From e7e4da29bbe841eeec68255e236b3975d85a0ae5 Mon Sep 17 00:00:00 2001 From: Drasko DRASKOVIC Date: Fri, 4 Dec 2015 00:53:30 +0100 Subject: [PATCH] Add jwt Devices routes are now JWT protected. We are using `restify-jwt` which is using `jsonwebtoken` behind. Signed-off-by: Drasko DRASKOVIC --- app/controllers/devices.js | 19 +++++++++++++++---- config/development.json | 2 +- package.json | 1 + server.js | 21 ++++++++++++++++++++- 4 files changed, 37 insertions(+), 6 deletions(-) diff --git a/app/controllers/devices.js b/app/controllers/devices.js index fabc6e65..30c320b2 100644 --- a/app/controllers/devices.js +++ b/app/controllers/devices.js @@ -1,6 +1,9 @@ var mongojs = require('mongojs'); var devicesDb = require('../database').collection('devices'); +var jwt = require('jsonwebtoken'); +var config = require('../../config/config'); + /** createDevice() */ exports.createDevice = function(req, res, next) { @@ -9,9 +12,17 @@ exports.createDevice = function(req, res, next) { /** Save the device and check for errors */ devicesDb.insert(req.body, function(err, device) { if (err) - res.send(err); + return next(err); - res.json(device); + var token = jwt.sign(device, config.tokenSecret, { + expiresInMinutes: config.userTokenExpirePeriod + }); + + res.json({ + status: 200, + message: 'Device created', + token: token + }); }); return next(); @@ -24,7 +35,7 @@ exports.getAllDevices = function(req, res, next) { devicesDb.find(req.body, function(err, devices) { if (err) - res.send(err); + return next(err); res.json(devices); return next(); @@ -63,7 +74,7 @@ exports.updateDevice = function(req, res, next) { /** deleteDevice() */ exports.deleteDevice = function(req, res, next) { - deviceDb.remove({ + devicesDb.remove({ _id: mongojs.ObjectId(req.params.device_id) }, function(err, device) { if (err) diff --git a/config/development.json b/config/development.json index 557670c1..b8d39ace 100644 --- a/config/development.json +++ b/config/development.json @@ -6,7 +6,7 @@ "name" : "test" }, "port" : "8080", - "secretToken": "VelikaSrbija", + "tokenSecret": "Pariz-Beograd", "userTokenExpirePeriod": "10080", "limiter" : { "defaultBurstRate": 50, diff --git a/package.json b/package.json index 310e3e2e..64d7039b 100644 --- a/package.json +++ b/package.json @@ -27,6 +27,7 @@ "gulp-nodemon": "^2.0.3", "jshint-stylish": "^2.0.1", "mocha": "^2.3.3", + "restify-jwt": "^0.4.0", "supertest": "^1.1.0" } } diff --git a/server.js b/server.js index 04d53595..20a0b009 100644 --- a/server.js +++ b/server.js @@ -6,6 +6,7 @@ * See the included LICENSE file for more details. */ var restify = require('restify'); +var jwt = require('restify-jwt'); var domain = require('domain'); var config = require('./config/config'); @@ -29,7 +30,25 @@ console.log('Enabling CORS'); server.use(restify.CORS()); server.use(restify.fullResponse()); -//Global error handler +/** JWT */ +server.use(jwt({ + secret: config.tokenSecret, + requestProperty: 'token', + getToken: function fromHeaderOrQuerystring(req) { + var token = (req.body && req.body.access_token) || + (req.query && req.query.access_token) || + req.headers['x-auth-token']; + + return token; + } +}).unless({ + path: [ + '/status', + {url: '/devices', methods: ['POST']} + ] +})); + +/** Global error handler */ server.use(function(req, res, next) { var domainHandler = domain.create();