Hone logo
Hone
Problems

Secure Route Protection with Server Middleware in Vue.js

This challenge focuses on implementing server-side middleware to protect routes in a Vue.js application. You'll create a Node.js Express server middleware that verifies a user's authentication status (simulated with a JWT) before allowing access to specific routes. This is a crucial pattern for securing sensitive areas of your application and preventing unauthorized access.

Problem Description

You are tasked with building a Vue.js application that utilizes server-side middleware to protect certain routes. The application will communicate with a Node.js/Express server. The server will have a middleware function that checks for a valid JWT (JSON Web Token) in the request headers. If the JWT is valid, the request is allowed to proceed to the protected route. Otherwise, the middleware will return a 401 Unauthorized error.

What needs to be achieved:

  1. Server-Side Middleware: Implement an Express middleware function that:
    • Checks for a Authorization header in the request.
    • Extracts the JWT from the header (assuming the format Bearer <token>).
    • Verifies the JWT's validity (for simplicity, you can use a dummy verification function – see Notes).
    • If valid, sets a user property on the req object (e.g., req.user = { id: 123, username: 'testuser' }).
    • If invalid, returns a 401 Unauthorized response with a JSON body: { error: 'Unauthorized' }.
  2. Vue.js Application: Create a Vue.js component that attempts to fetch data from a protected route on the server.
    • The component should display a loading indicator while fetching.
    • If the request is successful (200 OK), display the data received from the server.
    • If the request receives a 401 Unauthorized error, display an error message to the user (e.g., "You are not authorized to view this page.").
    • If any other error occurs, display a generic error message.

Key Requirements:

  • Use TypeScript for both the server and client code.
  • The server should be built with Express.js.
  • The Vue.js application should use axios or a similar library for making HTTP requests.
  • The JWT verification should be a placeholder for a real JWT library (e.g., jsonwebtoken).
  • The server should serve the Vue.js application's static assets.

Expected Behavior:

  • When a user navigates to the protected route without a valid JWT, the server middleware should intercept the request and return a 401 Unauthorized error.
  • When a user navigates to the protected route with a valid JWT, the server middleware should verify the JWT, set the user property on the req object, and allow the request to proceed.
  • The Vue.js component should handle the different response scenarios (success, unauthorized, error) gracefully and display appropriate messages to the user.

Edge Cases to Consider:

  • Missing Authorization header.
  • Invalid JWT format.
  • Expired JWT.
  • Network errors during the request.
  • Server errors.

Examples

Example 1:

Input (Request to protected route without JWT):
Headers: {}
Output (Server Response):
Status Code: 401
Body: { "error": "Unauthorized" }
Explanation: The middleware detects the missing Authorization header and returns a 401 error.

Example 2:

Input (Request to protected route with invalid JWT):
Headers: { "Authorization": "Bearer invalid_token" }
Output (Server Response):
Status Code: 401
Body: { "error": "Unauthorized" }
Explanation: The middleware detects an invalid JWT and returns a 401 error.

Example 3:

Input (Request to protected route with valid JWT):
Headers: { "Authorization": "Bearer valid_token" }
Output (Server Response):
Status Code: 200
Body: { "message": "Data fetched successfully", "user": { "id": 123, "username": "testuser" } }
Explanation: The middleware verifies the JWT, sets req.user, and allows the request to proceed.

Constraints

  • JWT Verification: For this challenge, you do not need to implement a full JWT verification library. A simple placeholder function that always returns true for a specific token (e.g., "valid_token") is sufficient. Focus on the middleware structure and Vue.js error handling.
  • Server Port: The server should listen on port 3000.
  • Vue.js Route: The protected route should be /protected.
  • Error Handling: The Vue.js component should handle errors gracefully and display user-friendly messages.
  • Time Complexity: The middleware should execute in O(1) time (constant time).
  • Space Complexity: The middleware should use a constant amount of space.

Notes

  • This challenge focuses on the interaction between the server middleware and the Vue.js component. You don't need to implement user authentication or JWT generation.
  • Consider using a state management library (e.g., Vuex or Pinia) in your Vue.js application to manage the authentication state. However, this is not strictly required for the core functionality of the challenge.
  • The dummy JWT verification function can be as simple as:
function verifyJWT(token: string): boolean {
  return token === 'valid_token';
}
  • Remember to install the necessary dependencies: express, axios, @vue/cli (or your preferred Vue.js setup).
  • Focus on clean code, proper error handling, and a clear separation of concerns between the server and the client.
Loading editor...
typescript