Authentication ExpressJS Webapp

So, I wanna know how to implement authentication on a REST API running inside of meteor. My goal is to know how to generate/validate a JWT token with a user already created inside of meteor.

I would use express. Something like this:

import { Meteor } from 'meteor/meteor';
import { WebApp } from 'meteor/webapp';
import express from 'express';

const app = express();

app.get('/api', (req, res) => {
  res.status(200).json({ message: 'Hello from Express!!!'});
});

WebApp.connectHandlers.use(app);

I’d create an auth middleware to check whether the user is valid or not. Any help would be appreciated.

I’m having trouble finding out how to generate a jwt since I’m not sure what meteor uses to hash the password.

you don’t need express, just use WebApp package:

WebApp.connectHandlers.use("/api", (req, res) => {
  res.writeHead(200);
    res.end(
      JSON.stringify({
        message: "Hello there",
      })
    );
});

On the client, I attach the Meteor login token in header of request. On the server I read the token and check if it’s valid.
You can find the meteor login token in local storage.

Yeah I know express isn’t necessary but I prefer its syntax plus I can add middleware easily.

Would you happen to have an example of getting the auth token from a WebApp route? And also validating whether or not the token is correct?

Is there some way I can check if the user’s email & password are valid within a user created by the accounts/password packages inside of webapp? and return a token from there instead of having to go into local storage?

I wanna create something like

POST /login → validate credentials. If email and password hash matches then return a JWT

But I have no idea how to get the hash salt used with accounts & password in order to validate the users credentials.

you can call login method. I think you will need to install accounts-password package.

const result = Meteor.call("login", {
  user: { username: 'SOME USERNAME' },
  password: "SOME PASSWORD",
});