I have implemented a basic passport.js authentication on top of an expressJS/node application. The user auth is working fine, but I would like to be able to store specific additional data for each user, so that the frontend will appear differently depending on the specific data for each user (saving/deleting favorite images to each user’s account). However, I cannot access req.user or req.passport at any stage in my routing.
I’ve seen similar questions about req.user being undefined but not one specifically for this scenario. Below is the relevant code. Please let me know where I am going wrong. Thanks in advance!
server.js:
import "dotenv/config";
import express from "express";
import session from "express-session";
import cors from "cors";
import { dirname } from "path";
import path from "path";
import { fileURLToPath } from "url";
import homeRoute from "./backend/routes/home_route.js";
import API_route from "./backend/routes/api_route.js";
import userRoute from "./backend/routes/user_route.js"
import User from "./backend/models/user.js"
import passport from "passport";
import LocalStrategy from "passport-local";
import mongoose from "mongoose";
const PORT = process.env.PORT || 5050;
const app = express();
const __filename = fileURLToPath(import.meta.url);
const __dirname = dirname(__filename);
// connect DB
mongoose.connect("mongodb://localhost/5000");
// middlewares
app.use(cors({
credentials: true
}));
app.use(express.json());
app.use(express.urlencoded({ extended: true }));
app.use(session({
secret: "testUser",
resave: false,
saveUnitialized: false,
cookie: { secure: true }
}))
app.use(passport.initialize());
app.use(passport.session());
passport.use(new LocalStrategy(User.authenticate()));
passport.serializeUser(User.serializeUser());
passport.deserializeUser(User.deserializeUser());
// routing
app.use("/", homeRoute);
app.use("/api", API_route);
app.use("/user", userRoute);
//public
app.use(express.static(path.join(__dirname, "/frontend")));
//views
app.set("views", path.join(__dirname, "frontend/views"));
app.set("view engine", "ejs");
// start the express server
app.listen(PORT, () => {
console.log(`server listening on port ${PORT}`);
});
user.js:
import mongoose from "mongoose";
import { Schema } from "mongoose";
import PassportLocalMongoose from "passport-local-mongoose";
let newUser = new Schema({
username: {
type: String
},
password: {
type: String
},
favorites: {
type: Object
}
});
newUser.plugin(PassportLocalMongoose);
const User = mongoose.model("User", newUser);
export default User;
user_route.js:
import express from "express";
import User from "../models/user.js";
const router = express.Router();
// show signup page
router.get("/register", (req, res) => {
res.render("./user/register");
});
// handle user signup
router.post("/register", async (req, res) => {
const user = await User.create({
username: req.body.username,
password: req.body.password,
testString: 'test'
});
res.redirect('../../');
});
// show login
router.get("/login", (req, res)=> {
res.render("./user/login");
});
// handle user login
router.post("/login", async (req, res)=> {
try {
const user = await User.findOne( {username: req.body.username})
if (user) {
const result = req.body.password === user.password;
if (result) {
res.render("./user/secret");
console.log("user data:", req.user)
} else {
res.status(400).json({error: "password doesn't match"});
}
} else {
res.status(400).json({error: "user doesn't exist"});
}
} catch (error) {
res.status(400).json({error});
};
});
// successful login
router.get("/secret", isLoggedIn, (req, res)=> {
res.render("secret");
});
// handle user logout
router.get("/logout", (req, res)=> {
req.logout(function(err) {
if (err) return next(err);
res.redirect('../../');
});
});
// check if logged in
function isLoggedIn(req, res, next) {
if (req.isAuthenticated()) return next();
res.redirect("./user/login");
};
export default router;