From 8a78e580f367c107aa73a8b48a68e2b7d7ef0bcc Mon Sep 17 00:00:00 2001
From: Mone19 <fuocoangelos@yahoo.de>
Date: Fri, 21 Jun 2024 12:34:44 +0200
Subject: [PATCH] fix: store token in header

---
 api/auth/controllers/auth.controller.js | 3 +--
 api/post/utils/verifyUser.js            | 4 +++-
 client/src/pages/CreatePost.jsx         | 1 +
 client/src/pages/SignIn.jsx             | 4 +---
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/api/auth/controllers/auth.controller.js b/api/auth/controllers/auth.controller.js
index 8ed8d80..7c87d0d 100644
--- a/api/auth/controllers/auth.controller.js
+++ b/api/auth/controllers/auth.controller.js
@@ -31,8 +31,7 @@ export const signup = async (req, res, next) => {
       process.env.JWT_SECRET
     );
 
-    res.status(201).cookie('access_token', token, {
-      httpOnly: true}).json({ message: "Anmeldung erfolgreich." });
+    res.status(201).json({ token, message: "Anmeldung erfolgreich." });
   } catch (err) {
     if (err.code === 11000) {
       if (err.keyPattern.username) {
diff --git a/api/post/utils/verifyUser.js b/api/post/utils/verifyUser.js
index cfef7fd..6cc0c7b 100644
--- a/api/post/utils/verifyUser.js
+++ b/api/post/utils/verifyUser.js
@@ -1,7 +1,9 @@
 import jwt from "jsonwebtoken";
 import { errorHandler } from "./error.js";
 export const verifyToken = (req, res, next) => {
-  const token = req.cookies.access_token;
+  if ( req.headers.authorization && req.headers.authorization.startsWith("Bearer")) {
+    const token = req.headers.authorization.split(" ")[1];
+  }
   if (!token) {
     return next(errorHandler(401, "Unauthorized"));
   }
diff --git a/client/src/pages/CreatePost.jsx b/client/src/pages/CreatePost.jsx
index e5f9db9..6edaca2 100644
--- a/client/src/pages/CreatePost.jsx
+++ b/client/src/pages/CreatePost.jsx
@@ -60,6 +60,7 @@ export default function CreatePost() {
         method: "POST",
         headers: {
           "Content-Type": "application/json",
+          "Authorization": `Bearer ${localStorage.getItem('token')}`
         },
         body: JSON.stringify(formData),
       });
diff --git a/client/src/pages/SignIn.jsx b/client/src/pages/SignIn.jsx
index 7be1c42..e487c6d 100644
--- a/client/src/pages/SignIn.jsx
+++ b/client/src/pages/SignIn.jsx
@@ -37,7 +37,7 @@ export default function SignIn() {
       const res = await fetch(`${baseUrl}/api/auth/signin`, {
         method: "POST",
         headers: {
-          "Content-Type": "application/json"
+          "Content-Type": "application/json",
         },
         body: JSON.stringify(formData),
       });
@@ -46,8 +46,6 @@ export default function SignIn() {
         dispatch(signInFailure(data.message));
       }
       if (res.ok) {
-        
-        localStorage.setItem('token', data.token);
         dispatch(signInSuccess(data));
         localStorage.setItem('token', data.token);
         navigate("/");