dineshkumar-mb / mern-authb Goto Github PK

implementing JWT authentication in a Node.js + Express.js API:

Install Dependencies: First, make sure you have Node.js and npm installed. Then, create a new Node.js project and install the necessary packages: npm install express jsonwebtoken

Create an Authentication Middleware: You’ll need a middleware function to verify JWT tokens. Here’s a simple example: JavaScript

const jwt = require('jsonwebtoken');

function authenticateToken(req, res, next) { const authHeader = req.headers['authorization']; const token = authHeader && authHeader.split(' ')[1]; // Extract the token from the Authorization header

if (token == null) {
    return res.sendStatus(401); // Unauthorized
}

jwt.verify(token, 'your-secret-key', (err, user) => {
    if (err) {
        return res.sendStatus(403); // Forbidden
    }
    req.user = user; // Attach the user object to the request
    next();
});

} Generate Tokens on Login: When a user logs in, generate a JWT token and send it back to the client: JavaScript

const token = jwt.sign({ username: 'user123' }, 'your-secret-key', { expiresIn: '1h' }); res.json({ token });

Protect Routes: Apply the authenticateToken middleware to routes that require authentication: JavaScript

app.get('/protected-route', authenticateToken, (req, res) => { // Access the user object from req.user res.json({ message: 'Welcome to the protected route!' }); }, Client-Side Usage: In your client application (e.g., React, Angular, or Vue), store the token (usually in local storage) and include it in the Authorization header for authenticated requests. Remember to replace 'your-secret-key' with a strong, unique secret key for signing and verifying tokens. Also, consider using environment variables for sensitive information.