet.password(8, 1),
	name: faker.name.findName(),
	id: i + 1
	});
	}

	// generate 200 students
	for (let i = 0; i < 200; i++){
	data.students.push({
	name: faker.name.findName(),
	dob: faker.date.past(10),
	points: faker.random.number({min:5, max:100}),
	id: i + 1
	});
	}

	// generate 2000 tickets
	for (let i = 0; i < 2000; i++){
	data.tickets.push({
	student_id: faker.random.number({ min: 1, max: 200 }),
	teacher_id: faker.random.number({ min: 1, max: 10 }),
	datetime: faker.date.recent(),
	reason: faker.lorem.sentence(8),
	id: i + 1
	});
	}

	// return data;
	console.log(JSON.stringify(data));
	};

	// module.exports = seed;
	seed();
	const fs = require('fs');
	const bodyParser = require('body-parser');
	const jsonServer = require('json-server');
	const jwt = require('jsonwebtoken');
	const tokenHelper = require('./tokenHelper');

	const server = jsonServer.create();
	const router = jsonServer.router('./api/db.json');
	const userdb = JSON.parse(fs.readFileSync('./api/users.json', 'UTF-8'));

	server.use(bodyParser.urlencoded({extended: true}));
	server.use(bodyParser.json());

	const isAuth = ({ email, password }) => {
	let authStatus = userdb.users.findIndex(u => u.email === email && u.password === password);
	return authStatus !== -1;
	};

	server.post('/auth/login', (req, res) => {
	const {email, password} = req.body
	if (!isAuth({ email, password })) {
	const status = 401;
	const message = 'Incorrect email or password';
	res.status(status).json({status, message});
	return;
	}
	const access_token = tokenHelper.sign({ email, password });
	res.status(200).json({ access_token });
	});

	server.use(/^(?!\/auth).*$/, (req, res, next) => {
	let token = '';

	if (req.headers.authorization === undefined \|\| req.headers.authorization.split(' ')[0] !== 'Bearer'){
	const status = 401;
	const msg = 'Bad authorization header';
	res.status(status).json({ status, msg });
	return;
	}

	if (req.headers.authorization.split(' ')[1].length > 0)
	token = req.headers.authorization.split(' ')[1];

	try {
	if (tokenHelper.verify(token)) {
	next();
	} else {
	const status = 401;
	const msg = 'You are not authorized';
	res.status(status).json({ status, msg });
	};
	}
	catch (e) {
	const status = 401;
	const message = 'Auth token is not valid';
	res.status(status).json({status, message});
	}
	});

	server.use(router);

	server.listen(3000, () => {
	console.log('Running the api server with auth');
	});
	const fs = require('fs');
	const jwt = require('jsonwebtoken');

	const privateKey = fs.readFileSync('./api/private.key', 'utf8');
	const publicKey = fs.readFileSync('./api/public.key', 'utf8');

	module.exports = {
	sign: payload => {
	let options = {
	expiresIn: '30d',
	algorithm: 'RS256'
	};

	let token = jwt.sign(payload, privateKey, options);

	return token;
	},

	verify: token => {
	let options = {
	expiresIn: '30d',
	algorithm: ['RS256']
	};

	try {
	return jwt.verify(token, publicKey, options);
	}
	catch (e) {
	return false;
	}
	},

	decode: token => jwt.decode(token, { complete: true })
	};