luishrd/User.js

## data.json
{
	"username": "peregrin",
	"password": "took"
}

## middleware.js
const express = require('express');
const morgan = require('morgan');
const helmet = require('helmet');
const cors = require('cors');

module.exports = function(server) {
  server.use(helmet());
  server.use(morgan('dev'));
  server.use(express.json());
  server.use(cors());
};

## package.json
{
  "name": "jwtting",
  "version": "1.0.0",
  "description": "",
  "main": "server.js",
  "scripts": {
    "start": "nodemon server.js"
  },
  "keywords": [],
  "author": "",
  "license": "ISC",
  "devDependencies": {
    "nodemon": "^1.17.3"
  },
  "dependencies": {
    "bcrypt": "^2.0.0",
    "cors": "^2.8.4",
    "express": "^4.16.3",
    "helmet": "^3.12.0",
    "jsonwebtoken": "^8.2.1",
    "mongoose": "^5.0.15",
    "morgan": "^1.9.0",
    "passport": "^0.4.0",
    "passport-jwt": "^4.0.0",
    "passport-local": "^1.0.0"
  }
}

## routes.js
const jwt = require('jsonwebtoken');
const passport = require('passport');
const LocalStrategy = require('passport-local');
const User = require('../users/User');
const secret = 'no size limit on tokens';

const { ExtractJwt } = require('passport-jwt');
const JwtStrategy = require('passport-jwt').Strategy;

// { usernameField: email }
const localStrategy = new LocalStrategy(function(username, password, done) {
  User.findOne({ username }, function(err, user) {
    if (err) {
      done(err);
    }
    if (!user) {
      done(null, false);
    }
    user.verifyPassword(password, function(err, isValid) {
      if (err) {
        return done(err);
      }
      if (isValid) {
        const { _id, username, race } = user;
        return done(null, { _id, username, race }); // placed on req.user
      }
      return done(null, false);
    });
  });
});
const jwtOptions = {
  jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
  secretOrKey: secret,
};
const jwtStrategy = new JwtStrategy(jwtOptions, function(payload, done) {
  User.findById(payload.sub)
    .select('-password')
    .then(user => {
      if (user) {
        done(null, user);
      } else {
        done(null, false);
      }
    })
    .catch(err => {
      return done(err, false);
    });
});
passport.use(localStrategy);
passport.use(jwtStrategy); // new line
const authenticate = passport.authenticate('local', { session: false });
const protected = passport.authenticate('jwt', { session: false }); // new line
module.exports = function(server) {
  server.get('/api/hobbits', protected, (req, res) => {
    User.find({ race: 'hobbit' })
      .select('-password')
      .then(hobbits => {
        res.json(hobbits);
      })
      .catch(err => {
        res.status(500).json(err);
      });
  });

  server.post('/api/login', authenticate, (req, res) => {
    res.json({ token: makeToken(req.user), user: req.user });
  });

  // sanity check route
  server.get('/', function(req, res) {
    res.send({ api: 'up and running' });
  });

  server.post('/api/register', function(req, res) {
    const credentials = req.body;

    // add a pre('save') hook to the User schema
    // that will hash the password before
    // persisting the user to the database
    const user = new User(credentials);
    user.save().then(inserted => {
      const token = makeToken(inserted);

      res.status(201).json({ token });
    });
  });
};

function makeToken(user) {
  // sub: subject (id) who the token is about
  // iat: issued at time
  const timestamp = new Date().getTime();
  const payload = {
    sub: user._id,
    iat: timestamp,
    username: user.username,
    race: user.race,
  };
  const options = { expiresIn: '4h' };

  return jwt.sign(payload, secret, options);
}

## server.js
const express = require('express');
const mongoose = require('mongoose');

const server = express();

const setupMiddleware = require('./setup/middleware')(server);
const setupRoutes = require('./setup/routes')(server);
// alternatively we can do this in two steps like so:
// we first import the module
// const setupMiddleware = require('./setup/middleware');
// then execute it passing the server instance
// setupMiddleware(server);

mongoose
  .connect('mongodb://localhost/auth')
  .then(cnn => {
    console.log('\n=== connected to mongo ===\n');
  })
  .catch(err => {
    console.log('\n=== ERROR connecting to mongo ===\n');
  });

server.listen(5000, () => console.log('\n=== API on port 5k ===\n'));

## User.js
const mongoose = require('mongoose');
const bcrypt = require('bcrypt');

const userSchema = new mongoose.Schema({
  username: {
    type: String,
    required: true,
    unique: true,
    lowercase: true,
    // normalize all users to lowercase
    // helps later when making queries
  },
  password: {
    type: String,
    required: true,
    minlength: 4, // make this at least 10 or 12
    // in a production application
  },
  race: {
    type: String,
    required: true,
  },
});

userSchema.pre('save', function(next) {
  // const user = this; // scope is the document
  // you need to do this if the function passed to
  // then is a regular function, not an arrow
  // function to make sure the binding of this
  // is correct. See code below.
  // bcrypt.hash(this.password, 10).then(function(hash) {

  bcrypt.hash(this.password, 10).then(hash => {
    // different scope if using function(hash)
    // same document scope if using arrow function
    this.password = hash;

    next();
  });
});

userSchema.methods.verifyPassword = function(guess, callback) {
  bcrypt.compare(guess, this.password, function(err, isValid) {
    if (err) {
      return callback(err);
    }

    // here there was no error
    callback(null, isValid);
  });
};

module.exports = mongoose.model('User', userSchema, 'users');
	const express = require('express');
	const morgan = require('morgan');
	const helmet = require('helmet');
	const cors = require('cors');

	module.exports = function(server) {
	server.use(helmet());
	server.use(morgan('dev'));
	server.use(express.json());
	server.use(cors());
	};
	{
	"name": "jwtting",
	"version": "1.0.0",
	"description": "",
	"main": "server.js",
	"scripts": {
	"start": "nodemon server.js"
	},
	"keywords": [],
	"author": "",
	"license": "ISC",
	"devDependencies": {
	"nodemon": "^1.17.3"
	},
	"dependencies": {
	"bcrypt": "^2.0.0",
	"cors": "^2.8.4",
	"express": "^4.16.3",
	"helmet": "^3.12.0",
	"jsonwebtoken": "^8.2.1",
	"mongoose": "^5.0.15",
	"morgan": "^1.9.0",
	"passport": "^0.4.0",
	"passport-jwt": "^4.0.0",
	"passport-local": "^1.0.0"
	}
	}
	const jwt = require('jsonwebtoken');
	const passport = require('passport');
	const LocalStrategy = require('passport-local');
	const User = require('../users/User');
	const secret = 'no size limit on tokens';

	const { ExtractJwt } = require('passport-jwt');
	const JwtStrategy = require('passport-jwt').Strategy;

	// { usernameField: email }
	const localStrategy = new LocalStrategy(function(username, password, done) {
	User.findOne({ username }, function(err, user) {
	if (err) {
	done(err);
	}
	if (!user) {
	done(null, false);
	}
	user.verifyPassword(password, function(err, isValid) {
	if (err) {
	return done(err);
	}
	if (isValid) {
	const { _id, username, race } = user;
	return done(null, { _id, username, race }); // placed on req.user
	}
	return done(null, false);
	});
	});
	});
	const jwtOptions = {
	jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
	secretOrKey: secret,
	};
	const jwtStrategy = new JwtStrategy(jwtOptions, function(payload, done) {
	User.findById(payload.sub)
	.select('-password')
	.then(user => {
	if (user) {
	done(null, user);
	} else {
	done(null, false);
	}
	})
	.catch(err => {
	return done(err, false);
	});
	});
	passport.use(localStrategy);
	passport.use(jwtStrategy); // new line
	const authenticate = passport.authenticate('local', { session: false });
	const protected = passport.authenticate('jwt', { session: false }); // new line
	module.exports = function(server) {
	server.get('/api/hobbits', protected, (req, res) => {
	User.find({ race: 'hobbit' })
	.select('-password')
	.then(hobbits => {
	res.json(hobbits);
	})
	.catch(err => {
	res.status(500).json(err);
	});
	});

	server.post('/api/login', authenticate, (req, res) => {
	res.json({ token: makeToken(req.user), user: req.user });
	});

	// sanity check route
	server.get('/', function(req, res) {
	res.send({ api: 'up and running' });
	});

	server.post('/api/register', function(req, res) {
	const credentials = req.body;

	// add a pre('save') hook to the User schema
	// that will hash the password before
	// persisting the user to the database
	const user = new User(credentials);
	user.save().then(inserted => {
	const token = makeToken(inserted);

	res.status(201).json({ token });
	});
	});
	};

	function makeToken(user) {
	// sub: subject (id) who the token is about
	// iat: issued at time
	const timestamp = new Date().getTime();
	const payload = {
	sub: user._id,
	iat: timestamp,
	username: user.username,
	race: user.race,
	};
	const options = { expiresIn: '4h' };

	return jwt.sign(payload, secret, options);
	}
	const express = require('express');
	const mongoose = require('mongoose');

	const server = express();

	const setupMiddleware = require('./setup/middleware')(server);
	const setupRoutes = require('./setup/routes')(server);
	// alternatively we can do this in two steps like so:
	// we first import the module
	// const setupMiddleware = require('./setup/middleware');
	// then execute it passing the server instance
	// setupMiddleware(server);

	mongoose
	.connect('mongodb://localhost/auth')
	.then(cnn => {
	console.log('\n=== connected to mongo ===\n');
	})
	.catch(err => {
	console.log('\n=== ERROR connecting to mongo ===\n');
	});

	server.listen(5000, () => console.log('\n=== API on port 5k ===\n'));
	const mongoose = require('mongoose');
	const bcrypt = require('bcrypt');

	const userSchema = new mongoose.Schema({
	username: {
	type: String,
	required: true,
	unique: true,
	lowercase: true,
	// normalize all users to lowercase
	// helps later when making queries
	},
	password: {
	type: String,
	required: true,
	minlength: 4, // make this at least 10 or 12
	// in a production application
	},
	race: {
	type: String,
	required: true,
	},
	});

	userSchema.pre('save', function(next) {
	// const user = this; // scope is the document
	// you need to do this if the function passed to
	// then is a regular function, not an arrow
	// function to make sure the binding of this
	// is correct. See code below.
	// bcrypt.hash(this.password, 10).then(function(hash) {

	bcrypt.hash(this.password, 10).then(hash => {
	// different scope if using function(hash)
	// same document scope if using arrow function
	this.password = hash;

	next();
	});
	});

	userSchema.methods.verifyPassword = function(guess, callback) {
	bcrypt.compare(guess, this.password, function(err, isValid) {
	if (err) {
	return callback(err);
	}

	// here there was no error
	callback(null, isValid);
	});
	};

	module.exports = mongoose.model('User', userSchema, 'users');