search

kilkelly / react-passport-redux-example

Demonstration of PassportJS authentication in React w/ Redux.
MIT License
66 stars 12 forks source link

[Question] How I can authenticate API with current session? #4

Open himadridev opened 6 years ago

himadridev commented 6 years ago

First of all this NOT AN ISSUE but a QUESTION. I tried this example an learn many things as a beginner. Thanks!

I want to build a simple app with register user, login, and an authenticated API to get the secured data. Register the user and login work perfectly fine. And it stores in sessions collection in 

{
    "_id" : "rpDGJyqoo9H0sV-8kxT7Klt_te1SuTJL",
    "session" : "{\"cookie\":{\"originalMaxAge\":null,\"expires\":null,\"secure\":false,\"httpOnly\":true,\"path\":\"/\"},\"passport\":{\"user\":\"5a3794eb4d9427091875192a\"}}",
    "expires" : ISODate("2018-01-01T10:31:34.199Z")
}

And the /api/getallcategories API also has the sessionId in header as cookie:

screen shot 2017-12-18 at 5 08 22 pm

I want to make /api/getallcategories as a secure API. (If sessionId is not there header cookie send back Unauthorized). Or, If the current session is expired already I want to send back some response that logout the user in the Client?

How can I do this? Any Help.