Angular Security course

Author: jhades

server/auth.middleware.ts

@@ -2,6 +2,7 @@ import {Request, Response, NextFunction} from 'express';
 import {isSessionTokenValid} from "./security.utils";
 
 
+
 export function retrieveUserIdFromRequest(req: Request, res: Response, next: NextFunction) {
 
     const jwt = req.cookies['SESSIONID'];
@@ -14,13 +15,13 @@ export function retrieveUserIdFromRequest(req: Request, res: Response, next: Nex
     }
 }
 
+
+
 async function handleSessionCookie(jwt, req: Request, next: NextFunction) {
     try {
 
         const token = await isSessionTokenValid(jwt);
 
-        console.log("decoded token", token);
-
         req['userId'] = token.sub;
 
     }
@@ -33,10 +34,12 @@ async function handleSessionCookie(jwt, req: Request, next: NextFunction) {
 }
 
 
-export function checkIfAuthenticated(req: Request, res: Response, next: NextFunction) {
-
-    console.log("Calling check if authenticated ...");
-
-    next();
 
+export function checkIfAuthenticated(req: Request, res: Response, next: NextFunction) {
+    if (req["userId"]) {
+        next();
+    }
+    else {
+        res.sendStatus(403);
+    }
 }

server/database.ts

@@ -47,6 +47,25 @@ class InMemoryDatabase {
         return _.find(users, user => user.email === email);
     }
 
+    findUserById(userId:string) :DbUser {
+
+        let user = undefined;
+
+        if (userId) {
+
+            console.log("looking for userId ", userId);
+
+            const users = _.values(USERS);
+
+            user = _.find(users, user => user.id.toString() === userId);
+
+            console.log("user data found:", user);
+        }
+
+        return user;
+
+    }
+
 }
 
 

server/get-user.route.ts

@@ -1,16 +1,15 @@
 
 
 import {Request, Response} from "express";
+import {db} from "./database";
 
 
 
 export function getUser(req:Request, res:Response) {
 
-    const userId = req.cookies['SESSIONID'];
-
-    //TODO
-    const user = {email:'test@gmail.com'};
+    const userId = req['userId'];
 
+    const user = db.findUserById(userId);
 
     if (user) {
         res.status(200).json(user);

server/read-all-lessons.route.ts

@@ -4,16 +4,6 @@ import {db} from "./database";
 
 export function readAllLessons(req, res) {
 
-    const sessionId = req.cookies["SESSIONID"];
-
-    //TODO
-    const isSessionValid = true;
-
-    if (!isSessionValid) {
-        res.sendStatus(403);
-    }
-    else {
-        res.status(200).json({lessons:db.readAllLessons()});
-    }
+    res.status(200).json({lessons:db.readAllLessons()});
 
 }

server/security.utils.ts

@@ -34,8 +34,6 @@ export async function createSessionToken(userId:number) {
 
 export async function isSessionTokenValid(sessionToken:string) {
 
-    console.log("validating token", sessionToken);
-
     const  verify = await jwt.verify(sessionToken, RSA_PUBLIC_KEY);
 
     console.log("decoded token", verify);

server/server.ts

@@ -38,7 +38,7 @@ app.route('/api/signup')
     .post(createUser);
 
 app.route('/api/user')
-    .get(checkIfAuthenticated, getUser);
+    .get(getUser);
 
 app.route('/api/logout')
     .post(checkIfAuthenticated, logout);