All geek questions in one place

Token storage from w / Express http-proxy API

I create a universal React application and use this project as a base. I have successfully proxied requests (using http-proxy ) on my Laravel server. However, I am new to Nodejs, and I do not know what is the best method to securely store JWT from a proxy server for a client.

My initial thought was to store the token in localStorage, but the problem is that the express server does not have access to it. So my next guess is to store it as a cookie, but I'm not sure how to store it on the client or include it as a header for all outgoing requests (in addition, I most likely will need some kind of csrf middleware).

So, how can I manipulate the response from my api server to put the token in the cookie that is installed on the client, and then use it as a carrier token for all api requests?

// server.js
const targetUrl = 'http://' + config.apiHost + ':' + config.apiPort;
const app = new Express();
const server = new http.Server(app);

const proxy = httpProxy.createProxyServer({
  target: targetUrl,
  changeOrigin: true
});

// Proxy to Auth endpoint
app.use('/auth', (req, res) => {
  // on a successful login, i want to store the token as a cookie
  proxy.web(req, res, {target: targetUrl});
});

// Proxy to api endpoint
app.use('/api', (req, res) => {
  // use the token in the cookie, and add it as a authorization header in the response
  proxy.web(req, res, {target: targetUrl});
});
+4
source share
1 answer

Given that the response from the auth endpoint in laravel is as follows:

{ 
    "token" : "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ"
}

This code will do what you want:

// server.js
const targetUrl = 'http://' + config.apiHost + ':' + config.apiPort;
const Express = require('express');
const http = require('http');
const httpProxy = require('http-proxy');
const app = new Express();
const server = new http.Server(app);
const Cookies = require( "cookies" )

const proxy = httpProxy.createProxyServer({
  target: targetUrl,
  changeOrigin: true
});

// Proxy to Auth endpoint
app.use('/auth', (req, res) => {
  // on a successful login, i want to store the token as a cookie
  // this is done in the proxyRes
  proxy.web(req, res, {target: targetUrl});
});

// Proxy to api endpoint
app.use('/api', (req, res) => {
  // use the token in the cookie, and add it as a authorization header in the response
  var cookies = new Cookies( req, res )
  req.headers.authorization = "JWT " + cookies.get('jwt-token');
  proxy.web(req, res, {target: targetUrl});
});

proxy.on('proxyRes', function(proxyRes, req, res) {
    if (req.originalUrl === '/auth') {
        var cookies = new Cookies( req, res )
        var body = '';
        var _write = res.write;
        var _end = res.end;
        var _writeHead = res.writeHead;
        var sendHeader = false;

        res.writeHead = function () {
            if (sendHeader) {
                _writeHead.apply( this, arguments );
            }
        }
        res.write = function (data) {
            body += data;
        }
        res.end = function () {
            sendHeader = true;
            var parsed = JSON.parse(body);
            cookies.set('jwt-token', parsed.token);
            _write.apply(this, [ body ]);
            _end.apply(this, arguments);
        }

    }
});
+1
source

Source: https://habr.com/ru/post/1628906/

More articles:


All Articles