JS-301-NodeServer
  • Introduction
  • js_library
    • Node Server
      • 00 - Intro
        • 01 - Purpose
        • 02 - Back-End Setup
        • 03 - Terms Cheat Sheet
      • 01 - Server Set up
        • 01 - npm packages
        • 02 - Express Intro
        • 03 - Express code
      • 02 - Development Tools
        • 01 - Nodemon Intro
        • 02 - Postman Intro
        • 03 - Postman set up
      • 03 - Routes Intro
        • 01 - Routes intro
        • 02 - Express Router() intro
        • 03 - Challenge 1
        • 04 - Challenge 2
      • 04 - Database Intro
        • 00 - DB Intro and Set up
          • 00 - DB Intro
          • 01 - PostgreSQL Intro
          • 02 - Install
        • 01 - Sequelize Intro
          • 01 - Sequelize intro
          • 02 - Initialize
      • 05 - Model View Controller
        • 01 - MVC
          • 00 - MVC Intro
        • 02 - Models
          • 01 - Intro to Models
          • 02 - Test Model
        • 03 - Controllers
          • 00 - Controllers Intro
          • 01 - Controller Set up
          • 02 - Create Method
          • 03 - req.body()
          • 04 - Crafting the Response
          • 05 - Sending the Response
          • 06 - JSON Response
          • 07 - Error Handling
        • 04 - Conclusion
      • 06 - Tokenization
        • 01 - JWT Intro
          • 01 - JWT intro
        • 02 - User Create
          • 01 - User Create
          • 02 - Refactor
        • 03 - User Token
          • 01 - JWT Package
          • 02 - Adding JWT
          • 03 - ENV
      • 07 - Encryption
        • 01 - bcrypt
        • 02 - bcrypt setup
      • 08 - Session
        • 00 - Session Intro
        • 01 - Sign In Method
        • 02 - Sign In Bcrypt
        • 03 - Sign In JWT
      • 09 - Middleware
        • 01 - Test Client HTML
        • 02 - Test Client JS
        • 03 - Middleware intro
        • 04 - Headers intro
        • 05 - Server Update
        • 06 - Test Post
        • 07 - Test Post Refactor
        • 08 - Post Data
        • 09 - Fetch From One
      • 10 - Authenticated Routes
        • 01 - Intro to Authenticated Routes
        • 02 - Validate Session
        • 03 - Changes to app.js
        • 04 - authtestcontroller.js
        • 05 - Delete an Item
        • 06 - Update an Item
        • 07 - Postman Testing
      • 11 - Authenticated Requests
        • 00 - Additions to index
        • 01 - Anatomy of a Request
        • 02 - Create User
        • 03 - Getting a Token
        • 04 - Get Items From One User
        • 05 - Creating an Item for a User
        • 06 - Get one item
        • 07 - Update an Item
        • 08 - Deleting an Item
        • 09 - Deleting with a Custom Event
      • 12 - Workout Log Server
        • 00 - Intro
      • 13 - More Sequelize Functions
        • Migrations
          • 00 - Intro
          • 01 - init and config
          • 02 - Creating the First Migration
          • 03 - Running Migrations
          • 04 - Reverting Migrations
          • 05 - Seeds
          • 06 - Reverting Seeds
        • Queries
          • 00 - Intro
          • 01 - Queries
Powered by GitBook
On this page
  • Authenticated Request Defined
  • Auth Test
  • Code
  • Analysis
  • Test
  • Small Refractor to validate-session.js
  1. js_library
  2. Node Server
  3. 11 - Authenticated Requests

04 - Get Items From One User

In this module, we'll add a client method for making an authenticated request with a token to an authenticated route.

Authenticated Request Defined

Authentication is the process of identifying whether a client is eligible to access a resource. An authenticated request usually means that a client has some token or cookie allowing access to a resource. Hence, for clarity in this book, we'll refer to Authenticated Requests as being synonmous with a user that has a token. Think of it as a user that is logged in.

Auth Test

Let's add a 03-auth-test.js file inside of the client folder:

    └── 5-Express Server
            └── server
            └── client
                └── 01-scripts.js
                └── 02-user-scripts.js
                └── 03-auth-test.js
                └── index.html

We'll add all of our authenticated request logic in there.

We'll also need to add the script tag to the bottom of the index.html file:

    <script src="01-scripts.js"></script>
    <script src="02-user-scripts.js"></script>
    <script src="03-auth-test.js"></script>

</body>

</html>

Code

Add the following code to 03-auth-test.js:

function fetchAllFromAuthRoute() {
    const fetch_url = `http://localhost:3000/authtest/getall`
    const accessToken = localStorage.getItem('SessionToken') //1

    const response = fetch(fetch_url, {
        method: 'GET', //2
        headers: {
            'Content-Type': 'application/json', //3
            'Authorization': accessToken //4
        }
    })
        .then(response => {
            return response.json();
        })
        .then(data => {

            console.log(data)
        })
}

Analysis

  1. Since we stored our token in localStorage, we can access it by using the getItem method to get it back from localStorage and put it in a variable. Note that we could also use our getSessionToken() method for this task.

  2. By default, fetch runs a GET request. We can use the method property to send other requests. In this case, we're still sending a GET.

  3. The Content-Type header tells the server what kind of data is being sent in our PreFlight request, if any.

  4. The Authorization header provides some sort of encrypted data allowing access to the server, in this case our token.

Test

  1. Make sure both the server and client are running.

  2. Open the console.

  3. Go to Step 9.

  4. Press the button.

You should see an error similar to the following image:

The problem isn't with our code here. The problem lies with a file on the server side: the validate-session.js file, and specifically how that file handles the pre-flight OPTIONS request sent by our browser.

Small Refractor to validate-session.js

As a reminder, here is the validate-session function:

module.exports = function(req, res, next) {
    // if (req.method == 'OPTIONS') {
    //     next()
    // } else {
        var sessionToken = req.headers.authorization; //PROBLEM IS RIGHT HERE
        console.log(sessionToken)
        if (!sessionToken) return res.status(403).send({ auth: false, message: 'No token provided.' });
        else {
            jwt.verify(sessionToken, process.env.JWT_SECRET, (err, decoded) => {
                if(decoded){
                    User.findOne({where: { id: decoded.id}}).then(user => {
                        req.user = user;
                        next();
                    },
                    function(){
                        res.status(401).send({error: 'Not authorized'});
                    });
                } else {
                    res.status(400).send({error: 'Not authorized'});
                }
            });
        }
    //}
}

Notice the parts that are commented out: the if statement at the top and the corresponding else. When we used Postman to test, we never sent an OPTIONS request. Here is the result of that request:

You can see that there isn't an Authorization header on that request, so when validate-session looks for req.headers.authorization, it comes back undefined, breaking the rest of the function. That's where this conditional comes into play. One of the properties on fetch is method; This is where we tell fetch what type HTTP request to send (GET, POST, etc.). This conditional allows us to tell the program to let any request where req.method is OPTIONS through without checking for a session token. This way the pre-flight check can occur, then the program will look for and verify a token on any other request.

Un-comment the if/else statement at the top, as well as the closing curly bracket at the bottom, then run the test above again. It should go through this time. However, since you've just created your user, you will probably see an empty array. This is coming from the Postgres table:

Previous03 - Getting a TokenNext05 - Creating an Item for a User

Last updated 7 years ago

pre-flight error
OPTIONS
screenshot