Authenticating the request header with Express

node.js express jwt aop access-token
kambi picture kambi · Sep 7, 2017 · Viewed 40.3k times · Source

I want to verify that all our get requests have a specific token in their authentication header.

I can add this to our get endpoints:

app.get('/events/country', function(req, res) {
    if (!req.headers.authorization) {
    return res.json({ error: 'No credentials sent!' });
    }

Is there any better way to handle this in NodeJS/Express without changing every endpoint? something like a before-filter/AOP approach?

Answer

robertklep picture robertklep · Sep 7, 2017

That's what middleware is for:

app.use(function(req, res, next) {
  if (!req.headers.authorization) {
    return res.status(403).json({ error: 'No credentials sent!' });
  }
  next();
});

...all your protected routes...

Make sure that the middleware is declared before the routes to which the middleware should apply.

Related questions

jwt check if token expired

I've configured the token like this: jwt.sign( { user: pick(user, ['_id', 'username']) }, secret, { expiresIn: '2m' } ); But when I want to check if the token was expired, this code doesn't work function isAuthenticated() { const token = localStorage.getItem('token'); …

Read More
How to use jti claim in a JWT

The JWT spec mentions a jti claim which allegedly can be used as a nonce to prevent replay attacks: The "jti" (JWT ID) claim provides a unique identifier for the JWT. The identifier value MUST be assigned in a manner …

Read More
How can I decode a google OAuth 2.0 JWT (OpenID Connect) in a node app?

I'm having a heck of a time here trying to use google OAuth to authenticate users in my node express app. I can successfully do the OAuth, which returns a response like so: { access_token: 'token string', id_token: 'id.…

Read More