Hello. I tried to set up a json-server-auth API. I want a resource to only be modifiable by the owner so I used code 644 in the route. However, when I try to create a new resource of the kind with a logged user, including the token in the header as "'Authorization': 'Bearer xxx.xxx.xxx'" I get a "Forbidden" error. There is no information in the documentation about the creation of resources or how the permissions affect it (since the new element to be introduced has, technically, no userId when it is sent).

What's up!

I'm using Angular 8 with json-server -auth and got a problem with PUT method. Every time I send a PUT request to users collection, it changes user password. It seems to hashing again already hashed password.

I send a request like this:
this.httpClient .put<User>(this.databaseService.databaseURL + '/users/' + this.authService.getCurrentUserID(), JSON.stringify(updatedUserData), this.databaseService.httpOptions) .subscribe(res => console.log(res));

It sends all data correctly but the password.
I assume I've implemented it in the wrong way. Had anyone such a problem?

I've found out that to send a PUT request, the email and password must be sent as well so I can't skip changing them. What might be the best solution for this issue?

Code for this is in TODO comment, am I right ?
from code:

/**

• Patch and Put user
  */
  // TODO: create new access token when password or email changes

I followed the instructions in the documentation, but you're saying you can't find the express, and it's already installed too.

Did you have any idea how to proceed?

given: access token: xxx.xxx.xxx for user { "id": 1 }
when: curl -H "Authorization: Bearer xxx.xxx.xxx" -H "Content-Type: application/json" -d '{"text": "some text"}' http://localhost:3000/posts
expect: { "id": 1, "text": "some text", "userId": 1}
actual: { "id": 1, "text": "some text" }

Bonjour :)

I followed the documentation about the Permissions Rewriter but there seems to be an issue when I am requiring the module:

const { rewriter } = require('json-server-auth/guards');

Here is the whole code for your reference:

const jsonServer = require('json-server');
const auth = require('json-server-auth');
const { rewriter } = require('json-server-auth/guards');

const app = jsonServer.create();
const router = jsonServer.router('db.json');
const port = process.env.PORT || 3000;

// Bind the router db to the app
app.db = router.db;

// Permission rules
const rules = rewriter({
    users: 600,
    clients: 600,
    reports: 600
});

app.use(auth);
app.use(rules);
app.use(router);
app.listen(port);

What am I doing wrong?

hello, I use this, but found duplicate email and twice execute register, will get same email user

POST /register
{
  "email": "[email protected]",
  "password": "bestPassw0rd"
}

"users": [
    {
      "email": "[email protected]",
      "password": "$2a$10$q2ppGNFH3PcHQTJwF3nxh.IqMqGj27VHl3mtMMaC2.5HiNIC.fCl2",
      "id": 1
    },
    {
      "email": "[email protected]",
      "password": "$2a$10$QAn8/Y266yz6v9d8zdlka.EI3QVlmCGvnDqcitIRX49XLKkx1OhLi",
      "id": 2
    }

[email protected]
[email protected]

I got only accessToken in response

i'm running the JSON Server on glitch.com and i'm using postman to post the data and when i send the request nothing seemed to happen and i got the status 404 Not Found am i missing something or doing something wrong?

I want the ability to register a user based on other fields like username or phone number instead of email. How can I achieve that?

POST /register
{
  "username": "olivier",
  "password": "bestPassw0rd"
}

const path = require("path");
const express = require("express");
const app = express();
const DIR = "";
const PORT = 3000;
var jsonServer = require("json-server");
const auth = require("json-server-auth");

app.use("/", jsonServer.router("db.json"));
app.use(auth);

app.listen(PORT, () => console.log("server started on " + PORT));

old code without express
const jsonServer = require("json-server");
const auth = require("json-server-auth");

const app = jsonServer.create();
const router = jsonServer.router("db.json");
const middlewares = jsonServer.defaults();
const port = process.env.PORT || 3000;

const cors = require("cors"); // need to install cors

// /!\ Bind the router db to the app
app.db = router.db;
app.use(auth);
app.options("*", cors());

app.use(middlewares);
app.use(router);

app.listen(port);

I write rewrite rule as below.
(I want to allow just 600 permission for 'users')

==> users: 600

[try 1] - OK
get "my.domain/users

"Missing authorization header"

[try 2] - NOK
get "my.domain/666/users

[
{
"email": "[email protected]",
"password": "$2a$10$Ka37Uw7JptWA2bYH5FzqMe..eWiuS09B9Tul2FN1u0UqRaOfaElyy",
"id": 1
}
]

I've looked through the source code, but only can find a login, register, update and create.

How can I logout?

I used to work only with json-server but I need some authentification.
So I followed all the instructions from installing json-server-auth and creating db.json with users collections.
But when using POST /login or POST /users, I get an error.
What am I missing?

This is what I get in the console.

I’m having trouble with installation using npm install -D json-server-auth I have json-server already installed. I get an error: ENOENT: no such file or directory, chmod /Users/{username}/{myapp}/node_modules/json-server-auth/dist\bin.js seems to me that the reference to dist\bin.js might be the problem.

Using mac OS 10.15.3
Node v12.13.1
NPM v6.12.1

I tried removing node_modules, deleting package.lock.json, and then trying to install again, but with no luck. getting the same error.

yarn installation worked with no problem

I'm unable to run json-server-auth from a NPM script

"scripts": {
    "start": "run-p -r start:*",
    "start:cra": "react-scripts start",
    "start:json-server": "json-server-auth -p 3333 db.json",
    "build": "react-scripts build",
    "test": "react-scripts test",
    "eject": "react-scripts eject"
},
"proxy": "http://localhost:3333",

$  npm run start:json-server

> [email protected] start:json-server /home/user/projects/xstate-playground
> json-server-auth -p 3333 db.json

/usr/bin/env: «node\r»: Not found file or directory
npm ERR! code ELIFECYCLE
npm ERR! syscall spawn
npm ERR! file sh
npm ERR! errno ENOENT
npm ERR! [email protected] start:json-server: `json-server-auth -p 3333 db.json`
npm ERR! spawn ENOENT
npm ERR! 
npm ERR! Failed at the [email protected] start:json-server script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/user/.npm/_logs/2020-02-12T20_04_55_632Z-debug.log

The problem is relates to End of Line (EOL) character, in your case CRLF but in Linux and Mac the EOL is LR

Reproduction repository

https://github.com/leosuncin/xstate-playground

Hey,
I cannot start json-server-auth on MacOS due to incompatible line endings in dist/bin.js.
Following this comment (open bin.js and save with correct line endings) fixed problem.

I keep getting a 400 bad response with the message "Email and password are required". I am using Postman with all the info in the screenshot below. Please help.

Hi!

I am currently facing a problem regarding CORS preflight requests in my application. If I want to fetch user data from a protected JSON server route (600), it says the OPTIONS preflight request is missing an authorization header. Therefore, the GET request is not following afterwards and the fetching fails (although I added the correct Authorization header on the initial GET request).

That seems to be an issue with json-server-auth itself because the W3 specs states that a preflight OPTIONS request should never contain any authorization?

I tried different URLs (/profile, /me) for getting user profile by assessToken but didnt find it. Please, help me to find out how to get userInfo (if it exists )??

Please, you could return the user ID in the login request or create a profile route, where only the logged in user can view and change the data of his account. Thanks.

I'm having an incorrect password error even putting the same data in the json file

I installed json-server and json-server auth, but when I try the CLI command: npx json-server-auth data/db.json --port 8000
I get this error:
Error: Cannot find module 'json-server'
Require stack:

• D:\sneha\reactjs\projects\codebook\node_modules\json-server-auth\dist\guards.js
• D:\sneha\reactjs\projects\codebook\node_modules\json-server-auth\dist\bin.js
  at Module._resolveFilename (node:internal/modules/cjs/loader:1144:15)
  at Module._load (node:internal/modules/cjs/loader:985:27)
  at Module.require (node:internal/modules/cjs/loader:1235:19)
  at require (node:internal/modules/helpers:176:18)
  at Object. (D:\sneha\reactjs\projects\codebook\node_modules\json-server-auth\dist\guards.js:6:20)
  at Module._compile (node:internal/modules/cjs/loader:1376:14)
  at Module._extensions..js (node:internal/modules/cjs/loader:1435:10)
  at Module.load (node:internal/modules/cjs/loader:1207:32)
  at Module._load (node:internal/modules/cjs/loader:1023:12)
  at Module.require (node:internal/modules/cjs/loader:1235:19) {
  code: 'MODULE_NOT_FOUND',
  requireStack: [
  'D:\sneha\reactjs\projects\codebook\node_modules\json-server-auth\dist\guards.js',
  'D:\sneha\reactjs\projects\codebook\node_modules\json-server-auth\dist\bin.js'
  ]
  }

given: "users": [ {"id": 1}, {"id": 2} ], "posts": [ {"id": 1, "text": "hello", "userId": 1}, {"id": 2, "text": "world", "userId": 2}] and
access token: xxx.xxx.xxx for user id:1
when: curl -H "Authorization: Bearer xxx.xxx.xxx" http://localhost:3000/600/posts
expect: only [ { "id": 1, "text": "hello", "userId": 1} ]
actual: [ { "id": 1, "text": "hello", "userId": 1}, {"id": 2, "text": "world", "userId": 2} ]

Hi, 4 hours of trying to login. I would so much like to use json-server-auth. Can you help?

Below I am showing HTTPie, but trials with Postman, wget and cURL have also frustrated me.

CLI:

npm run start

generates:

[email protected] start /Users/oscar/developer/carmen/jsonGUI/json-server-auth-folder
json-server-auth db.json
Loading db.json
Loading /Users/oscar/developer/carmen/jsonGUI/json-server-auth-folder/node_modules/json-server-auth/dist
Done
Resources
http://localhost:3000/users
Home
http://localhost:3000
GET /users 200 6.634 ms - 90

CLI:
http POST localhost:3000/login [email protected] password=bestPassw0rd

generates:.

HTTP/1.1 400 Bad Request
Access-Control-Allow-Credentials: true
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 20
Content-Type: application/json; charset=utf-8
Date: Sun, 11 Oct 2020 17:18:18 GMT
ETag: W/"14-iEk1d6UpQuw3XSfG5Pju721C6OA"
Expires: -1
Keep-Alive: timeout=5
Pragma: no-cache
Vary: Origin, Accept-Encoding
X-Content-Type-Options: nosniff
X-Powered-By: Express

"Incorrect password"

CLI:
http localhost:3000/users

generates:

[
{
"email": "[email protected]",
"id": "1",
"password": "bestPassw0rd"
}
]

Looking forward to hear from you.
Many thanks,
Oscar

Hi ? Can we reset password ? or how to do that manually to end up having hashed version of the password ?

if it has autogenerate swagger

When I build on linux I get these errors any ideas?

$git clone https://github.com/jeremyben/json-server-auth.git
$cd json-server-auth/

$ rimraf dist && tsc -p tsconfig.build.json
src/bin.ts:62:4 - error TS2352: Conversion of type 'undefined' to type 'string[]' may be a mistake because neither type sufficiently overlaps with the other. If this was intentional, convert the expression to 'unknown' first.

62 ;(<string[]>argv.middlewares) = [__dirname]
~~~~~~~~~~~~~~~~~~~~~~~~~~

src/bin.ts:69:39 - error TS2345: Argument of type 'unknown' is not assignable to parameter of type 'string | number | Buffer | URL'.
Type 'unknown' is not assignable to type 'URL'.

69 let routes = JSON.parse(readFileSync(argv.routes, 'utf8'))
~~~~~~~~~~~

Found 2 errors.

error Command failed with exit code 2.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.

This is my configuration.
$ tsc --version
Version 3.4.5
$ node --version
v8.12.0
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.6 LTS
Release: 16.04
Codename: xenial

Hello,
I want to make an account that can read and write all resource and not depend on Guarded routes. Is there any way to make that ?
Thanks.

Cant update users

I got here by searching the json-server issues
typicode/json-server#897

However, a much earlier issue mentions using jsonwebtoken
typicode/json-server#190

Which links to:
https://www.techiediaries.com/fake-api-jwt-json-server/

How is this different?

Do you have a list of pros and cons of the different approaches?

Cli command can't find express. Perhaps this should be added to the docs to also install express globally when using the global cli command json-server-auth.

> npx json-server-auth db.json

node:internal/modules/cjs/loader:927
  throw err;
  ^

Error: Cannot find module 'express'
Require stack:
- /usr/local/lib/node_modules/json-server-auth/dist/guards.js
- /usr/local/lib/node_modules/json-server-auth/dist/bin.js

Problem

I have a logged in user with id of 2. I would like to get only items from the array that belongs to this user (have userId: 2). How to do that cus every time I make a request im getting in response whole array. Calling request for only one item works just fine - user with id 2 is not authorized to get object with userId: 1

routes.json

Hello,

When I call a listing route (ex : GET /characters), all entities are returned, not just user's entities.

Versions :

• json-server : 0.16.1
• json-server-auth : 2.0.0

route.json fie:
{ "/users*": "/640/users$1", "/characters*": "/600/characters$1" }

db.json file :
{ "users": [ { "id": 1, "email": "[email protected]", "password: "..." }, { "id": 2, "email": "[email protected]", "password: "..." } ], "characters": [ { "id": 1, "name": "char1", "userId: 1 }, { "id": 2, "name": "char2", "userId: 2 } ] }

Is not working with codes : 600, 640

Thanks

400, 440, 444 - not working for users if user has login he can add a new user it's bug. Please find mistake and solve it. Thanks for library.

First off, thank you so much for this module. Really makes it fast to prototype JWT-auth.

It seems that if you mount your json-server-api on a non root path f.e "/api" like this

const rules = rewriter({
  "/api/users*": "/600/api/users$1",
  "/api/myresource*": "/640/api/myresource$1",
})
app.db = router.db
app.use(rules);

app.use(auth)
app.use("/api", router)

resourceId extraction breaks in guards.ts

      const [, mod, resource, id] = path.split('/');

which causes db.get to return undefined and entity.userId to throw an error

            if (id) {
                // prettier-ignore
                const entity = db.get(resource).getById(id).value();
                // get id if we are in the users collection
                const userId = resource === 'users' ? entity.id : entity.userId;
                hasRightUserId = userId == req.claims.sub;
            }

Hi,

Is it possible to set JWT token expiration time?
Currently it expire after 1 hour, it is too short for comfortable work with api.
Please, add configuration to change this.

Thanks

How can I integrate this with my custom middleware. I appreciate the help

First of all : thanks a lot for this tool. It's a great starting point in my quest for simple API setups in development or even small personal production projects. It's well written and as a node/express noob it has been a good learning source too !

Obviously one needs to apply guard to "users" resource but as soon as rights are set users middle wares are not applied anymore (no validation for email/password...).

Example (module usage) :

import jsonServer from 'json-server';
import jsonServerAuth from 'json-server-auth';

const app = jsonServer.create();
const apiRouter = jsonServer.router('db.json');

const rules = jsonServerAuth.rewriter({
    users: 600,
});

app.use('/api', rules);
app.use('/api', jsonServerAuth);
app.use('/api', apiRouter);

// Start
app.listen(4201, '127.0.0.1', function () {
    console.log("Server now listening on 4201");
});

If I then with Postman

POST /api/users

with valid jwt token and empty body it creates a new user with no email and no password.

I guess it's because of the re-writer but I'm not sure how to fix this correctly. Maybe by renaming users routes or resources to avoid conflicts between the two ?

Hello json-server-auth team,

Context:
Receive 400 error so I can understand I send a bad request. However seems everything fine in my side. So please tell me if I miss something.

My log track the following output:
POST /login 400 1.362 ms - 20

Code:
Request API url :

`
const authEndpoint = "http://localhost:3000/login"

fetch(authEndpoint, {
method: 'POST',
headers: {
Accept: 'application/json',
'Content-Type': 'application/json',

  },
  body: JSON.stringify({
    email: this.state.email,
    password: this.state.password,
  }),
}).then((response) => {
  console.log(response.status)
  response.status})
  .catch((error) => {
    console.error(error);
 });`

My db.json config file:

`
{
"signal": [
{ "id": 1, "category": "Fuite d'eau", "user": "[email protected]", "description": "Fuite d'eau issuen de l'étage 2" }
],

"login":[
    {"email": "[email protected]", "name": "David", "lastname": "M", "password":"test"},
    {"email": "[email protected]", "name": "David", "lastname": "M", "password":"weloveyou"},
    {"email": "remi@test",  "name": "Remi", "lastname": "P", "password":"weloveyou"},
    {"email": "thomas@test",  "name": "Thomas", "lastname": "S", "password":"weloveyou"}


]

}
`