Home > other >  Node Js pass the role as a string to the JWT verification function
Node Js pass the role as a string to the JWT verification function

Time:02-27

the JWT verification function accepts the req, res and next as its params. I need to pass an additional string 'Admin' so that only admin users may access this API

My jwtVerification.js code:

module.exports = async function (req, res, next) { //I need to be able to add role to this call
    try {       
        const token = req.header("Authorization");

        if (!token) return res.status(401).send('Invalid access token.');

        const _token = token.substring(7, token.length);

        const decoded = jwt.verify(_token, process.env.JWT_PRIVATE_KEY)

        const user = await prisma.user.findFirst({ where: { id: decoded.id } });

        if (!user) return res.status(401).send('Invalid access token.');
     
        //I need to be able to read the role so that I can do the following verifications
        //if(!role) next();
        //else{
        //   if(user.role !== role || decode.role !== role) return res.status(403).send('Forbidden!')
        //   else next();
        //}
        next();

    } catch (error) {
        res.status(401).send(error.message);
    }
};

finally, the API call itself: //use verifyJWT('Admin') for example

router.post('/test', verifyJWT, async (req, res) => {
    res.send('hi');
})

CodePudding user response:

You cat use some thing like this:

module.exports = function (myParam) => {
    
         return async function (req, res, next) { 
            //use myParam here
            try {       
                const token = req.header("Authorization");

                if (!token) return res.status(401).send('Invalid access token.');

                const _token = token.substring(7, token.length);

                const decoded = jwt.verify(_token, process.env.JWT_PRIVATE_KEY)

                const user = await prisma.user.findFirst({ where: { id: decoded.id } });

                if (!user) return res.status(401).send('Invalid access token.');
             
                //I need to be able to read the role so that I can do the following verifications
                //if(!role) next();
                //else{
                //   if(user.role !== role || decode.role !== role) return res.status(403).send('Forbidden!')
                //}
                next();

            } catch (error) {
                res.status(401).send(error.message);
            }
    }
};

And after that use the middleware this way:

router.post('/test', verifyJWT(someParam), async (req, res) => {
    res.send('hi');
})
  • Related