That’s my db session also passport.js configuration in index.js file:
<code>const connect = async () => {
try {
await mongoose.connect(process.env.DB_URL);
console.log("Connected to mongoDB.");
} catch (error) {
throw error;
}
};
// Configure session store
const sessionStore = new MongoStore({
uri: process.env.DB_URL,
collection: 'Sessions',
});
app.set('trust proxy', 1); // Trust first proxy
app.use(session({
secret: process.env.SESSION_SECRET,
resave: false,
saveUninitialized: false,
store: sessionStore,
cookie: {
secure: true,
httpOnly: true,
sameSite: 'none',
domain: 'example.com',
path: '/',
maxAge: 1000 * 60 * 5, // 5 minutes
},
}));
app.use(passport.initialize());
app.use(passport.session());
app.use(cors({
origin: 'https://example.com',
credentials: true,
}));
require("./src/config/passportLocal")(passport)
</code>
<code>const connect = async () => {
try {
await mongoose.connect(process.env.DB_URL);
console.log("Connected to mongoDB.");
} catch (error) {
throw error;
}
};
// Configure session store
const sessionStore = new MongoStore({
uri: process.env.DB_URL,
collection: 'Sessions',
});
app.set('trust proxy', 1); // Trust first proxy
app.use(session({
secret: process.env.SESSION_SECRET,
resave: false,
saveUninitialized: false,
store: sessionStore,
cookie: {
secure: true,
httpOnly: true,
sameSite: 'none',
domain: 'example.com',
path: '/',
maxAge: 1000 * 60 * 5, // 5 minutes
},
}));
app.use(passport.initialize());
app.use(passport.session());
app.use(cors({
origin: 'https://example.com',
credentials: true,
}));
require("./src/config/passportLocal")(passport)
</code>
const connect = async () => {
try {
await mongoose.connect(process.env.DB_URL);
console.log("Connected to mongoDB.");
} catch (error) {
throw error;
}
};
// Configure session store
const sessionStore = new MongoStore({
uri: process.env.DB_URL,
collection: 'Sessions',
});
app.set('trust proxy', 1); // Trust first proxy
app.use(session({
secret: process.env.SESSION_SECRET,
resave: false,
saveUninitialized: false,
store: sessionStore,
cookie: {
secure: true,
httpOnly: true,
sameSite: 'none',
domain: 'example.com',
path: '/',
maxAge: 1000 * 60 * 5, // 5 minutes
},
}));
app.use(passport.initialize());
app.use(passport.session());
app.use(cors({
origin: 'https://example.com',
credentials: true,
}));
require("./src/config/passportLocal")(passport)
`
I have a route like that:
<code>app.use("/api/v1/auth", authRoute);
</code>
<code>app.use("/api/v1/auth", authRoute);
</code>
app.use("/api/v1/auth", authRoute);
`
That’s my login method in authRoute file
<code>router.post("/login", checkUnLogin, validateSignin, login)
</code>
<code>router.post("/login", checkUnLogin, validateSignin, login)
</code>
router.post("/login", checkUnLogin, validateSignin, login)
`
That’s my login controller method
<code>const login = async (req, res, next) => {
passport.authenticate('local', (err, user, info) => {
if (err) {
console.error(err);
return res.status(500).json({ error: 'An error occurred during authentication.' });
}
if (!user) {
return res.status(401).json(info); // Pass along the error message from LocalStrategy
}
req.login(user, (loginErr) => {
if (loginErr) {
console.error(loginErr);
return res.status(500).json({ error: 'An error occurred during login.' });
}
return res.status(200).json({ success: 'User has been logged in successfully!', img: user.img });
});
})(req, res, next);
};
</code>
<code>const login = async (req, res, next) => {
passport.authenticate('local', (err, user, info) => {
if (err) {
console.error(err);
return res.status(500).json({ error: 'An error occurred during authentication.' });
}
if (!user) {
return res.status(401).json(info); // Pass along the error message from LocalStrategy
}
req.login(user, (loginErr) => {
if (loginErr) {
console.error(loginErr);
return res.status(500).json({ error: 'An error occurred during login.' });
}
return res.status(200).json({ success: 'User has been logged in successfully!', img: user.img });
});
})(req, res, next);
};
</code>
const login = async (req, res, next) => {
passport.authenticate('local', (err, user, info) => {
if (err) {
console.error(err);
return res.status(500).json({ error: 'An error occurred during authentication.' });
}
if (!user) {
return res.status(401).json(info); // Pass along the error message from LocalStrategy
}
req.login(user, (loginErr) => {
if (loginErr) {
console.error(loginErr);
return res.status(500).json({ error: 'An error occurred during login.' });
}
return res.status(200).json({ success: 'User has been logged in successfully!', img: user.img });
});
})(req, res, next);
};
`
Also it’s my passportLocal configuration:
<code>const passport = require('passport');
const LocalStrategy = require('passport-local').Strategy;
const bcrypt = require('bcrypt');
const User = require("../model/User");
module.exports = function(passport) {
passport.use(new LocalStrategy(
async (username, password, done) => {
try {
const user = await User.findOne({ username: username });
if (!user) {
return done(null, false, { message: 'Incorrect username.' });
}
const isMatch = await bcrypt.compare(password, user.password);
if (!isMatch) {
return done(null, false, { message: 'Incorrect password.' });
}
if (!user.emailVerified) {
return done(null, false, { message: 'Email not verified.' });
}
return done(null, user);
} catch (err) {
return done(err);
}
}
));
passport.serializeUser((user, done) => {
done(null, user.id);
});
passport.deserializeUser(async (id, done) => {
try {
const user = await User.findById(id);
done(null, user);
} catch (err) {
done(err);
}
});
};
</code>
<code>const passport = require('passport');
const LocalStrategy = require('passport-local').Strategy;
const bcrypt = require('bcrypt');
const User = require("../model/User");
module.exports = function(passport) {
passport.use(new LocalStrategy(
async (username, password, done) => {
try {
const user = await User.findOne({ username: username });
if (!user) {
return done(null, false, { message: 'Incorrect username.' });
}
const isMatch = await bcrypt.compare(password, user.password);
if (!isMatch) {
return done(null, false, { message: 'Incorrect password.' });
}
if (!user.emailVerified) {
return done(null, false, { message: 'Email not verified.' });
}
return done(null, user);
} catch (err) {
return done(err);
}
}
));
passport.serializeUser((user, done) => {
done(null, user.id);
});
passport.deserializeUser(async (id, done) => {
try {
const user = await User.findById(id);
done(null, user);
} catch (err) {
done(err);
}
});
};
</code>
const passport = require('passport');
const LocalStrategy = require('passport-local').Strategy;
const bcrypt = require('bcrypt');
const User = require("../model/User");
module.exports = function(passport) {
passport.use(new LocalStrategy(
async (username, password, done) => {
try {
const user = await User.findOne({ username: username });
if (!user) {
return done(null, false, { message: 'Incorrect username.' });
}
const isMatch = await bcrypt.compare(password, user.password);
if (!isMatch) {
return done(null, false, { message: 'Incorrect password.' });
}
if (!user.emailVerified) {
return done(null, false, { message: 'Email not verified.' });
}
return done(null, user);
} catch (err) {
return done(err);
}
}
));
passport.serializeUser((user, done) => {
done(null, user.id);
});
passport.deserializeUser(async (id, done) => {
try {
const user = await User.findById(id);
done(null, user);
} catch (err) {
done(err);
}
});
};
`
When I run this application in localhost everything is okay.
but I have deployed API also frontend(React.js).
after login in production I send request to the /auth/test route
<code>{
"isAuthenticated": false,
"user": "User yoxdu",
"session": {
"cookie": {
"originalMaxAge": 300000,
"expires": "2024-05-19T20:21:58.010Z",
"secure": true,
"httpOnly": true,
"domain": "example.com",
"path": "/",
"sameSite": "none"
}
}
}
req.user is not defined but in my DB session created
</code>
<code>{
"isAuthenticated": false,
"user": "User yoxdu",
"session": {
"cookie": {
"originalMaxAge": 300000,
"expires": "2024-05-19T20:21:58.010Z",
"secure": true,
"httpOnly": true,
"domain": "example.com",
"path": "/",
"sameSite": "none"
}
}
}
req.user is not defined but in my DB session created
</code>
{
"isAuthenticated": false,
"user": "User yoxdu",
"session": {
"cookie": {
"originalMaxAge": 300000,
"expires": "2024-05-19T20:21:58.010Z",
"secure": true,
"httpOnly": true,
"domain": "example.com",
"path": "/",
"sameSite": "none"
}
}
}
req.user is not defined but in my DB session created
Backend and Frontend are HTTPS also cors configuration is okay there is not problem in there