I am using the repository of the following link:
Right after cloning the repository and trying to execute the login I get the error
"bad digest name"
That until now I have managed to solve by changing the following lines
export const secret: string = "RbBQqA6uF#ms%F8s7h*?@=95HUm&DGMDd6zLF74XzWQ6dtwXSJwBX#?gL2JWf!";
export const length: number = 128;
export const digest: string = "RbBQqA6uF#msRF8s";
for the following
export const secret: string = "RbBQqA6uF#ms%F8s7h*?@=95HUm&DGMDd6zLF74XzWQ6dtwXSJwBX#?gL2JWf!";
export const length: number = 512;
export const digest: string = "sha512";
After making the change I can "log in" but the value of the token in LocalStorage is undefined and when I try to run the protected API button the console sends the following message:
{"message": "Invalid token, please Log in first"}
This is the code of the protected.ts file
import { Router, Response, Request, NextFunction } from "express";
import { verify } from "jsonwebtoken";
import { secret } from "../config";
const protectedRouter: Router = Router();
protectedRouter.use((request: Request & { headers: { authorization: string } }, response: Response, next: NextFunction) => {
const token = request.headers.authorization;
verify(token, secret, function(tokenError) {
if (tokenError) {
return response.status(200).json({
message: "Invalid token, please Log in first"
});
}
next();
});
});
protectedRouter.get("/", (request: Request, response: Response) => {
response.json({
text: "Greetings, you have valid token.",
title: "Protected call"
});
});
export { protectedRouter }
The code for login.ts below:
import { Router, Request, Response, NextFunction } from "express";
import { randomBytes, pbkdf2 } from "crypto";
import { sign } from "jsonwebtoken";
import { secret, length, digest } from "../config";
const loginRouter: Router = Router();
const user = {
hashedPassword: "97fe86e10b558f6b0de6b20a4f22fae853bcce13723451999327976a2ca6fa4e7bb554c1cc0f262f8b0caa31ca967761" +
"a5d283aa140e0b1388dbbcb42d58a07576564eb32cdf9e090820f17b5595a9c50f53b584089cbef4788c088e7fc6181080ec7" +
"310b08edd3964d1a031aa1730b9d6a5ab91efea70e16350dd92d3f6c69e",
salt: "joH3RgPYTAgRy/+cBbQGwy26fZE/fmzbmw2/v/DLoJWvF8QAUuzvFFTp9xcvh9BBoxB0E1E6e7bL/Gc4s+aYHCrLwYebXLMx0" +
"P/VRWTPqvoUe7T1JrzCBdLK5yDvb5Vl2H5oB8hCe/Gb6fLP3/fQM7CKsAQJHJYwq8aj1N7ssjI=",
username: "john"
};
loginRouter.post("/signup", function (request: Request, response: Response, next: NextFunction) {
if (!request.body.hasOwnProperty("password")) {
let err = new Error("No password");
return next(err);
}
const salt = randomBytes(128).toString("base64");
pbkdf2(request.body.password, salt, 10000, length, digest, (err: Error, hash: Buffer) => {
response.json({
hashed: hash.toString("hex"),
salt: salt
});
});
});
// login method
loginRouter.post("/", function (request: Request, response: Response, next: NextFunction) {
pbkdf2(request.body.password, user.salt, 10000, length, digest, (err: Error, hash: Buffer) => {
if (err) {
console.log(err);
}
// check if password is active
if (hash.toString("hex") === user.hashedPassword) {
const token = sign({"user": user.username, permissions: []}, secret, { expiresIn: "7d" });
response.json({"jwt": token});
} else {
response.json({message: "Wrong password"});
}
});
});
export { loginRouter }