update modules to new versions

Author: tienbku

README.md

@@ -14,6 +14,10 @@ The diagram shows flow of how we implement User Registration, User Login and Aut
 For more detail, please visit:
 > [Node.js Express Login and Registration example with JWT](https://www.bezkoder.com/node-js-express-login-example/)
 
+Front-end that works with this Node back-end:
+- [Angular 12](https://www.bezkoder.com/angular-12-jwt-auth-httponly-cookie/) / [Angular 13](https://www.bezkoder.com/angular-13-jwt-auth-httponly-cookie/) / [Angular 14](https://www.bezkoder.com/angular-14-jwt-auth/) / [Angular 15](https://www.bezkoder.com/angular-15-jwt-auth/) / [Angular 16](https://www.bezkoder.com/angular-16-jwt-auth/)
+- [React](https://www.bezkoder.com/react-login-example-jwt-hooks/) / [React Redux](https://www.bezkoder.com/redux-toolkit-auth/)
+
 ## More Practice:
 > [Build Node.js Rest APIs with Express, Sequelize & MySQL](https://www.bezkoder.com/node-js-express-sequelize-mysql/)
 
@@ -35,12 +39,10 @@ Associations:
 Deployment:
 > [Deploying/Hosting Node.js app on Heroku with MySQL database](https://www.bezkoder.com/deploy-node-js-app-heroku-cleardb-mysql/)
 
-Integration on same Server/Port:
-> [Integrate Angular 8 with Node.js Express](https://www.bezkoder.com/integrate-angular-8-node-js/)
-
-> [Integrate Angular 10 with Node.js Express](https://www.bezkoder.com/integrate-angular-10-node-js/)
+> [Docker Compose: Node.js Express and MySQL example](https://www.bezkoder.com/docker-compose-nodejs-mysql/)
 
-> [Integrate Angular 12 with Node.js Express](https://www.bezkoder.com/integrate-angular-12-node-js/)
+Integration on same Server/Port:
+> [Integrate Angular with Node.js Express](https://www.bezkoder.com/integrate-angular-12-node-js/)
 
 > [Integrate Vue with Node.js Express](https://www.bezkoder.com/serve-vue-app-express/)
 

app/controllers/auth.controller.js

@@ -61,9 +61,13 @@ exports.signin = async (req, res) => {
       });
     }
 
-    const token = jwt.sign({ id: user.id }, config.secret, {
-      expiresIn: 86400, // 24 hours
-    });
+    const token = jwt.sign({ id: user.id },
+                           config.secret,
+                           {
+                            algorithm: 'HS256',
+                            allowInsecureKeySizes: true,
+                            expiresIn: 86400, // 24 hours
+                           });
 
     let authorities = [];
     const roles = await user.getRoles();

app/middleware/authJwt.js

@@ -12,15 +12,17 @@ verifyToken = (req, res, next) => {
     });
   }
 
-  jwt.verify(token, config.secret, (err, decoded) => {
-    if (err) {
-      return res.status(401).send({
-        message: "Unauthorized!",
-      });
-    }
-    req.userId = decoded.id;
-    next();
-  });
+  jwt.verify(token,
+             config.secret,
+             (err, decoded) => {
+              if (err) {
+                return res.status(401).send({
+                  message: "Unauthorized!",
+                });
+              }
+              req.userId = decoded.id;
+              next();
+             });
 };
 
 isAdmin = async (req, res, next) => {

app/models/index.js

@@ -8,8 +8,6 @@ const sequelize = new Sequelize(
   {
     host: config.HOST,
     dialect: config.dialect,
-    operatorsAliases: false,
-
     pool: {
       max: config.pool.max,
       min: config.pool.min,
@@ -28,14 +26,10 @@ db.user = require("../models/user.model.js")(sequelize, Sequelize);
 db.role = require("../models/role.model.js")(sequelize, Sequelize);
 
 db.role.belongsToMany(db.user, {
-  through: "user_roles",
-  foreignKey: "roleId",
-  otherKey: "userId"
+  through: "user_roles"
 });
 db.user.belongsToMany(db.role, {
-  through: "user_roles",
-  foreignKey: "userId",
-  otherKey: "roleId"
+  through: "user_roles"
 });
 
 db.ROLES = ["user", "admin", "moderator"];

package.json

@@ -21,11 +21,11 @@
   "license": "ISC",
   "dependencies": {
     "bcryptjs": "^2.4.3",
-    "cookie-session": "^1.4.0",
+    "cookie-session": "^2.0.0",
     "cors": "^2.8.5",
-    "express": "^4.17.1",
-    "jsonwebtoken": "^8.5.1",
-    "mysql2": "^2.1.0",
-    "sequelize": "^6.11.0"
+    "express": "^4.18.2",
+    "jsonwebtoken": "^9.0.0",
+    "mysql2": "^2.3.3",
+    "sequelize": "^6.31.1"
   }
 }

server.js

@@ -5,6 +5,13 @@ const cookieSession = require("cookie-session");
 const app = express();
 
 app.use(cors());
+/* for Angular Client (withCredentials) */
+// app.use(
+//   cors({
+//     credentials: true,
+//     origin: ["http://localhost:8081"],
+//   })
+// );
 
 // parse requests of content-type - application/json
 app.use(express.json());
@@ -15,7 +22,7 @@ app.use(express.urlencoded({ extended: true }));
 app.use(
   cookieSession({
     name: "bezkoder-session",
-    secret: "COOKIE_SECRET", // should use as secret environment variable
+    keys: ["COOKIE_SECRET"], // should use as secret environment variable
     httpOnly: true,
     sameSite: 'strict'
   })