'Error authenticating user using express-session and Typescript

I have a small app that allows registration and login, but I'm still trying to use session-express to persist the session.

Below is server.ts where I create the session, cors, etc...

import express, { json } from "express";
import { db } from "./models/db-connection";
import { router } from "./routes";
import session from "express-session";
var cors = require("cors");

const app = express();

app.use(
    cors({
        origin: "http://localhost:3000",
        methods: ["POST", "GET"],
        credentials: true,
    })
);
app.use(json());
app.use(
    session({
        secret: "testtest",
        resave: false,
        saveUninitialized: false,
    })
);
app.use(router);

app.listen(3001, async () => {
    try {
        await db.sync();
        console.log("Connected to the database");
    } catch (error) {
        console.error("Failed to connect to the database", error);
    }

});

In the routes.ts script I use the authenticate function which will only allow a new user to be registered if an user is already logged in. But the problem is exactly here, req.session.authenticated is never true, it is always undefined, even when I set it to true as I will show in UserController.ts.

Below is routes.ts.

import express from "express";
import UserController from "./controllers/UserController";
import "./session-data";

function authenticate(req: express.Request, res: express.Response, next: express.NextFunction) {
    console.log(req.session);
    if (req.session.authenticated) {
        next();
    } else {
        res.redirect("/login");
    }
}

const router = express.Router();

router.post("/users", authenticate, UserController.create);
router.get("/users/login/:login", UserController.findLogin);

export { router };

As you can see below in UserController.ts, req.session.authenticated is true when we find a match, I put in a console.log just to confirm that req.session has the authenticated property at this point, and it does, but it looks like routes.ts can't see it.

UserController.ts

import express, { Request, Response } from "express";
import { UserModel } from "../models/UserModel";
import "../session-data";
const bcrypt = require("bcryptjs");

class UserController {
    async findLogin(req: express.Request, res: express.Response) {
        const email = req.query.email?.toString();
        const password = req.query.password?.toString();

        try {
            const user: any = await UserModel.findOne({
                where: {
                    email: email,
                },
            });

            if (user) {
                const match = await bcrypt.compare(password, user.password);

                if (match) {
                    req.session.authenticated = true;
                    console.log(req.session);
                    return res.status(204).json(user);
                } else {
                    req.session.authenticated = false;
                    return res.status(200).send("invalid password");
                }
            } else {
                req.session.authenticated = false;
                return res.status(201).send("User not found");
            }
        } catch (error: any) {
            req.session.authenticated = false;
            return res.send(error.message);
        }
    }
}

async create(req: Request, res: Response) {
    try {
        const { userName, email, password } = req.body;
        const user = await UserModel.create({
            userName,
            email,
            password,
        });
        return res.status(201).json(user);
    } catch (error: any) {
        console.error(error);
        return res.send(error.message);
    }
}

Since I'm using Typescript, I need to create a session-data.ts file to expand req.session

session-data.ts

declare module "express-session" {
    interface SessionData {
        authenticated: boolean;
    }
}

export {};

In the session store, the session is never created either. Session Storage

Could you help me please? I don't know why req.session.authenticated isn't working, I'm new to using typescript, I imagine there's something related to that.

Thanks!

node.jsreactjstypescriptexpresssession


Solution 1:[1]

Try simplifying your code as much as possible so that the problem is still reproducible. The following works for me:

declare module "express-session" {
    interface SessionData {
        authenticated: boolean;
    }
}
function login(req: express.Request, res: express.Response, next: express.NextFunction) {
    req.session.authenticated = true;
    res.end("Logged in");
}
function authenticate(req: express.Request, res: express.Response, next: express.NextFunction) {
    console.log(req.session);
    if (req.session.authenticated) {
        next();
    } else {
        res.end("Not logged in");
    }
}
express()
.use(session({
    secret: "Se$$ion",
    resave: false,
    saveUninitialized: false
}))
.get("/login", login)
.get("/auth", authenticate, function(req, res) {
    res.end("Welcome");
})
.listen(3001);

GET /login returns "Logged in".

Then GET /auth return "Welcome" and the session is logged:

Session {
  cookie: { path: '/', _expires: null, originalMaxAge: null, httpOnly: true },
  authenticated: true
}

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Heiko Theißen

Related Questions