anomic30 · detronetdip · Sep 24, 2022 · Sep 24, 2022 · Sep 24, 2022 · Sep 24, 2022
diff --git a/client/src/pages/home/Home.jsx b/client/src/pages/home/Home.jsx
@@ -47,9 +47,9 @@ function Home() {
 
     //upload files to server
     Axios.post(`${process.env.REACT_APP_SERVER_URL}/api/upload`, formData, {
+      withCredentials:true,
       headers: {
         'Content-Type': 'multipart/form-data',
-        'Authorization': 'Bearer ' + window.localStorage.getItem("didToken")
       }
     })
       .then(res => {

diff --git a/server/index.js b/server/index.js
@@ -25,6 +25,7 @@ const app = express();
 app.use(cors());
 app.use(morgan('dev'))
 app.use(express.json());
+app.use(cookieParser());
 app.use(express.urlencoded({ extended: true }));
 app.use(fileUpload()); 
 app.use(limiter);

diff --git a/server/middlewares/authenticate.js b/server/middlewares/authenticate.js
@@ -0,0 +1,15 @@
+const { Magic } = require("@magic-sdk/admin");
+const magic = new Magic(process.env.MAGIC_SECRET_KEY);
+
+const authenticate = async (req, res, next) => {
+  console.log("Auth middleware 2 called");
+  try {
+    const { didToken } = req.cookies;
+    await magic.token.validate(didToken);
+    next();
+  } catch (error) {
+    return res.status(401).json({ error: error.message });
+  }
+};
+
+module.exports = authenticate;
diff --git a/server/package-lock.json b/server/package-lock.json
diff --git a/server/package.json b/server/package.json
@@ -15,6 +15,7 @@
   "license": "ISC",
   "dependencies": {
     "@magic-sdk/admin": "^1.4.1",
+    "cookie-parser": "^1.4.6",
     "cors": "^2.8.5",
     "dotenv": "^16.0.1",
     "express": "^4.18.1",

diff --git a/server/routes/auth.js b/server/routes/auth.js
@@ -24,6 +24,7 @@ router.post('/api/user/create', authMiddleware, async (req, res, next) => {
     const magic_id = req.body.magic_id;
     const user_name = req.body.user_name;
     const email = req.body.email;
+    const didToken = req.headers.authorization.substring(7);
 
     if (!user_name || !magic_id || !email) {
         return next( new AppError("Missing required fields", 400));
@@ -43,6 +44,7 @@ router.post('/api/user/create', authMiddleware, async (req, res, next) => {
         })
         console.log("saving user")
         await user.save();
+        res.cookie('didToken',didToken,{httpOnly:true})
         return res.status(200).json({ message: "User created successfully" });
     }
     else {