Pug Cannot Read Property 'length' of Undefined Nav Links

In this tutorial, we're gonna build a Node.js Express Rest API example that supports Token Based Authentication with JWT (JSONWebToken). Yous'll know:

Appropriate Menses for User Signup & User Login with JWT Authentication
Node.js Express Architecture with CORS, Authentication & Authority middlewares & Sequelize
How to configure Limited routes to piece of work with JWT
How to ascertain Information Models and association for Authentication and Authorization
Way to use Sequelize to interact with MySQL Database

Related Posts:
– Node.js Residual APIs example with Express, Sequelize & MySQL
– Node.js + MongoDB: User Authentication & Authorization with JWT
– Node.js + PostgreSQL: User Hallmark & Authorization with JWT

Fullstack (JWT Authentication & Dominance instance):
– Node.js Express + Vue.js
– Node.js Express + Angular viii
– Node.js Express + Angular x
– Node.js Express + Athwart eleven
– Node.js Express + Angular 12
– Node.js Express + React

Deployment:
– Deploying/Hosting Node.js app on Heroku with MySQL database
– Dockerize Node.js Express and MySQL example – Docker Compose

Contents

Token Based Hallmark
Overview of Node.js JWT Authentication example
Menstruum for Signup & Login with JWT Authentication
Node.js Express Architecture with Hallmark & Authorization
Technology
Projection Construction
Create Node.js App
Setup Express web server
Configure MySQL database & Sequelize
Define the Sequelize Model
Initialize Sequelize
Configure Auth Key
Create Middleware functions
Create Controllers
- Controller for Authentication
- Controller for testing Dominance
Define Routes
Run & Test with Results
Conclusion
Source Code
Farther Reading

Token Based Hallmark

Comparing with Session-based Authentication that demand to shop Session on Cookie, the big advantage of Token-based Authentication is that nosotros store the JSON Spider web Token (JWT) on Customer side: Local Storage for Browser, Keychain for IOS and SharedPreferences for Android… So we don't need to build another backend project that supports Native Apps or an additional Authentication module for Native App users.

There are three important parts of a JWT: Header, Payload, Signature. Together they are combined to a standard structure: header.payload.signature.

The Client typically attaches JWT in Say-so header with Bearer prefix:

          Authorization: Bearer [header].[payload].[signature]

Or simply in x-access-token header:

          x-access-token: [header].[payload].[signature]

For more details, you lot can visit:
In-depth Introduction to JWT-JSON Web Token

Overview of Node.js Limited JWT Authentication case

We volition build a Node.js Express application in that:

User can signup new account, or login with username & password.
By User's function (admin, moderator, user), we authorize the User to access resource

This is our Node.js application demo running with MySQL database and examination Rest Apis with Postman.

These are APIs that we need to provide:

Methods	Urls	Actions
Postal service	/api/auth/signup	signup new account
Mail	/api/auth/signin	login an account
GET	/api/test/all	recall public content
Go	/api/test/user	access User'south content
Become	/api/test/mod	admission Moderator's content
GET	/api/test/admin	access Admin's content

Catamenia for Signup & Login with JWT Hallmark

The diagram shows flow of User Registration, User Login and Authorization procedure.

A legal JWT must be added to HTTP x-access-token Header if Customer accesses protected resources.

You lot will need to implement Refresh Token:

More than details at: JWT Refresh Token implementation in Node.js example

If you want to use Cookies, please visit:
Node.js Express: Login and Registration case with JWT

You can have an overview of our Node.js Express App with the diagram beneath:

Via Express routes, HTTP request that matches a road will be checked by CORS Middleware before coming to Security layer.

Security layer includes:

JWT Hallmark Middleware: verify SignUp, verify token
Authorization Middleware: check User'south roles with record in database

If these middlewares throw any error, a message volition be sent as HTTP response.

Controllers interact with MySQL Database via Sequelize and ship HTTP response (token, user information, data based on roles…) to client.

Engineering science

Express 4.17.i
bcryptjs two.4.three
jsonwebtoken 8.5.1
Sequelize 5.21.3
MySQL

Project Structure

This is directory construction for our Node.js Express application:

– config

configure MySQL database & Sequelize
configure Auth Fundamental

– routes

auth.routes.js: Mail signup & signin
user.routes.js: GET public & protected resource

– middlewares

verifySignUp.js: check duplicate Username or Electronic mail
authJwt.js: verify Token, bank check User roles in database

– controllers

auth.controller.js: handle signup & signin actions
user.controller.js: render public & protected content

– models for Sequelize Models

user.model.js
role.model.js

– server.js: import and initialize necessary modules and routes, listen for connections.

Create Node.js App

First, nosotros create a binder for our project:

          $ mkdir node-js-jwt-auth $ cd node-js-jwt-auth

Then nosotros initialize the Node.js App with a package.json file:

          npm init name: (node-js-jwt-auth)  version: (ane.0.0)  description: Node.js Demo for JWT Hallmark entry signal: (index.js) server.js test command:  git repository:  keywords: node.js, express, jwt, hallmark, mysql writer: bezkoder license: (ISC) Is this ok? (yes) yeah

Nosotros need to install necessary modules: express, cors, sequelize, mysql2, jsonwebtoken and bcryptjs.
Run the command:

          npm install express sequelize mysql2 cors jsonwebtoken bcryptjs --save

The packet.json file at present looks like this:

          {   "name": "node-js-jwt-auth",   "version": "ane.0.0",   "description": "Node.js Demo for JWT Hallmark",   "main": "server.js",   "scripts": {     "examination": "echo \"Mistake: no test specified\" && go out i"   },   "keywords": [     "node.js",     "jwt",     "authentication",     "limited",     "mysql"   ],   "author": "bezkoder",   "license": "ISC",   "dependencies": {     "bcryptjs": "^2.4.3",     "cors": "^two.8.5",     "express": "^4.17.1",     "jsonwebtoken": "^viii.5.i",     "mysql2": "^two.ane.0",     "sequelize": "^v.21.iii"   } }

Setup Express web server

In the root binder, let's create a new server.js file:

          const express = require("express"); const cors = require("cors"); const app = express(); var corsOptions = {   origin: "http://localhost:8081" }; app.use(cors(corsOptions)); // parse requests of content-type - application/json app.utilise(express.json()); // parse requests of content-type - awarding/x-www-form-urlencoded app.utilise(limited.urlencoded({ extended: truthful })); // simple route app.become("/", (req, res) => {   res.json({ bulletin: "Welcome to bezkoder application." }); }); // set port, mind for requests const PORT = process.env.PORT || 8080; app.listen(PORT, () => {   console.log(`Server is running on port ${PORT}.`); });

Let me explicate what we've just washed:
– import express and cors modules:

Express is for edifice the Rest apis
cors provides Express middleware to enable CORS

– create an Limited app, then add together request torso parser and cors middlewares using app.utilize() method. Detect that we set origin: http://localhost:8081.
– define a Go route which is elementary for test.
– mind on port 8080 for incoming requests.

At present permit'due south run the app with command: node server.js.
Open up your browser with url http://localhost:8080/, yous volition see:

Configure MySQL database & Sequelize

In the app folder, create config folder for configuration with db.config.js file similar this:

          module.exports = {   HOST: "localhost",   USER: "root",   PASSWORD: "123456",   DB: "testdb",   dialect: "mysql",   pool: {     max: v,     min: 0,     learn: 30000,     idle: 10000   } };

Start v parameters are for MySQL connectedness.
pool is optional, it will be used for Sequelize connectedness pool configuration:

max: maximum number of connection in puddle
min: minimum number of connection in pool
idle: maximum time, in milliseconds, that a connection can be idle before being released
acquire: maximum time, in milliseconds, that pool volition attempt to get connection before throwing error

For more than details, please visit API Reference for the Sequelize constructor.

Define the Sequelize Model

In models folder, create User and Role information model as post-obit lawmaking:

models/user.model.js

          module.exports = (sequelize, Sequelize) => {   const User = sequelize.define("users", {     username: {       blazon: Sequelize.Cord     },     email: {       type: Sequelize.STRING     },     password: {       type: Sequelize.STRING     }   });   return User; };

models/role.model.js

          module.exports = (sequelize, Sequelize) => {   const Role = sequelize.define("roles", {     id: {       type: Sequelize.INTEGER,       primaryKey: true     },     name: {       type: Sequelize.STRING     }   });   return Role; };

These Sequelize Models represents users & roles table in MySQL database.

After initializing Sequelize, we don't need to write CRUD functions, Sequelize supports all of them:

create a new User: create(object)
find a User by id: findByPk(id)
notice a User past e-mail: findOne({ where: { email: ... } })
get all Users: findAll()
observe all Users past username: findAll({ where: { username: ... } })

These functions will be used in our Controllers and Middlewares.

Initialize Sequelize

Now create app/models/alphabetize.js with content similar this:

          const config = require("../config/db.config.js"); const Sequelize = require("sequelize"); const sequelize = new Sequelize(   config.DB,   config.USER,   config.PASSWORD,   {     host: config.HOST,     dialect: config.dialect,     operatorsAliases: false,     pool: {       max: config.pool.max,       min: config.pool.min,       acquire: config.pool.acquire,       idle: config.pool.idle     }   } ); const db = {}; db.Sequelize = Sequelize; db.sequelize = sequelize; db.user = require("../models/user.model.js")(sequelize, Sequelize); db.role = crave("../models/role.model.js")(sequelize, Sequelize); db.office.belongsToMany(db.user, {   through: "user_roles",   foreignKey: "roleId",   otherKey: "userId" }); db.user.belongsToMany(db.office, {   through: "user_roles",   foreignKey: "userId",   otherKey: "roleId" }); db.ROLES = ["user", "admin", "moderator"]; module.exports = db;

The clan between Users and Roles is Many-to-Many relationship:
– One User can accept several Roles.
– 1 Role tin can be taken on by many Users.

Nosotros use User.belongsToMany(Role) to betoken that the user model can belong to many Roles and vice versa.

With through, foreignKey, otherKey, nosotros're gonna have a new tabular array user_roles equally connexion betwixt users and roles tabular array via their main key as foreign keys.

If you want to know more details about how to make Many-to-Many Clan with Sequelize and Node.js, please visit:
Sequelize Many-to-Many Association example – Node.js & MySQL

Don't forget to call sync() method in server.js.

          ... const app = express(); app.use(...); const db = require("./app/models"); const Role = db.role; db.sequelize.sync({force: true}).then(() => {   console.log('Drop and Resync Db');   initial(); }); ... function initial() {   Role.create({     id: 1,     name: "user"   });     Role.create({     id: two,     name: "moderator"   });     Office.create({     id: 3,     name: "admin"   }); }

initial() office helps us to create 3 rows in database.
In development, you may need to drop existing tables and re-sync database. So you can employ force: truthful as lawmaking to a higher place.

For product, just insert these rows manually and employ sync() without parameters to avoid dropping data:

          ... const app = limited(); app.use(...); const db = require("./app/models"); db.sequelize.sync(); ...

Learn how to implement Sequelize I-to-Many Human relationship at:
Sequelize Associations: One-to-Many example – Node.js, MySQL

Configure Auth Key

jsonwebtoken functions such every bit verify() or sign() use algorithm that needs a secret key (equally String) to encode and decode token.

In the app/config folder, create auth.config.js file with post-obit code:

          module.exports = {   secret: "bezkoder-secret-key" };

Yous tin create your own secret Cord.

Create Middleware functions

To verify a Signup action, we need two functions:
– check if username or email is duplicate or not
– check if roles in the request is existed or not

middleware/verifySignUp.js

          const db = require("../models"); const ROLES = db.ROLES; const User = db.user; checkDuplicateUsernameOrEmail = (req, res, next) => {   // Username   User.findOne({     where: {       username: req.trunk.username     }   }).then(user => {     if (user) {       res.status(400).send({         message: "Failed! Username is already in utilise!"       });       render;     }     // Email     User.findOne({       where: {         email: req.body.email       }     }).so(user => {       if (user) {         res.status(400).send({           bulletin: "Failed! Email is already in use!"         });         return;       }       next();     });   }); }; checkRolesExisted = (req, res, next) => {   if (req.trunk.roles) {     for (let i = 0; i < req.torso.roles.length; i++) {       if (!ROLES.includes(req.body.roles[i])) {         res.status(400).transport({           message: "Failed! Function does not exist = " + req.body.roles[i]         });         return;       }     }   }      next(); }; const verifySignUp = {   checkDuplicateUsernameOrEmail: checkDuplicateUsernameOrEmail,   checkRolesExisted: checkRolesExisted }; module.exports = verifySignUp;

To process Authentication & Authorization, we accept these functions:
- check if token is provided, legal or not. We get token from ten-admission-token of HTTP headers, then employ jsonwebtoken's verify() function.
- check if roles of the user contains required office or not.

middleware/authJwt.js

          const jwt = require("jsonwebtoken"); const config = require("../config/auth.config.js"); const db = crave("../models"); const User = db.user; verifyToken = (req, res, next) => {   let token = req.headers["ten-access-token"];   if (!token) {     return res.condition(403).send({       message: "No token provided!"     });   }   jwt.verify(token, config.secret, (err, decoded) => {     if (err) {       return res.status(401).send({         message: "Unauthorized!"       });     }     req.userId = decoded.id;     next();   }); }; isAdmin = (req, res, next) => {   User.findByPk(req.userId).then(user => {     user.getRoles().then(roles => {       for (allow i = 0; i < roles.length; i++) {         if (roles[i].name === "admin") {           next();           return;         }       }       res.status(403).send({         bulletin: "Crave Admin Part!"       });       return;     });   }); }; isModerator = (req, res, next) => {   User.findByPk(req.userId).then(user => {     user.getRoles().then(roles => {       for (permit i = 0; i < roles.length; i++) {         if (roles[i].name === "moderator") {           next();           return;         }       }       res.status(403).ship({         message: "Crave Moderator Role!"       });     });   }); }; isModeratorOrAdmin = (req, res, next) => {   User.findByPk(req.userId).then(user => {     user.getRoles().so(roles => {       for (let i = 0; i < roles.length; i++) {         if (roles[i].name === "moderator") {           next();           return;         }         if (roles[i].name === "admin") {           side by side();           return;         }       }       res.status(403).ship({         message: "Require Moderator or Admin Role!"       });     });   }); }; const authJwt = {   verifyToken: verifyToken,   isAdmin: isAdmin,   isModerator: isModerator,   isModeratorOrAdmin: isModeratorOrAdmin }; module.exports = authJwt;

middleware/index.js

          const authJwt = require("./authJwt"); const verifySignUp = require("./verifySignUp"); module.exports = {   authJwt,   verifySignUp };

Create Controllers

Controller for Hallmark

At that place are 2 main functions for Authentication:
- signup: create new User in database (role is user if not specifying role)
- signin:

discover username of the request in database, if it exists
compare countersign with countersign in database using bcrypt, if it is correct
generate a token using jsonwebtoken
return user data & access Token

controllers/auth.controller.js

          const db = require("../models"); const config = require("../config/auth.config"); const User = db.user; const Role = db.role; const Op = db.Sequelize.Op; var jwt = require("jsonwebtoken"); var bcrypt = require("bcryptjs"); exports.signup = (req, res) => {   // Salvage User to Database   User.create({     username: req.body.username,     email: req.body.email,     password: bcrypt.hashSync(req.torso.password, 8)   })     .then(user => {       if (req.torso.roles) {         Part.findAll({           where: {             name: {               [Op.or]: req.body.roles             }           }         }).then(roles => {           user.setRoles(roles).then(() => {             res.send({ message: "User was registered successfully!" });           });         });       } else {         // user role = 1         user.setRoles([ane]).and then(() => {           res.ship({ bulletin: "User was registered successfully!" });         });       }     })     .grab(err => {       res.status(500).send({ message: err.bulletin });     }); }; exports.signin = (req, res) => {   User.findOne({     where: {       username: req.body.username     }   })     .then(user => {       if (!user) {         return res.condition(404).send({ message: "User Not plant." });       }       var passwordIsValid = bcrypt.compareSync(         req.body.password,         user.password       );       if (!passwordIsValid) {         return res.status(401).ship({           accessToken: null,           message: "Invalid Password!"         });       }       var token = jwt.sign({ id: user.id }, config.secret, {         expiresIn: 86400 // 24 hours       });       var authorities = [];       user.getRoles().then(roles => {         for (permit i = 0; i < roles.length; i++) {           regime.push("ROLE_" + roles[i].name.toUpperCase());         }         res.status(200).send({           id: user.id,           username: user.username,           e-mail: user.email,           roles: authorities,           accessToken: token         });       });     })     .take hold of(err => {       res.status(500).send({ message: err.message });     }); };

Controller for testing Dominance

There are 4 functions:
– /api/examination/all for public admission
– /api/examination/user for loggedin users (role: user/moderator/admin)
– /api/test/mod for users having moderator role
– /api/test/admin for users having admin role

controllers/user.controller.js

          exports.allAccess = (req, res) => {   res.status(200).send("Public Content."); }; exports.userBoard = (req, res) => {   res.status(200).send("User Content."); }; exports.adminBoard = (req, res) => {   res.condition(200).ship("Admin Content."); }; exports.moderatorBoard = (req, res) => {   res.condition(200).transport("Moderator Content."); };

Now, do you take any question? Would yous like to know how we tin combine middlewares with controller functions?
Let's exercise it in the next department.

Define Routes

When a client sends asking for an endpoint using HTTP asking (Go, POST, PUT, DELETE), we need to determine how the server will response by setting up the routes.

We can divide our routes into 2 office: for Authentication and for Authorization (accessing protected resource).

Hallmark:

POST /api/auth/signup
Mail /api/auth/signin

routes/auth.routes.js

          const { verifySignUp } = require("../middleware"); const controller = require("../controllers/auth.controller"); module.exports = function(app) {   app.use(role(req, res, next) {     res.header(       "Admission-Control-Allow-Headers",       "x-access-token, Origin, Content-Type, Take"     );     adjacent();   });   app.post(     "/api/auth/signup",     [       verifySignUp.checkDuplicateUsernameOrEmail,       verifySignUp.checkRolesExisted     ],     controller.signup   );   app.postal service("/api/auth/signin", controller.signin); };

Authorization:

GET /api/examination/all
Become /api/test/user for loggedin users (user/moderator/admin)
GET /api/exam/mod for moderator
GET /api/test/admin for admin

routes/user.routes.js

          const { authJwt } = crave("../middleware"); const controller = require("../controllers/user.controller"); module.exports = office(app) {   app.utilise(function(req, res, next) {     res.header(       "Access-Control-Permit-Headers",       "x-admission-token, Origin, Content-Blazon, Accept"     );     next();   });   app.get("/api/test/all", controller.allAccess);   app.go(     "/api/test/user",     [authJwt.verifyToken],     controller.userBoard   );   app.get(     "/api/exam/mod",     [authJwt.verifyToken, authJwt.isModerator],     controller.moderatorBoard   );   app.get(     "/api/test/admin",     [authJwt.verifyToken, authJwt.isAdmin],     controller.adminBoard   ); };

Don't forget to add together these routes in server.js:

          ... // routes require('./app/routes/auth.routes')(app); crave('./app/routes/user.routes')(app); // gear up port, listen for requests ...

Run & Test with Results

Run Node.js awarding with command: node server.js

Tables that we define in models package will be automatically generated in MySQL Database.
If yous check the database, you tin run into things like this:

          mysql> describe users; +-----------+--------------+------+-----+---------+----------------+ | Field     | Type         | Null | Central | Default | Extra          | +-----------+--------------+------+-----+---------+----------------+ | id        | int(11)      | NO   | PRI | NULL    | auto_increment | | username  | varchar(255) | Yep  |     | NULL    |                | | email     | varchar(255) | YES  |     | NULL    |                | | password  | varchar(255) | YES  |     | NULL    |                | | createdAt | datetime     | NO   |     | NULL    |                | | updatedAt | datetime     | NO   |     | NULL    |                | +-----------+--------------+------+-----+---------+----------------+  mysql> draw roles; +-----------+--------------+------+-----+---------+-------+ | Field     | Blazon         | Null | Central | Default | Extra | +-----------+--------------+------+-----+---------+-------+ | id        | int(eleven)      | NO   | PRI | Naught    |       | | name      | varchar(255) | Aye  |     | NULL    |       | | createdAt | datetime     | NO   |     | Cipher    |       | | updatedAt | datetime     | NO   |     | NULL    |       | +-----------+--------------+------+-----+---------+-------+  mysql> depict user_roles; +-----------+----------+------+-----+---------+-------+ | Field     | Type     | Null | Key | Default | Extra | +-----------+----------+------+-----+---------+-------+ | createdAt | datetime | NO   |     | NULL    |       | | updatedAt | datetime | NO   |     | NULL    |       | | roleId    | int(11)  | NO   | PRI | NULL    |       | | userId    | int(xi)  | NO   | PRI | NULL    |       | +-----------+----------+------+-----+---------+-------+

If y'all don't utilise initial() part in Sequelize sync() method. You demand to run post-obit SQL script:

          mysql> INSERT INTO roles VALUES (1, 'user', now(), now()); mysql> INSERT INTO roles VALUES (two, 'moderator', now(), now()); mysql> INSERT INTO roles VALUES (three, 'admin', now(), now());

3 records volition be created in roles table:

          mysql> select * from roles; +----+-----------+---------------------+---------------------+ | id | proper noun      | createdAt           | updatedAt           | +----+-----------+---------------------+---------------------+ |  i | user      | 2020-01-13 09:05:39 | 2020-01-13 09:05:39 | |  two | moderator | 2020-01-xiii 09:05:39 | 2020-01-13 09:05:39 | |  3 | admin     | 2020-01-thirteen 09:05:39 | 2020-01-xiii 09:05:39 | +----+-----------+---------------------+---------------------+

admin with admin role
mod with moderator and user roles
zkoder with user role

Our tables after signup could look similar this.

          mysql> select * from users; +----+----------+--------------------+--------------------------------------------------------------+---------------------+---------------------+ | id | username | email              | password                                                     | createdAt           | updatedAt           | +----+----------+--------------------+--------------------------------------------------------------+---------------------+---------------------+ |  1 | admin    | [email protected] | $2a$08$w3cYCF.N0UQZO19z8CQSZ.whzxFS5vMoi9k51g3TQx9r5tkwrIXO2 | 2020-01-13 09:21:51 | 2020-01-13 09:21:51 | |  ii | modernistic      | [electronic mail protected]   | $2a$08$tTj1l28esAxPSSvl3YqKl./nz35vQF7Y76jGtzcYUhHtGy6d.1/ze | 2020-01-13 09:22:01 | 2020-01-13 09:22:01 | |  3 | zkoder   | [email protected]  | $2a$08$U2F07dLyYZjzTxQbFMCAcOd1k8V1o9f6E4TGVJHpy0V6/DC7iS0CS | 2020-01-13 09:23:25 | 2020-01-13 09:23:25 | +----+----------+--------------------+--------------------------------------------------------------+---------------------+---------------------+  mysql> select * from user_roles; +---------------------+---------------------+--------+--------+ | createdAt           | updatedAt           | roleId | userId | +---------------------+---------------------+--------+--------+ | 2020-01-13 09:22:01 | 2020-01-13 09:22:01 |      i |      two | | 2020-01-xiii 09:23:25 | 2020-01-13 09:23:25 |      1 |      iii | | 2020-01-thirteen 09:22:01 | 2020-01-13 09:22:01 |      2 |      2 | | 2020-01-13 09:21:51 | 2020-01-13 09:21:51 |      3 |      1 | +---------------------+---------------------+--------+--------+

Access public resource: Become /api/exam/all

Access protected resource: Go /api/exam/user

Login an account (with incorrect password): POST /api/auth/signin

Login an business relationship: POST /api/auth/signin

Access protected resources: Become /api/test/user

Conclusion

Congratulation!

Today we've learned then many interesting things about Node.js Token Based Authentication with JWT - JSONWebToken in simply a Node.js Express Residuum Api example.
Despite we wrote a lot of code, I hope y'all will understand the overall architecture of the application, and apply it in your projection at ease.

You should continue to know how to implement Refresh Token:
JWT Refresh Token implementation in Node.js example

If you need a working front-end for this dorsum-end, you can find Client App in the mail service:
- Vue.js JWT Hallmark with Vuex and Vue Router
- Athwart 8 JWT Authentication example with Web Api
- Angular 10 JWT Authentication instance with Web Api
- Angular 11 JWT Authentication example with Web Api
- Angular 12 JWT Authentication example with Web Api
- React JWT Hallmark (without Redux) example
- React Hooks: JWT Authentication (without Redux) example
- React Redux: JWT Authentication example

Happy learning! Meet yous again.

Source Lawmaking

You can find the consummate source code for this tutorial on Github.

If you desire to use Cookies, delight visit:
Node.js Limited: Login and Registration example with JWT

Pug Cannot Read Property 'length' of Undefined Nav Links

Source: https://www.bezkoder.com/node-js-jwt-authentication-mysql/