angular security course

Your Name · Your Name · commit e7043ba1aaad · 2017-08-17T15:14:19.000+02:00
diff --git a/server/create-user.route.ts b/server/create-user.route.ts
@@ -44,3 +44,4 @@ async function createUserAndSession(res:Response, credentials) {
 
 
 
+
diff --git a/server/get-user.middleware.ts b/server/get-user.middleware.ts
@@ -0,0 +1,41 @@
+
+
+
+import {Request, Response, NextFunction} from 'express';
+import {decodeJwt} from "./security.utils";
+
+
+export function retrieveUserIdFromRequest(req: Request, res: Response, next: NextFunction) {
+
+    const jwt = req.cookies["SESSIONID"];
+
+    if (jwt) {
+        handleSessionCookie(jwt, req)
+            .then(() => next())
+            .catch(err => {
+                console.error(err);
+                next();
+        })
+    }
+}
+
+
+
+async function handleSessionCookie(jwt:string, req: Request) {
+    try {
+
+        const payload = await decodeJwt(jwt);
+
+        req["userId"] = payload.sub;
+
+    }
+    catch(err) {
+        console.log("Error: Could not extract user from request:", err.message);
+    }
+}
+
+
+
+
+
+
diff --git a/server/get-user.route.ts b/server/get-user.route.ts
@@ -1,15 +1,13 @@
 
 
 import {Request, Response} from "express";
+import {db} from "./database";
 
 
 
 export function getUser(req:Request, res:Response) {
 
-    //TODO retrieve the actual user based on JWT content
-    const user = {
-        email:'test@gmail.com'
-    };
+    const user = db.findUserById(req["userId"]);
 
     if (user) {
         res.status(200).json(user);
diff --git a/server/security.utils.ts b/server/security.utils.ts
@@ -30,6 +30,20 @@ export async function createSessionToken(userId:string) {
 }
 
 
+export async function decodeJwt(token:string) {
+
+    const payload = await jwt.verify(token, RSA_PUBLIC_KEY);
+
+    console.log("decoded JWT payload", payload);
+
+    return payload;
+}
+
+
+
+
+
+
 
 
 
diff --git a/server/server.ts b/server/server.ts
@@ -9,13 +9,15 @@ import {createUser} from "./create-user.route";
 import {getUser} from "./get-user.route";
 import {logout} from "./logout.route";
 import {login} from "./login.route";
+import {retrieveUserIdFromRequest} from "./get-user.middleware";
 const bodyParser = require('body-parser');
 const cookieParser = require('cookie-parser');
 
 
 const app: Application = express();
 
 app.use(cookieParser());
+app.use(retrieveUserIdFromRequest);
 app.use(bodyParser.json());
 
 

Original file line number	Diff line number	Diff line change
`@@ -44,3 +44,4 @@ async function createUserAndSession(res:Response, credentials) {`
`44`	`44`
`45`	`45`
`46`	`46`
	`47`	`+`