DEV Community

Cover image for JWT HonoJs, membuat authorization sederhana
Mashofa
Mashofa

Posted on

JWT HonoJs, membuat authorization sederhana

Pada kesempatan ini saya ingin eksplorasi dengan membuat JWT sederhana yang memiliki dua role yaitu user dan admin. dimana admin bisa mengakses endpoint /admin/jadwal sementara user tidak bisa.

Berikut adalah kode dari file middleware.ts

// middleware.ts
import { Context, Next } from "hono";
import { verify } from "hono/jwt";
import { Variables } from "hono/types";

export const SECRET = "inirahasia"

export async function authMiddleWare(c: Context, next: Next){
    const auth = c.req.header('Authorization');
    if(!auth?.startsWith('Bearer ')) return c.json({error: 'Unauthoriztaion'}, 401); // cek ketersediaan auth

    const token = auth.split(' ')[1] // mengambil token

    try {
        const decoded = verify(token, SECRET) 
        c.set('jwtPayload', decoded)
        await next();
    } catch (error) {
        return c.json({error: 'Invalid token'}, 401)
    }
}

// fungsi untuk memberikan akses pada role tertentu
export function withRoles(roles: string[]) {
    return async function (c: Context<Variables>, next: Next) {
        const payload = await c.get('jwtPayload')
        console.warn(payload);
        if(!roles.includes(payload.role)) return c.json({error: 'Access denied'}, 403);
        await next()
    }
}
Enter fullscreen mode Exit fullscreen mode

dan dibawah ini adalah file index.ts


import { Hono} from "hono";
import { sign } from "hono/jwt";
import type { JwtVariables } from "hono/jwt";
import { authMiddleWare, SECRET, withRoles } from "./middleware";
import { IUserPayload } from "./type";
// type Variables = JwtVariables;

const app = new Hono();
const fakeUser: IUserPayload[] = [
  {
    id: 1,
    username: "admin",
    password: "123456",
    role: "admin",
  },
  {
    id: 2,
    username: "user",
    password: "abcdef",
    role: "user",
  },
];

//auth 
app.post("/login", async (c) => {
  const {username, password } = await c.req.json()

  const user = fakeUser.find((u) => u.username === username && u.password === password)
  if(!user) return c.json({error: "Invalid"}, 401)

  const payload= {
    id: user.id,
    username: user.username,
    password: user.password,
    role: user.role,
    exp: Math.floor(Date.now() / 1000) + 60 * 60
  }
  const token = await sign(payload,SECRET)
  return c.json({token})

})


// Public
app.get("/", (c) => c.text("Hello from Hono + JWT"));
app.get("/jadwal", authMiddleWare, (c) => {
  return c.json({message: "Hallo semua "})
})
app.get("/admin/jadwal", authMiddleWare, withRoles(['admin']) ,(c) => {
  return c.json({message: "Hello admin "})
})

export default app;
Enter fullscreen mode Exit fullscreen mode

Dokumentasi JWT hono

Top comments (0)