Full Workflow: JWT Authentication with Passport.js
🔄 Full Workflow: JWT Authentication with Passport.js
📌 1. User Registration (POST /register)
* Client user info পাঠায় (username, password)* Server:
Check করে user আগে থেকেই আছে কিনা
না থাকলে bcrypt দিয়ে password hash করে DB-তে save করে
📌 2. User Login (POST /login)
* Client username এবং password পাঠায়* Server:
username দেখে user খুঁজে পায়
bcrypt দিয়ে password match করে
Match হলে JWT token তৈরি করে
✅ JWT token তৈরি হয়:
jwt.sign(payload, secret_key, { expiresIn: "2D" })
Client-কে পাঠানো হয়:
"token": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6Ikp..."
📌 3. Client Stores Token
- Client-side (browser / Postman) এই token LocalStorage, SessionStorage বা Authorization Header এ রাখে।
📌 4. Protected Route Access (GET /profile)
- Client request পাঠায়:
GET /profile
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI...
-
Server:
passport.authenticate("jwt", { session: false })middleware চালায়-
JWT token থেকে payload extract করে
-
DB থেকে user খুঁজে পায় এবং req.user এ সেট করে
📌 5. Return Protected Data
- যদি token valid হয়, তাহলে response দেয়:
{
"message": "My Profile",
"username": "Ali Haidar"
}
না হলে error: Unauthorized (401)
📂 Files Overview
✅ app.js
app.use(passport.initialize());
✅ passport.js
passport.use(new JwtStrategy(opts, async (jwt_payload, done) => {
const user = await userCollection.findById(jwt_payload.id);
if (user) return done(null, user);
return done(null, false);
}));
✅ controller/user.controller.js
postRegister → save user
-
postLogin → create token
✅ route/user.route.js
router.get('/profile', passport.authenticate('jwt', { session: false }), (req, res) => {
res.json({ username: req.user.username });
});
🔐 Bonus: Token Verify Manually (for test/debug)
let decoded = jwt.verify(token, process.env.SECRET_KEY);
console.log(decoded); // { id: ..., username: ..., iat: ..., exp: ... }