Repo to allocate NSAA web auth class examples
When a user has successfully authenticated himself with the local strategy, a token is created and signed with the jwtSecret of the server. If no cookie has been created yet, the server defines a new one with the JWT token on it and it is attached to the res object. The server then redirects to the root of the site to tell the fortune to the user. The cookie expires after the milliseconds on the global variable cookieExpire. When this happens, a message is registered on the log and also an alert pops up to the user using the webpage (i.e. "Your credentials have expired, please login again for more fortune").
Note: Now the cookie expires after 30 secs (for testing purposes), this time may be changed to match the JWT expire claim.
When a user provides the credentials, the JWTStrategy is used to authenticate. The configuration of that strategy is quite simple. It only needs the cookieExtractor function (that can be found ond passport.js docs) and the jwtSecret. Now, a browser providing a cookie with a valid JWT (i.e. verified by the server) is able to access the fortune teller without providing the login credentials. So the main page can be refreshed as many times as you want until the token expires.
The random fortune string generated by the server, the username of the authenticated user and the expire time of the cookie are available on the fortune teller html view and are used on it. This is possible by configuring express properly and using the res.render function.
The logout endpoint simply clears the cookie on the res object and also stops the timer counting the expire time. Also an information message is logged by the server.
For storing the user data, a MongoDB user model has been defined with Mongoose. This model hashes the introduced password before saving it on the database. It also has a pre method to validate the introduced password. The database is seeded with two users before running the server and the model is used on the LocalStrategy configuration in a quite simple way.