Pada kesempatan ini saya ingin eksplorasi dengan membuat JWT sederhana yang memiliki dua role yaitu user dan admin. dimana admin bisa mengakses endpoint /admin/jadwal
sementara user tidak bisa.
Berikut adalah kode dari file middleware.ts
// middleware.ts
import { Context, Next } from "hono";
import { verify } from "hono/jwt";
import { Variables } from "hono/types";
export const SECRET = "inirahasia"
export async function authMiddleWare(c: Context, next: Next){
const auth = c.req.header('Authorization');
if(!auth?.startsWith('Bearer ')) return c.json({error: 'Unauthoriztaion'}, 401); // cek ketersediaan auth
const token = auth.split(' ')[1] // mengambil token
try {
const decoded = verify(token, SECRET)
c.set('jwtPayload', decoded)
await next();
} catch (error) {
return c.json({error: 'Invalid token'}, 401)
}
}
// fungsi untuk memberikan akses pada role tertentu
export function withRoles(roles: string[]) {
return async function (c: Context<Variables>, next: Next) {
const payload = await c.get('jwtPayload')
console.warn(payload);
if(!roles.includes(payload.role)) return c.json({error: 'Access denied'}, 403);
await next()
}
}
dan dibawah ini adalah file index.ts
import { Hono} from "hono";
import { sign } from "hono/jwt";
import type { JwtVariables } from "hono/jwt";
import { authMiddleWare, SECRET, withRoles } from "./middleware";
import { IUserPayload } from "./type";
// type Variables = JwtVariables;
const app = new Hono();
const fakeUser: IUserPayload[] = [
{
id: 1,
username: "admin",
password: "123456",
role: "admin",
},
{
id: 2,
username: "user",
password: "abcdef",
role: "user",
},
];
//auth
app.post("/login", async (c) => {
const {username, password } = await c.req.json()
const user = fakeUser.find((u) => u.username === username && u.password === password)
if(!user) return c.json({error: "Invalid"}, 401)
const payload= {
id: user.id,
username: user.username,
password: user.password,
role: user.role,
exp: Math.floor(Date.now() / 1000) + 60 * 60
}
const token = await sign(payload,SECRET)
return c.json({token})
})
// Public
app.get("/", (c) => c.text("Hello from Hono + JWT"));
app.get("/jadwal", authMiddleWare, (c) => {
return c.json({message: "Hallo semua "})
})
app.get("/admin/jadwal", authMiddleWare, withRoles(['admin']) ,(c) => {
return c.json({message: "Hello admin "})
})
export default app;
Top comments (0)