DEV Community

Cover image for JWT HonoJs, membuat authorization sederhana
Mashofa
Mashofa

Posted on

JWT HonoJs, membuat authorization sederhana

#jwt #honojs

Pada kesempatan ini saya ingin eksplorasi dengan membuat JWT sederhana yang memiliki dua role yaitu user dan admin. dimana admin bisa mengakses endpoint /admin/jadwal sementara user tidak bisa.

Berikut adalah kode dari file middleware.ts

// middleware.ts
import { Context, Next } from "hono";
import { verify } from "hono/jwt";
import { Variables } from "hono/types";

export const SECRET = "inirahasia"

export async function authMiddleWare(c: Context, next: Next){
    const auth = c.req.header('Authorization');
    if(!auth?.startsWith('Bearer ')) return c.json({error: 'Unauthoriztaion'}, 401); // cek ketersediaan auth

    const token = auth.split(' ')[1] // mengambil token

    try {
        const decoded = verify(token, SECRET) 
        c.set('jwtPayload', decoded)
        await next();
    } catch (error) {
        return c.json({error: 'Invalid token'}, 401)
    }
}

// fungsi untuk memberikan akses pada role tertentu
export function withRoles(roles: string[]) {
    return async function (c: Context<Variables>, next: Next) {
        const payload = await c.get('jwtPayload')
        console.warn(payload);
        if(!roles.includes(payload.role)) return c.json({error: 'Access denied'}, 403);
        await next()
    }
}
Enter fullscreen mode Exit fullscreen mode

dan dibawah ini adalah file index.ts


import { Hono} from "hono";
import { sign } from "hono/jwt";
import type { JwtVariables } from "hono/jwt";
import { authMiddleWare, SECRET, withRoles } from "./middleware";
import { IUserPayload } from "./type";
// type Variables = JwtVariables;

const app = new Hono();
const fakeUser: IUserPayload[] = [
  {
    id: 1,
    username: "admin",
    password: "123456",
    role: "admin",
  },
  {
    id: 2,
    username: "user",
    password: "abcdef",
    role: "user",
  },
];

//auth 
app.post("/login", async (c) => {
  const {username, password } = await c.req.json()

  const user = fakeUser.find((u) => u.username === username && u.password === password)
  if(!user) return c.json({error: "Invalid"}, 401)

  const payload= {
    id: user.id,
    username: user.username,
    password: user.password,
    role: user.role,
    exp: Math.floor(Date.now() / 1000) + 60 * 60
  }
  const token = await sign(payload,SECRET)
  return c.json({token})

})


// Public
app.get("/", (c) => c.text("Hello from Hono + JWT"));
app.get("/jadwal", authMiddleWare, (c) => {
  return c.json({message: "Hallo semua "})
})
app.get("/admin/jadwal", authMiddleWare, withRoles(['admin']) ,(c) => {
  return c.json({message: "Hello admin "})
})

export default app;
Enter fullscreen mode Exit fullscreen mode

Dokumentasi JWT hono

Top comments (0)