Álvaro P.
WWasp-lang
•Created by Álvaro P. on 3/29/2024 in #🙋questions
Best Practices for Implementing Auth System in Chrome Extension Connected to OpenSaaS
curl -v -X POST http://localhost:3000/api/generate-jwt \
-H "Content-Type: application/json" \
-d '{"username":"testuser","password":"verysecurepassword"}'
Note: Unnecessary use of -X or --request, POST is already inferred.
* Trying [::1]:3000...
* connect to ::1 port 3000 failed: Connection refused
* Trying 127.0.0.1:3000...
* Connected to localhost (127.0.0.1) port 3000
POST /api/generate-jwt HTTP/1.1 Host: localhost:3000 User-Agent: curl/8.4.0 Accept: / Content-Type: application/json Content-Length: 55< HTTP/1.1 404 Not Found < Access-Control-Allow-Origin: * < Date: Tue, 02 Apr 2024 05:29:02 GMT < Connection: keep-alive < Keep-Alive: timeout=5 < Content-Length: 0 < * Connection #0 to host localhost left intact
42 replies
WWasp-lang
•Created by Álvaro P. on 3/29/2024 in #🙋questions
Best Practices for Implementing Auth System in Chrome Extension Connected to OpenSaaS
// generateJwt.ts
import * as jwt from 'jsonwebtoken';
import { Request, Response } from 'express';
// Adjusted authenticateUser function to also return user ID upon successful authentication
async function authenticateUser(username: string, password: string): Promise<{ isAuthenticated: boolean; userId?: string }> {
// TODO: Implement actual user authentication logic here
// This should fetch the user's ID from the database based on the provided username and password
// For demonstration, assuming authentication is successful and returning a mock user ID
return { isAuthenticated: true, userId: 'user123' };
}
export async function generateJwt(req: Request, res: Response): Promise<void> {
const { username, password } = req.body;
try {
const authResult = await authenticateUser(username, password);
if (!authResult.isAuthenticated) {
res.status(401).json({ error: 'Invalid credentials' });
return;
}
// User payload for JWT
const userPayload = { username, userId: authResult.userId };
// Retrieve the secret key from environment variables
const secretKey = process.env.JWT_SECRET_KEY;
if (!secretKey) {
throw new Error('JWT secret key is missing');
}
// Token options
const options = { expiresIn: '1h' }; // Token expires in 1 hour
// Generate the JWT
const token = jwt.sign(userPayload, secretKey, options);
// Send the JWT back to the client
res.json({ token });
} catch (error) {
console.error('Error generating JWT token:', error);
res.status(500).json({ error: 'Internal server error' });
}
}42 replies
WWasp-lang
•Created by Álvaro P. on 3/29/2024 in #🙋questions
Best Practices for Implementing Auth System in Chrome Extension Connected to OpenSaaS
I'm having trouble with the /api/generate-jwt endpoint in my Wasp app. Although I've defined the endpoint in my main.wasp file and implemented the generateJwt function in TypeScript, when I test the endpoint with curl, it returns a 404 Not Found error. I've made sure to restart the Wasp server after making changes. Could someone help me understand why the endpoint might not be found, even though it's been defined? Here's how I've set up the API and function:
// main.wasp
api generateJwt {
fn: import { generateJwt } from "@src/server/api/generateJwt.js",
entities: [User],
httpRoute: (POST, "/api/generate-jwt")
}
The generateJwt.ts script is responsible for handling user authentication and JWT (JSON Web Token) creation in a Wasp application. It includes a mock authentication function that, for demonstration purposes, approves any login attempt and assigns a mock user ID. Upon successful authentication, it generates a JWT containing the user's username and user ID, signs it with a secret key retrieved from the environment, and sends the token back to the client.42 replies
WWasp-lang
•Created by Álvaro P. on 3/29/2024 in #🙋questions
Best Practices for Implementing Auth System in Chrome Extension Connected to OpenSaaS
Hi guys! Thanks for the answers.
After searching a lot, as @miho says that is the key.
The key is to generate a JWT key when the user logs in.
42 replies