Add jwt

Devices routes are now JWT protected. We are using `restify-jwt` which is using `jsonwebtoken` behind. Signed-off-by: Drasko DRASKOVIC <drasko.draskovic@gmail.com>
2025-04-28 13:48:49 +08:00 · 2015-12-04 00:53:30 +01:00 · 2015-12-04 00:53:30 +01:00 · e7e4da29bb
commit e7e4da29bb
parent 54913c7d23
4 changed files with 37 additions and 6 deletions
--- a/app/controllers/devices.js
+++ b/app/controllers/devices.js
@ -1,6 +1,9 @@
 var mongojs = require('mongojs');
 var devicesDb = require('../database').collection('devices');

+var jwt = require('jsonwebtoken');
+var config = require('../../config/config');
+
 /** createDevice() */
 exports.createDevice = function(req, res, next) {

@ -9,9 +12,17 @@ exports.createDevice = function(req, res, next) {
    /** Save the device and check for errors */
    devicesDb.insert(req.body, function(err, device) {
        if (err)
-            res.send(err);
+            return next(err);

-        res.json(device);
+        var token = jwt.sign(device, config.tokenSecret, {
+                expiresInMinutes: config.userTokenExpirePeriod
+        });
+
+        res.json({
+                status: 200,
+                message: 'Device created',
+                token: token
+        });
    });

    return next();
@ -24,7 +35,7 @@ exports.getAllDevices = function(req, res, next) {
 		
    devicesDb.find(req.body, function(err, devices) {
        if (err)
-            res.send(err);
+            return next(err);

        res.json(devices);
        return next();
@ -63,7 +74,7 @@ exports.updateDevice = function(req, res, next) {

 /** deleteDevice() */
 exports.deleteDevice = function(req, res, next) {
-    deviceDb.remove({
+    devicesDb.remove({
        _id: mongojs.ObjectId(req.params.device_id)
    }, function(err, device) {
        if (err)
--- a/config/development.json
+++ b/config/development.json
@ -6,7 +6,7 @@
        "name" : "test"
    },
    "port" : "8080",
-    "secretToken": "VelikaSrbija",
+    "tokenSecret": "Pariz-Beograd",
    "userTokenExpirePeriod": "10080",
    "limiter" : {
        "defaultBurstRate": 50,
--- a/package.json
+++ b/package.json
@ -27,6 +27,7 @@
    "gulp-nodemon": "^2.0.3",
    "jshint-stylish": "^2.0.1",
    "mocha": "^2.3.3",
+    "restify-jwt": "^0.4.0",
    "supertest": "^1.1.0"
  }
 }
--- a/server.js
+++ b/server.js
@ -6,6 +6,7 @@
 * See the included LICENSE file for more details.
 */
 var restify = require('restify');
+var jwt = require('restify-jwt');
 var domain = require('domain');
 var config = require('./config/config');

@ -29,7 +30,25 @@ console.log('Enabling CORS');
 server.use(restify.CORS());
 server.use(restify.fullResponse());

-//Global error handler
+/** JWT */
+server.use(jwt({
+    secret: config.tokenSecret,
+    requestProperty: 'token',
+    getToken: function fromHeaderOrQuerystring(req) {
+        var token = (req.body && req.body.access_token) ||
+            (req.query && req.query.access_token) ||
+            req.headers['x-auth-token'];
+
+        return token;
+    }
+}).unless({
+    path: [
+        '/status',
+        {url: '/devices', methods: ['POST']}
+    ]
+}));
+
+/** Global error handler */
 server.use(function(req, res, next) {
    var domainHandler = domain.create();