Skip to content
/ node-express-jwt-auth Public
forked from iamshaunjp/node-express-jwt-auth

All course files for the Node.js (& Express) JWT Authentication tutorial series on The Net Ninja YouTube channel.

0 stars 336 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

andrewcbuensalida/node-express-jwt-auth

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

41 Commits
controllers
controllers
 
 
middleware
middleware
 
 
models
models
 
 
public
public
 
 
routes
routes
 
 
views
views
 
 
.gcloudignore
.gcloudignore
 
 
.gitignore
.gitignore
 
 
.prettierignore
.prettierignore
 
 
app.js
app.js
 
 
app.yaml
app.yaml
 
 
cloudbuild.yaml
cloudbuild.yaml
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
readme.md
readme.md
 
 

Repository files navigation

could use fetch api method where server sends back either json and then the single page front end dynamically injects the data into the html (like react). fetch post could be replaced with form submission method. these two are only needed for login or signup where you have to send username and password from front to back. but to send access tokens from front to back or back to front, use cookies. OR fetch again but this time the server sends back an html file, then front end js would result.text() parse it instead of result.json(), this would still be a single page app but the inner contents wouldnt be dynamically injected. OR could use a view engine such as handlebars (preferred for easier syntax) or ejs, which the server sends data directly into multiple html pages, aka server side rendering. more popular than previous methods.

user authorization steps basically, during login, before client sends username and password to server via fetch or form, bcrypt encrypts password, then server checks database to see if login and password is correct, if correct, server creates a token with jwt with an expiration, then puts it in the client's cookie. when client visits a restricted page, server checks the cookies that were automatically sent by the get request, server checks cookies for the token and verifies it with middleware. if verified, middleware passes it to render the page.

now has session countdown timer that will auto logout. based on setInterval subtracting every second, expiresIn is based on the date when token is created + time give minus now. can be hacked if user inspects application and changes cookie expiryDate to a later date. but if token expires, at least if the user navigates to a new route, server will know token is expired and direct the user to logout.

to deploy to firebase, trying https://cloud.google.com/build/docs/deploying-builds/deploy-firebase had to enable api by going to console > apis and services > searching cloud build had to delete cloud-builders-community from explorer, doing it from the google cloud sdk shell didnt work. couldnt make firebase work.

so trying app engine again. app.yaml is to deploy from vs code to app engine. https://www.youtube.com/watch?v=HgpCjChgjoQ&list=PL42xwJRIG3xCtmOrJAQFR5sIJFKIJ9MEn&index=2 to set environment variables,

workflow is push to github and app engine should auto deploy.

About

All course files for the Node.js (& Express) JWT Authentication tutorial series on The Net Ninja YouTube channel.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 45.5%
  • Handlebars 37.7%
  • CSS 16.8%