Create a login application using the frontend using React, the backend using Express, and the passport GoogleOauth 2.0.
Google auth allows for login, however the req.user is not saved in the system. Following the initial login, the req.isAuthenticated is likewise false. Here is my code for the auth/google/callback and the session. Please point out the mistakes I’m doing to me.
const express = require("express");
const helmet = require("helmet");
const cors = require("cors");
const passport = require("passport");
// const AuthuRouter = require("./src/routes/user/auth.router");
const StoreRouter = require("./src/routes/store/store.router");
const mongoose = require("mongoose");
const session = require("express-session");
const rateLimit = require("express-rate-limit");
const GoogleStrategy = require("passport-google-oauth20").Strategy;
// const passport = require("./src/configs/passport");
const { isAuthorized, isAuthenticat } = require("./src/middleware/auth");
const User = require("./src/routes/user/user.model");
require("dotenv").config();
const app = express();
app.use(helmet());
app.use(
cors({
origin: "http://localhost:5173",
credentials: true,
})
);
app.use(express.json()); /
app.use(
session({
secret: process.env.COOKIE_KEY,
resave: false,
saveUninitialized: false,
cookie: {
secure: false,
maxAge: 24 * 60 * 60 * 1000,
sameSite: "None",
},
})
);
// Passport initialization
app.use(passport.initialize());
app.use(passport.session());
app.use((req, res, next) => {
console.log("middle ware");
next();
});
// Rate limiting
const limiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100, // limit each IP to 100 requests per windowMs
});
// Applying rate limiting to all routes
app.use(limiter);
passport.use(
new GoogleStrategy(
{
clientID: process.env.GOOGLE_CLIENT_ID,
clientSecret: process.env.GOOGLE_CLIENT_SECRET,
callbackURL: "/auth/google/callback",
},
async (token, tokenSecret, profile, done) => {
try {
// Check if user already exists in database
let user = await User.findOne({
email: profile.emails[0].value,
}).select("email accessRights name _id");
// console.log(user);
if (!user) {
return done(null, false, {
message:
"Email not registered. Please use a registered email or sign up.",
});
}
return done(null, user);
} catch (err) {
return done(err, null);
}
}
)
);
// Serialize user into the sessions
passport.serializeUser((user, done) => {
done(null, user._id); // Store only the user ID in the session
});
// Deserialize user from the sessions
passport.deserializeUser(async (id, done) => {
try {
const user = await User.findById(id).select("email accessRights name _id");
done(null, user); // Attach the user object to req.user
} catch (err) {
done(err, null);
}
});
// Session setup
// MongoDB connection
mongoose.connect(process.env.MONGO_URI);
// Routes
// Session status route
app.get(
"/signin",
passport.authenticate("google", {
scope: ["email"],
})
);
// Google OAuth callback
app.get(
"/auth/google/callback",
passport.authenticate("google", {
failureRedirect: "/auth/signin",
}),
(req, res) => {
console.log("callback");
// console.log(req.user);
if (req.user) {
req.session.user = req.user;
req.session.regenerate(function (err) {
if (err) next(err);
req.session.user = req.user;
req.session.save(function (err) {
console.log(req.isAuthenticated());
if (err) return next(err);
return res.redirect(`http://localhost:5173/dashboard`);
});
});
// res.json({ user: req.user });
// res.redirect(`http://localhost:5173/dashboard`);
} else {
res.status(401).json({ message: "No user logged in" });
}
}
);
// Logout
// Logout
app.get("/logout", (req, res) => {
req.session.user = null;
req.logout((err) => {
if (err) {
// Handle error if logout fails
return res.status(500).json({ message: "Logout failed" });
}
req.session.destroy((err) => {
if (err) {
// Handle error if session destruction fails
return res.status(500).json({ message: "Failed to destroy session" });
}
res.clearCookie("connect.sid"); // This is the default cookie name for express-session
res.save.regenerate(function (err) {
if (err) next(err);
res.redirect("/auth/signin?message=Logged out successfully");
});
res.redirect("/auth/signin?message=Logged out successfully");
});
});
});