├── .gitignore
├── LICENSE
├── README.md
├── index.html
├── package.json
└── server.js


/.gitignore:
--------------------------------------------------------------------------------
1 | node_modules
2 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | The MIT License (MIT)
 2 | 
 3 | Copyright (c) 2015 Chaofeng Zhou
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 
23 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # jquery-jwt-auth
 2 | 
 3 | run
 4 | 
 5 | ```
 6 | npm install
 7 | 
 8 | node server.js
 9 | ```
10 | 


--------------------------------------------------------------------------------
/index.html:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | <html>
 3 | 
 4 | <head>
 5 |   <meta http-equiv="content-type" content="text/html; charset=utf-8" />
 6 |   <title>Authentication</title>
 7 | </head>
 8 | 
 9 | <body>
10 |   <div>
11 |     <button id="test">Test Loggedin</button>
12 |     <button id="goodLogin">Good Login</button>
13 |     <button id="badLogin">Bad Login</button>
14 |     <button id="logout">Logout</button>
15 |   </div>
16 |   <script type="text/javascript" src="https://code.jquery.com/jquery-2.1.1.min.js"></script>
17 |   <script type="text/javascript">
18 |   $(document).ready(function() {
19 |     $('#test').click(function() {
20 |       $.ajax({
21 |         type: 'GET',
22 |         url: '/api/profile',
23 |         beforeSend: function(xhr) {
24 |           if (localStorage.token) {
25 |             xhr.setRequestHeader('Authorization', 'Bearer ' + localStorage.token);
26 |           }
27 |         },
28 |         success: function(data) {
29 |           alert('Hello ' + data.name + '! You have successfully accessed to /api/profile.');
30 |         },
31 |         error: function() {
32 |           alert("Sorry, you are not logged in.");
33 |         }
34 |       });
35 |     });
36 |     $('#goodLogin').click(function() {
37 |       $.ajax({
38 |         type: "POST",
39 |         url: "/login",
40 |         data: {
41 |           username: "john.doe",
42 |           password: "foobar"
43 |         },
44 |         success: function(data) {
45 |           localStorage.token = data.token;
46 |           alert('Got a token from the server! Token: ' + data.token);
47 |         },
48 |         error: function() {
49 |           alert("Login Failed");
50 |         }
51 |       });
52 |     });
53 |     $('#badLogin').click(function() {
54 |       $.ajax({
55 |         type: "POST",
56 |         url: "/login",
57 |         data: {
58 |           username: "john.doe",
59 |           password: "foobarfoobar"
60 |         },
61 |         success: function(data) {
62 |           alert("ERROR: it is not supposed to alert.");
63 |         },
64 |         error: function() {
65 |           alert("Login Failed");
66 |         }
67 |       });
68 |     });
69 |     $('#logout').click(function() {
70 |       localStorage.clear();
71 |     });
72 |   });
73 |   </script>
74 | </body>
75 | 
76 | </html>
77 | 


--------------------------------------------------------------------------------
/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "javascript-jwt-auth",
 3 |   "version": "1.0.0",
 4 |   "description": "This is a tutorial example for token authentication using vanilla javascript",
 5 |   "main": "server.js",
 6 |   "scripts": {
 7 |     "test": "npm install, node server.js",
 8 |     "start": "node server.js"
 9 |   },
10 |   "author": "Chaofeng Zhou",
11 |   "license": "MIT",
12 |   "dependencies": {
13 |     "body-parser": "^1.14.1",
14 |     "express": "^4.13.3",
15 |     "express-jwt": "^3.3.0",
16 |     "jsonwebtoken": "^5.4.1"
17 |   }
18 | }
19 | 


--------------------------------------------------------------------------------
/server.js:
--------------------------------------------------------------------------------
 1 | var express = require('express');
 2 | var bodyParser = require('body-parser');
 3 | var app = express();
 4 | var jwt = require('jsonwebtoken');  //https://npmjs.org/package/node-jsonwebtoken
 5 | var expressJwt = require('express-jwt'); //https://npmjs.org/package/express-jwt
 6 | 
 7 | var secret = 'This is the secret for signing tokens';
 8 | 
 9 | app.use(bodyParser.urlencoded({ extended: false }));
10 | app.use(bodyParser.json());
11 | app.use('/', express.static(__dirname + '/'));
12 | 
13 | app.post('/login', function(req, res) {
14 |   if (!(req.body.username === 'john.doe' && req.body.password === 'foobar')) {
15 |     res.status(401).send('Wrong user or password');
16 |     console.log('failed login');
17 |     return;
18 |   }
19 |   console.log('successful login');
20 |   // We are sending the profile inside the token
21 |   var token = jwt.sign({ firstname: 'John', lastname: 'Doe'}, secret, { expiresIn: 5 * 60 });
22 |   res.json({ token: token });
23 | });
24 | 
25 | // We are going to protect /api routes with JWT
26 | app.use('/api', expressJwt({secret: secret}));
27 | 
28 | app.use(function(err, req, res, next){
29 |   if (err.constructor.name === 'UnauthorizedError') {
30 |     res.status(401).send('Unauthorized');
31 |   }
32 | });
33 | 
34 | app.get('/api/profile', function (req, res) {
35 |   console.log('user ' + req.user.firstname + ' is calling /api/profile');
36 |   res.json({
37 |     name: req.user.firstname
38 |   });
39 | });
40 | 
41 | app.listen(8080, function () {
42 |   console.log('listening on http://localhost:8080');
43 | });
44 | 


--------------------------------------------------------------------------------