Authentication for special events

Author: Vishwas Gopinath - I16165

ngApp/package-lock.json

@@ -24,6 +24,7 @@
     "body-parser": "^1.18.2",
     "core-js": "^2.4.1",
     "express": "^4.16.2",
+    "jsonwebtoken": "^8.1.1",
     "mongoose": "^5.0.3",
     "rxjs": "^5.5.6",
     "zone.js": "^0.8.19"

ngApp/package.json

@@ -2,9 +2,10 @@ const express = require('express');
 const router = express.Router();
 const mongoose = require('mongoose');
 const User = require('../models/user');
-
+const jwt = require('jsonwebtoken')
 const db = "mongodb://testuser:[email protected]:23136/eventsdb";
 // mongoose.Promise = global.Promise;
+
 mongoose.connect(db, function(err){
     if(err){
         console.error('Error! ' + err)
@@ -13,6 +14,23 @@ mongoose.connect(db, function(err){
     }
 });
 
+function verifyToken(req, res, next) {
+  console.log(JSON.stringify(req.headers))
+  if(!req.headers.authorization) {
+    return res.status(401).send('Unauthorized request')
+  }
+  let token = req.headers.authorization.split(' ')[1]
+  if(token === 'null') {
+    return res.status(401).send('Unauthorized request')    
+  }
+  let payload = jwt.verify(token, 'secretKey')
+  if(!payload) {
+    return res.status(401).send('Unauthorized request')    
+  }
+  req.userId = payload.subject
+  next()
+}
+
 router.get('/events', (req,res) => {
   let events = [
     {
@@ -55,7 +73,7 @@ router.get('/events', (req,res) => {
   res.json(events)
 })
 
-router.get('/special', (req,res) => {
+router.get('/special', verifyToken, (req, res) => {
   let specialEvents = [
     {
       "_id": "1",
@@ -121,7 +139,10 @@ router.post('/login', (req, res) => {
       if ( user.password !== userData.password) {
         res.status(401).send('Invalid Password')
       } else {
-        res.status(200).send('Logged in succesfully')
+        let payload = {subject: user._id}
+        let token = jwt.sign(payload, 'secretKey')
+        console.log(token)
+        res.status(200).send({token})
       }
     }
   })

ngApp/server/routes/api.js

@@ -1,7 +1,7 @@
 import { BrowserModule } from '@angular/platform-browser';
 import { NgModule } from '@angular/core';
 import { FormsModule } from '@angular/forms';
-import { HttpClientModule } from '@angular/common/http';
+import { HttpClientModule, HTTP_INTERCEPTORS } from '@angular/common/http';
 import { AppRoutingModule } from './app-routing.module';
 
 import { AppComponent } from './app.component';
@@ -11,6 +11,7 @@ import { EventsComponent } from './events/events.component';
 import { SpecialEventsComponent } from './special-events/special-events.component';
 import { AuthService } from './auth.service';
 import { EventService } from './event.service';
+import { TokenInterceptorService } from './token-interceptor.service';
 
 
 @NgModule({
@@ -27,7 +28,12 @@ import { EventService } from './event.service';
     HttpClientModule,
     AppRoutingModule
   ],
-  providers: [AuthService, EventService],
+  providers: [AuthService, EventService, 
+  {
+    provide: HTTP_INTERCEPTORS,
+    useClass: TokenInterceptorService,
+    multi: true
+  }],
   bootstrap: [AppComponent]
 })
 export class AppModule { }

ngApp/src/app/app.module.ts

@@ -10,10 +10,15 @@ export class AuthService {
   constructor(private http: HttpClient) { }
 
   registerUser(user) {
-    return this.http.post(this._registerUrl, user, {responseType: 'text'})
+    return this.http.post<any>(this._registerUrl, user)
   }
 
   loginUser(user) {
-    return this.http.post(this._loginUrl, user, {responseType: 'text'})
+    return this.http.post<any>(this._loginUrl, user)
   }
+
+  getToken() {
+    return localStorage.getItem('token')
+  }
+
 }

ngApp/src/app/auth.service.ts

@@ -18,7 +18,10 @@ export class LoginComponent implements OnInit {
   loginUser () {
     this._auth.loginUser(this.loginUserData)
     .subscribe(
-      res => console.log(res),
+      res => {
+        console.log(res)
+        localStorage.setItem('token', res.token)
+      },
       err => console.log(err)
     ) 
   }

ngApp/src/app/login/login.component.ts

@@ -0,0 +1,18 @@
+import { Injectable, Injector } from '@angular/core';
+import { HttpInterceptor } from '@angular/common/http'
+import { AuthService } from './auth.service';
+@Injectable()
+export class TokenInterceptorService implements HttpInterceptor {
+
+  constructor(private injector: Injector){}
+  intercept(req, next) {
+    let authService = this.injector.get(AuthService)
+    let tokenizedReq = req.clone(
+      {
+        headers: req.headers.set('Authorization', 'bearer ' + authService.getToken())
+      }
+    )
+    return next.handle(tokenizedReq)
+  }
+
+}