JWT verify token feature added to all routes

anijitsao · anijitsao · commit 1359ce46d12a · 2022-06-22T19:13:02.000+05:30
diff --git a/src/helpers/jwtHelper.js b/src/helpers/jwtHelper.js
@@ -15,4 +15,28 @@ const createToken = (payload) => {
   return token;
 };
 
-export { createToken };
+const verifyToken = (event) => {
+  const token = extractToken(event);
+  try {
+    const decoded = verify(token, process.env.JWT_SECRET);
+
+    // if the token has the correct data it is passed
+    if (decoded.username === "anijit123") {
+      return true;
+    }
+    return false;
+  } catch (error) {
+    return false;
+  }
+};
+
+const extractToken = (event) => {
+  const { headers } = event;
+  const tokenExtracted = headers.authorization
+    ? headers.authorization.replace("Bearer ", "")
+    : "";
+
+  return tokenExtracted;
+};
+
+export { createToken, verifyToken };
diff --git a/src/helpers/sendResponse.js b/src/helpers/sendResponse.js
@@ -1,6 +1,6 @@
 export function sendResponse(statusCode, responseBody, jwtToken) {
   const headers = {
-    "Content-type": "application/json",
+    "content-type": "application/json",
     "x-xss-protection": "1; mode=block",
     "x-frame-options": "DENY",
     "content-security-policy":
diff --git a/src/services/userService.js b/src/services/userService.js
@@ -5,13 +5,27 @@ import {
   deleteUserFromDB,
   updateUserToDB,
 } from "../dbRelated/userdbOps.js";
+
 import { sendResponse } from "../helpers/sendResponse.js";
+import { verifyToken } from "../helpers/jwtHelper.js";
 
 const getAllUsersHandler = async (event) => {
+  const verified = verifyToken(event);
+  if (!verified) {
+    return sendResponse(process.env.ERROR_FORBIDDEN_CODE, {
+      message: "Token validation error",
+    });
+  }
   return getAllUsers();
 };
 
 const addUserHandler = async (event) => {
+  const verified = verifyToken(event);
+  if (!verified) {
+    return sendResponse(process.env.ERROR_FORBIDDEN_CODE, {
+      message: "Token validation error",
+    });
+  }
   const reqBody = event?.body && JSON.parse(event.body);
 
   // if the request body contains nothing
@@ -24,6 +38,12 @@ const addUserHandler = async (event) => {
 };
 
 const deleteUserHandler = async (event) => {
+  const verified = verifyToken(event);
+  if (!verified) {
+    return sendResponse(process.env.ERROR_FORBIDDEN_CODE, {
+      message: "Token validation error",
+    });
+  }
   // extracting the recordId from query string
   const recordId = event?.queryStringParameters?.recordId;
 
@@ -37,10 +57,15 @@ const deleteUserHandler = async (event) => {
 };
 
 const updateUserHandler = async (event) => {
+  const verified = verifyToken(event);
+  if (!verified) {
+    return sendResponse(process.env.ERROR_FORBIDDEN_CODE, {
+      message: "Token validation error",
+    });
+  }
   const reqBody = event.body && JSON.parse(event.body);
-
   const { updateId, updateDoc } = reqBody;
-  
+
   // if update parameters are missing
   if (!updateId || !updateDoc || Object.keys(updateDoc).length === 0) {
     return sendResponse(process.env.ERROR_CODE, {
