0

I have made simple signup, signin and article using MEAN.JS with jsonwebtoken. In signup page after user entering all values i am passing values to server through signup api. The server side I am creating jsonwebtoken and am passing to client side

exports.create = function (req, res, next) {

    var newUser = new User(req.body);
    newUser.provider = 'local';
    newUser.role = 'user';

    newUser.save(function(err, user) {
        if (err) return validationError(res, err);
        var token = jwt.sign({
            _id: user._id
        }, config.secrets.session, {
            expiresInMinutes: 60 * 5
        });
        res.json({
            token: token
        });
    });
};

After getting that token client calling some 'me' api (I did not understand what is that me is passing)

client side signup controller:

$scope.register = function(form) {
   Auth.createUser({
     username: $scope.user.name,
     useremail: $scope.user.email,
     password: $scope.user.password
   })
};

auth.service:

createUser: function(user, callback) {
    var cb = callback || angular.noop;

    return User.save(user,
      function(data) {
        $cookieStore.put('token', data.token);
        currentUser = User.get();
        return cb(user);
      },
      function(err) {
        this.logout();
        return cb(err);
      }.bind(this)).$promise;
  }

user.service :

.factory('User', function ($resource) {
    return $resource('/api/users/:id/:controller', {
      id: '@_id'
    },
    {
      changePassword: {
        method: 'PUT',
        params: {
          controller:'password'
        }
      },
      get: {
        method: 'GET',
        params: {
          id:'me'
        }
      }
      });
  });

After signup:

get: {
        method: 'GET',
        params: {
          id:'me'
        }
      }

I did not understand this. In server side 'me' api looking like this route:

router.get('/me', auth.isAuthenticated(), controller.me);

controller :

exports.me = function(req, res, next) {
  var userId = req.user._id;
  User.findOne({
    _id: userId
  }, '-salt -hashedPassword', function(err, user) { 
    if (err) return next(err);
    if (!user) return res.status(401).send('Unauthorized');
    res.json(user);
  });
};

auth.service:

var validateJwt = expressJwt({ secret: config.secrets.session });

/**
* Attaches the user object to the request if authenticated
* Otherwise returns 403
*/

function isAuthenticated() {
  return compose()
    // Validate jwt
    .use(function(req, res, next) {
      // allow access_token to be passed through query parameter as well
      if(req.query && req.query.hasOwnProperty('access_token')) {
        req.headers.authorization = 'Bearer ' + req.query.access_token;
      }
      validateJwt(req, res, next);
    })
    // Attach user to request
    .use(function(req, res, next) {
      User.findById(req.user._id, function (err, user) {
        if (err) return next(err);
        if (!user) return res.status(401).send('Unauthorized');

        req.user = user;
        next();
      });
    }).use(function (err, req, res, next) {
      if (err.name === 'UnauthorizedError') {
        var e = [];
        e.push(err);
        return res.status(401).send(e);
      }
    });
}

I want to know what they are passing in the 'me' api and how I'm getting 'req.user._id' in exports.me function. If I want to make the 'me' api (my own), how can I pass this my token?

The server side console I'm getting this: GET /api/users/me 200 876ms - 339b.

Eugene Mihaylin
  • 1,736
  • 3
  • 16
  • 31
  • It looks like your token is a string used to get permission to use an API? If so, unfortunately, by posting it on SO, you have compromised the key - someone else can use it to impersonate you on the API. I suggest requesting a new API key. See https://help.github.com/articles/remove-sensitive-data/ for a related discussion. – Kevin Oct 21 '16 at 16:07
  • i want to know how they are passing token in this api 'me'. bcoz i made own signup and and i m unable solve this 'auth.isAuthenticated()' .bcoz i don't know what should i pass to this function and how should i make 'me' api –  Oct 21 '16 at 16:12
  • Unfortunately, I'm not familiar with jsonwebtoken, so I'm not sure I can help out with your question. =/ Hopefully someone else can, though! – Kevin Oct 21 '16 at 17:15
  • @ ko001 you solved it? – Mariya James Oct 27 '16 at 07:12
  • no i can't able to solve .why? @Mariya James –  Oct 28 '16 at 07:01

0 Answers0