How to get the current user using jsonwebtoken in Sails.js?

Question

I've been working with Sails since couple of weeks ago, I came from Rails and I don't have any experience working with Node.js.

Now I'm trying to make a robust token authentication using jsonwebtoken. https://github.com/auth0/node-jsonwebtoken

I followed this guide http://thesabbir.com/how-to-use-json-web-token-authentication-with-sails-js/ and everything worked fine. I'm able to make a sign up, sign in and then use the token correctly for different actions.

Now, there are some actions where I'd like to use the login user, something like devise current_user helper. For example, when creating a comment, this comment should belongs to the current user.

Using Sabbir Ahmed guide, in the line 33 from the isAuthorized.js policy the token gets decrypted so I can get the current user id from there.

So, my question is, what should be the best way to get the current user and be able to use it later in some controller? For example I tried something like:

# isAuthorized.js line 34, after getting decrypted token
User.findOne({id: token.id}).exec(function findOneCB(err, found){
    currentUser = found;
});

But, on this way, because this is an async action I can't use this currentUser in a controller.

I want to store the current user in order to be able to use it later in some controller without repeated the same code in each controller, something like a helper or maybe a service.

Answer 1

The trick is where you place the next(). Since you are making an async call, the control should only be transferred to next policy/ controller once the database action is competed.

You should modify the policy to:

User.findOne({id: token.id}).exec(function findOneCB(err, found){
    if(err) next(err);
    req.currentUser = found;
    next();
});

And you should be able to access the user details in controllers that use isAuthorized policy via req.currentUser