README.md
Rendering markdown...
const express = require("express");
const fs = require("fs");
const { createSigner, createVerifier } = require("fast-jwt");
const app = express();
app.use(express.json());
// Load PKCS#1 keys
const privateKey = fs.readFileSync("./keys/private.pem");
const publicKey = fs.readFileSync("./keys/public.pem");
// Signer dùng RS256 (an toàn)
const signSync = createSigner({
algorithm: "RS256",
key: privateKey,
});
// Hàm verify không check algorithm gây lỗi
const verifySync = createVerifier({
key: publicKey
});
app.get("/generateToken", (req, res) => {
const token = signSync({ admin: false, user: "cuong" });
res.json({ token });
});
app.get("/admin", (req, res) => {
try {
const auth = req.headers.authorization;
if (!auth) return res.status(401).send("Missing token");
const token = auth.split(" ")[1];
const payload = verifySync(token);
if (payload.admin === true) {
return res.json({
status: 200,
message: "Welcome Admin!",
data: payload,
});
}
return res.json({
status: 403,
message: "You are not admin",
data: payload,
});
} catch (err) {
return res.status(401).send("Invalid Token");
}
});
app.listen(3000, () => {
console.log("Server running at http://localhost:3000");
});