The Startup

Get smarter at building your thing. Follow to join The Startup’s +8 million monthly readers & +772K followers.

Authentication

How to create login activity tracker using JWT in NodeJs

Divyansh Agarwal
The Startup
Published in
7 min readJun 20, 2020

--

About JWT

Problem with using Redis for storing tokens

Problem with using Session authentication

Solution

Let’s Begin!

├───.env
├───.gitignore
├───app.js
├───package-lock.json
├───package.json
├───sequelize.js
├───middlewares
│ ├───authenticateToken.js
│ └───blacklistToken.js
├───models
│ ├───BlacklistToken.js
│ ├───User.js
│ └───User_Login.js
├───routes
│ ├───loginUser.js
│ ├───registerUser.js
│ └───user_logins.js
└───utils
└───token.utils.js

Install the following dependencies

npm i express bcrypt bcryptjs cors dotenv morgan jsonwebtoken sequelize sequelize-cli pg helmet

package.json

package.json

App.js

Models

User Model

User Logins Model

User Logins Model

Blacklist Token Model

Blacklist Token Model

Sequelize Connection file

Sequelize Connection File
dialectOptions: {
"ssl": {
"require": true,
"rejectUnauthorized": false
}
}
Environment File for setting Database

Routes

Register Route

Register Route

Token Utils

Token Utils
const token_id = await customId({
user_id : req.auth.id,
date : Date.now(),
randomLength: 4
});
var ip = (req.headers['x-forwarded-for'] || '')   
.split(',').pop().trim() ||
req.connection.remoteAddress||
req.socket.remoteAddress ||
req.connection.socket.remoteAddress;
const user_logins=await User_Login.findAll({where:{ user_id:   
req.auth.id ,token_deleted:false, ip_address:ip, device:
req.headers["user-agent"]}});
user_logins.forEach(async(login) => {
if(login){
login.token_deleted=true;
await login.save()
}
});
const token = await User_Login.create({
user_id : req.auth.id,
token_id : token_id,
token_secret : token_secret ,
ip_address : ip ,
device : req.headers["user-agent"]
});
const token_user = { id:req.auth.id , token_id: token_id };
const accessToken = await jwt.sign(token_user,
process.env.ACCESS_TOKEN_SECRET);
sendToken: function(req, res) {          
const responseObject = { auth: true,
token: req.token,
message: 'user found & logged in'
};
return res.status(200).json(responseObject);
}
Final Environment File

Login Route

Login Route

Logout Route

Logout Route

Middlewares

AuthenticateToken Middleware

Authenticate Token Middleware
Blacklist.findOne({ where: {token: token } })     
.then((found) => {
if (found){
details={
"Status":"Failure",
"Details":'Token blacklisted. Cannot use this token.'
}
return res.status(401).json(details);
}
else {
jwt.verify(token, process.env.ACCESS_TOKEN_SECRET,
async (err, payload) => {
if (err)
return res.sendStatus(403);
if(payload){
const login = await User_Login.findOne({where:{
user_id : payload.id, token_id: payload.token_id}})
if(login.token_deleted==true){
const blacklist_token = Blacklist.create({
token:token
});
return res.sendStatus(401)
}
}
req.user = payload;
next();
});
}
});
jwt.verify(token, process.env.ACCESS_TOKEN_SECRET, 
async (err, payload) => {
if (err)
return res.sendStatus(403);
if(payload){
const login = await User_Login.findOne({where:{
user_id : payload.id, token_id: payload.token_id}})
if(login.token_deleted==true){
const blacklist_token = Blacklist.create({
token:token
});
return res.sendStatus(401)
}
}
req.user = payload;
next();
});

BlacklistToken Middleware

Blacklist Token Middleware

Manage Login Activity Routes

Manage Login Activity Routes

--

--

The Startup
The Startup

Published in The Startup

Get smarter at building your thing. Follow to join The Startup’s +8 million monthly readers & +772K followers.

Divyansh Agarwal
Divyansh Agarwal

Written by Divyansh Agarwal

I am an Innovator with lots of ideas in my mind to improve the world for better! Know more about me at https://divyanshagarwal.in .

Responses (1)