JS-301-NodeServer
  • Introduction
  • js_library
    • Node Server
      • 00 - Intro
        • 01 - Purpose
        • 02 - Back-End Setup
        • 03 - Terms Cheat Sheet
      • 01 - Server Set up
        • 01 - npm packages
        • 02 - Express Intro
        • 03 - Express code
      • 02 - Development Tools
        • 01 - Nodemon Intro
        • 02 - Postman Intro
        • 03 - Postman set up
      • 03 - Routes Intro
        • 01 - Routes intro
        • 02 - Express Router() intro
        • 03 - Challenge 1
        • 04 - Challenge 2
      • 04 - Database Intro
        • 00 - DB Intro and Set up
          • 00 - DB Intro
          • 01 - PostgreSQL Intro
          • 02 - Install
        • 01 - Sequelize Intro
          • 01 - Sequelize intro
          • 02 - Initialize
      • 05 - Model View Controller
        • 01 - MVC
          • 00 - MVC Intro
        • 02 - Models
          • 01 - Intro to Models
          • 02 - Test Model
        • 03 - Controllers
          • 00 - Controllers Intro
          • 01 - Controller Set up
          • 02 - Create Method
          • 03 - req.body()
          • 04 - Crafting the Response
          • 05 - Sending the Response
          • 06 - JSON Response
          • 07 - Error Handling
        • 04 - Conclusion
      • 06 - Tokenization
        • 01 - JWT Intro
          • 01 - JWT intro
        • 02 - User Create
          • 01 - User Create
          • 02 - Refactor
        • 03 - User Token
          • 01 - JWT Package
          • 02 - Adding JWT
          • 03 - ENV
      • 07 - Encryption
        • 01 - bcrypt
        • 02 - bcrypt setup
      • 08 - Session
        • 00 - Session Intro
        • 01 - Sign In Method
        • 02 - Sign In Bcrypt
        • 03 - Sign In JWT
      • 09 - Middleware
        • 01 - Test Client HTML
        • 02 - Test Client JS
        • 03 - Middleware intro
        • 04 - Headers intro
        • 05 - Server Update
        • 06 - Test Post
        • 07 - Test Post Refactor
        • 08 - Post Data
        • 09 - Fetch From One
      • 10 - Authenticated Routes
        • 01 - Intro to Authenticated Routes
        • 02 - Validate Session
        • 03 - Changes to app.js
        • 04 - authtestcontroller.js
        • 05 - Delete an Item
        • 06 - Update an Item
        • 07 - Postman Testing
      • 11 - Authenticated Requests
        • 00 - Additions to index
        • 01 - Anatomy of a Request
        • 02 - Create User
        • 03 - Getting a Token
        • 04 - Get Items From One User
        • 05 - Creating an Item for a User
        • 06 - Get one item
        • 07 - Update an Item
        • 08 - Deleting an Item
        • 09 - Deleting with a Custom Event
      • 12 - Workout Log Server
        • 00 - Intro
      • 13 - More Sequelize Functions
        • Migrations
          • 00 - Intro
          • 01 - init and config
          • 02 - Creating the First Migration
          • 03 - Running Migrations
          • 04 - Reverting Migrations
          • 05 - Seeds
          • 06 - Reverting Seeds
        • Queries
          • 00 - Intro
          • 01 - Queries
Powered by GitBook
On this page
  • Overview
  • File Set up
  • Import dotenv Package
  • .env File
  • Adding the Process Variable
  • Test
  1. js_library
  2. Node Server
  3. 06 - Tokenization
  4. 03 - User Token

03 - ENV

In this module, we'll work on making our signature private with the .env file.

Overview

As mentioned before, our signature is currently available to anyone who wants it on GitHub. We can use a package called dotenv to hold data that we want hidden, then we can have the program reach out to that file when the data is needed. We can then prevent this file from being uploaded to GitHub. dotenv provides a way to allow you to create secret keys that your application needs to function and keep them from going public.

File Set up

Let's start by adding a .env file to the root level:

javascript-library
    └── 5-Express Server
        └── Server
            └── controllers
            └── middleware
            └── models
            └── .env
            └── app.js
            └── db.js

Import dotenv Package

We have already installed the dotenv package. In order to use it we need to go to app.js and require it at the top of the file:

require('dotenv').config();//1 <--- ADD THIS LINE

var express = require('express');
var app = express();
var test= require('./controllers/testcontroller')
var user = require('./controllers/usercontroller')
var sequelize = require('./db');
var bodyParser = require('body-parser');

  1. With this we can make items in an .env file available to our whole application.

.env File

  1. Add *.env to your .gitignore to prevent it from being published to GitHub.

  2. In the .env file, add the secret. Put it in exactly like this:

    JWT_SECRET="i_am_secret"

Adding the Process Variable

Now, let's add the process.env variable to our method. See the comment below:

router.post('/createuser', function(req, res) {
        var username = req.body.user.username;
        var pass = req.body.user.password;

        User.create({
            username: username,
            passwordhash: pass
        }).then(

            function createSuccess(user){                    //1
                var token = jwt.sign({id: user.id}, process.env.JWT_SECRET, {expiresIn: 60*60*24});
                res.json({
                        user: user,
                        message: 'created',
                        sessionToken: token
                });
            },
            function createError(err){
                res.send(500, err.message);
            }
        );
    });

module.exports = router;

  1. The system goes outside the current file to the .env file, where it looks for something called JWT_SECRET. The value of the secret is stored in that environment variable.

Test

We'll leave it up to you to test the app again with Postman and be sure that you get a token back. You should be getting the same result as you got in the last module:

Previous02 - Adding JWTNext07 - Encryption

Last updated 7 years ago

screenshot