Learn how to use JWT to validate a user’s session in Node.js.
- [Instructor] This video, we're going to validate the user's session using JSON web tokens. One thing you'll notice, that if you try to access a resource directly, you have free access and it doesn't matter if you're logged in, so we need to change that. We want to protect these resources and make sure the user is logged in before they can access them. So, go into your dev-server folder, and inside of your services and your auth-service, we're going to create some methods here to access a session. First, let's create a method that can decode the token. That way we can access the user's data inside the token. And so first we'll grab the token from the headers and we can do that with req.headers.autorization. And so if there is no token attached to that header then we'll just return null, else we can go ahead and decrypt that token, so we'll say try and so we can say return jwt.verify and then we pass in the token along with the secret. And so that secret is needed to decrypt that token and if decryption fails, or the token is expired, or an invalid token, we'll get an error here and we can just return null. Then let's add a function called require login and this will basically be attached to any routes that we want the user to be logged in for in order to access. So first we'll call the decoded token method and give it the request and so if we don't have a token then we'll basically return a error here saying that you have to be logged in. Then we'll just call next cos at this point we know that we have a valid token and the users logged in. So now let's go into our controller and uses so go into tasks.routes and let's go ahead and import that service. And then you want to add that function to any routes that you want to protect with user login. And so I'm just going to add these to all of them and so what that will do is every time a user tries to access any of these m-points it'll run that middleware, check for the token and make sure the users logged in and if they are it'll return it. So now let's test this and you'll see now we can access a token because we're not logged in. So now let's go ahead and login using Postman and get that token back. So now you can take that token and just copy it, then go over to your headers and you want to pass in the header authorization. Cos that's what we're using in our middleware and then pass in the token as value. Then now for (mumbles) to the end point for task and try to access the resource, we get those tasks back. And so now we need make sure that a token is always attached to all the requests that we make in vue.js. So go into your services and here in our HTTP method we're going to attach the token to every request we send out. So first let's import the auth service and then we're going to pass in a property here called headers, which is going to take in authorization. And then this is where we're going to call our method which we haven't created yet so we'll call it get token. Let's go ahead and create that method. I'll just export a function, get token and also describe the token from the local storage and return it. Alright, so that'll make sure that our token is always attached to all the requests we make to our server and then the server will intercept it and verify the users identity. So In the next video we're going to manage the users session, we're basically going to use a JSON web token to access the users data.
- Single-page applications and Vue.js
- Preparing your development environment
- Creating a Vue.js application
- Using the Vue.js router
- Building a RESTful back-end API with Node.js and Express.js
- Connecting to MongoDB
- Validating and managing a user session
- Connecting Vue.js to a back-end server