private routes

Author: hanumantjain

client/src/App.jsx

@@ -38,6 +38,8 @@ const enhancedEmployerView = {
   ]
 };
 
+import ProtectedRoute from "./components/ProtectedRoute";
+
 const App = () => {
   const [selectedRole, setSelectedRole] = useState(
     localStorage.getItem('userRole') ||
@@ -75,7 +77,7 @@ const App = () => {
 
   // Check if Dynamic Labs environment ID is configured
   const dynamicEnvId = import.meta.env.VITE_DYNAMIC_ENV_ID;
-  
+
   if (!dynamicEnvId) {
     console.error('VITE_DYNAMIC_ENV_ID is not configured. Please set this environment variable.');
     return (
@@ -136,32 +138,90 @@ const App = () => {
       }}
     >
       <div>
-          <Routes>
-            {/* Common Routes */}
-            <Route path="/" element={<LandingPage />} />
-            <Route path="/about-us" element={<AboutPage />} />
-            <Route path="/user-profile" element={<UserProfile />} />
-            <Route path="/job-details/:id" element={<JobDetails />} />
-
-            {/* Employee Routes */}
-            <Route path="/employeeDashboard" element={<EmployeeDashboard />} />
-            <Route path="/employee-profile" element={<EmployeeProfile />} />
-            <Route path="/employee-jobs" element={<EmployeeJobsPage />} />
-
-            {/* Employer Routes */}
-            <Route path="/employerDashboard" element={<EmployerDashboard />} />
-            <Route path="/employer-profile" element={<EmployerProfile />} />
-            <Route path="/job" element={<Job />} />
-            <Route path="/view-employees" element={<EmployerJobPortal />} />
-            <Route path="/view-open-contracts" element={<OpenContracts />} />
-            <Route path="/review-applications" element={<ReviewApplications />} />
-            <Route path="/review-completed-contracts" element={<ReviewCompletedContracts />} />
-            <Route path="/dispute" element={<Dispute />} />
-            <Route path="/closed-contracts" element={<ClosedContracts />} />
-
-            {/* 404 - Must be last */}
-            <Route path="*" element={<h1>404 - Not Found</h1>} />
-          </Routes>
+        <Routes>
+          {/* Public Routes */}
+          <Route path="/" element={<LandingPage />} />
+          <Route path="/about-us" element={<AboutPage />} />
+
+          {/* Protected Routes */}
+          <Route path="/user-profile" element={
+            <ProtectedRoute>
+              <UserProfile />
+            </ProtectedRoute>
+          } />
+          <Route path="/job-details/:id" element={
+            <ProtectedRoute>
+              <JobDetails />
+            </ProtectedRoute>
+          } />
+
+          {/* Employee Routes */}
+          <Route path="/employeeDashboard" element={
+            <ProtectedRoute>
+              <EmployeeDashboard />
+            </ProtectedRoute>
+          } />
+          <Route path="/employee-profile" element={
+            <ProtectedRoute>
+              <EmployeeProfile />
+            </ProtectedRoute>
+          } />
+          <Route path="/employee-jobs" element={
+            <ProtectedRoute>
+              <EmployeeJobsPage />
+            </ProtectedRoute>
+          } />
+
+          {/* Employer Routes */}
+          <Route path="/employerDashboard" element={
+            <ProtectedRoute>
+              <EmployerDashboard />
+            </ProtectedRoute>
+          } />
+          <Route path="/employer-profile" element={
+            <ProtectedRoute>
+              <EmployerProfile />
+            </ProtectedRoute>
+          } />
+          <Route path="/job" element={
+            <ProtectedRoute>
+              <Job />
+            </ProtectedRoute>
+          } />
+          <Route path="/view-employees" element={
+            <ProtectedRoute>
+              <EmployerJobPortal />
+            </ProtectedRoute>
+          } />
+          <Route path="/view-open-contracts" element={
+            <ProtectedRoute>
+              <OpenContracts />
+            </ProtectedRoute>
+          } />
+          <Route path="/review-applications" element={
+            <ProtectedRoute>
+              <ReviewApplications />
+            </ProtectedRoute>
+          } />
+          <Route path="/review-completed-contracts" element={
+            <ProtectedRoute>
+              <ReviewCompletedContracts />
+            </ProtectedRoute>
+          } />
+          <Route path="/dispute" element={
+            <ProtectedRoute>
+              <Dispute />
+            </ProtectedRoute>
+          } />
+          <Route path="/closed-contracts" element={
+            <ProtectedRoute>
+              <ClosedContracts />
+            </ProtectedRoute>
+          } />
+
+          {/* 404 - Must be last */}
+          <Route path="*" element={<h1>404 - Not Found</h1>} />
+        </Routes>
       </div>
     </DynamicContextProvider>
   );

client/src/components/ProtectedRoute.jsx

@@ -0,0 +1,23 @@
+import React from 'react';
+import { Navigate } from 'react-router-dom';
+import { useDynamicContext } from '@dynamic-labs/sdk-react-core';
+
+const ProtectedRoute = ({ children }) => {
+    const { user, isLoading } = useDynamicContext();
+
+    if (isLoading) {
+        return (
+            <div className="flex items-center justify-center min-h-screen">
+                <div className="animate-spin rounded-full h-12 w-12 border-t-2 border-b-2 border-blue-500"></div>
+            </div>
+        );
+    }
+
+    if (!user) {
+        return <Navigate to="/" replace />;
+    }
+
+    return children;
+};
+
+export default ProtectedRoute;

client/src/services/api.js

@@ -1,12 +1,18 @@
 const API_BASE_URL = import.meta.env.VITE_API_BASE_URL;
+import { getAuthToken } from "@dynamic-labs/sdk-react-core";
 
 class ApiService {
   // Generic request method
   async request(endpoint, options = {}) {
     const url = `${API_BASE_URL}${endpoint}`;
+    
+    // Get the Dynamic JWT token
+    const token = getAuthToken();
+    
     const config = {
       headers: {
         'Content-Type': 'application/json',
+        ...(token ? { 'Authorization': `Bearer ${token}` } : {}),
         ...options.headers,
       },
       ...options,

server/middleware/authMiddleware.js

@@ -0,0 +1,44 @@
+const jwt = require('jsonwebtoken');
+
+const verifyToken = (req, res, next) => {
+  // 1. Get token from header
+  const authHeader = req.headers['authorization'];
+  const token = authHeader && authHeader.split(' ')[1]; // "Bearer <TOKEN>"
+
+  if (!token) {
+    return res.status(401).json({ 
+      success: false,
+      message: 'Access denied. No token provided.' 
+    });
+  }
+
+  try {
+    // 2. Verify the token
+    // Note: For production with Dynamic, you should verify against their public key (JWKS).
+    // For now, we are using the local secret or assuming the token structure is valid if we can decode it.
+    // If you have the Dynamic public key, replace process.env.JWT_SECRET with it.
+    // If using Dynamic's developer JWTs for testing, the secret might work if configured.
+    
+    // WARNING: If these are real Dynamic tokens (RS256), verify() with a symmetric secret will fail.
+    // If we don't have the public key yet, we might need to skip signature verification 
+    // or ask the user for the public key.
+    // For this step, I will implement standard verification.
+    
+    const decoded = jwt.verify(token, process.env.JWT_SECRET);
+    
+    // 3. Attach user info to request
+    req.user = decoded; 
+    
+    // 4. Proceed to the route
+    next();
+  } catch (error) {
+    console.error('Token verification failed:', error.message);
+    res.status(403).json({ 
+      success: false,
+      message: 'Invalid token.',
+      error: error.message
+    });
+  }
+};
+
+module.exports = verifyToken;

server/package.json

@@ -20,7 +20,8 @@
     "cors": "^2.8.5",
     "dotenv": "^16.3.1",
     "helmet": "^7.1.0",
-    "express-rate-limit": "^7.1.5"
+    "express-rate-limit": "^7.1.5",
+    "jsonwebtoken": "^9.0.2"
   },
   "devDependencies": {
     "nodemon": "^3.0.2"

server/routes/employeeRoutes.js

@@ -1,14 +1,15 @@
 const express = require('express');
 const EmployeeController = require('../controllers/employeeController');
+const verifyToken = require('../middleware/authMiddleware');
 
 const router = express.Router();
 
 // Employee routes
-router.post('/', EmployeeController.createEmployee);
-router.get('/', EmployeeController.getAllEmployees);
-router.get('/:id', EmployeeController.getEmployeeById);
-router.get('/email/:email', EmployeeController.getEmployeeByEmail);
-router.get('/wallet/:wallet_address', EmployeeController.getEmployeeByWallet);
-router.put('/:id', EmployeeController.updateEmployee);
+router.post('/', verifyToken, EmployeeController.createEmployee);
+router.get('/', verifyToken, EmployeeController.getAllEmployees);
+router.get('/:id', verifyToken, EmployeeController.getEmployeeById);
+router.get('/email/:email', verifyToken, EmployeeController.getEmployeeByEmail);
+router.get('/wallet/:wallet_address', verifyToken, EmployeeController.getEmployeeByWallet);
+router.put('/:id', verifyToken, EmployeeController.updateEmployee);
 
 module.exports = router;

server/routes/employerRoutes.js

@@ -1,14 +1,15 @@
 const express = require('express');
 const EmployerController = require('../controllers/employerController');
+const verifyToken = require('../middleware/authMiddleware');
 
 const router = express.Router();
 
 // Employer routes
-router.post('/', EmployerController.createEmployer);
-router.get('/', EmployerController.getAllEmployers);
-router.get('/:id', EmployerController.getEmployerById);
-router.get('/email/:email', EmployerController.getEmployerByEmail);
-router.get('/wallet/:wallet_address', EmployerController.getEmployerByWallet);
-router.put('/:id', EmployerController.updateEmployer);
+router.post('/', verifyToken, EmployerController.createEmployer);
+router.get('/', verifyToken, EmployerController.getAllEmployers);
+router.get('/:id', verifyToken, EmployerController.getEmployerById);
+router.get('/email/:email', verifyToken, EmployerController.getEmployerByEmail);
+router.get('/wallet/:wallet_address', verifyToken, EmployerController.getEmployerByWallet);
+router.put('/:id', verifyToken, EmployerController.updateEmployer);
 
 module.exports = router;

server/routes/jobApplicationRoutes.js

@@ -1,20 +1,21 @@
 const express = require('express');
 const router = express.Router();
 const jobApplicationController = require('../controllers/jobApplicationController');
+const verifyToken = require('../middleware/authMiddleware');
 
 // Save/Unsave job routes
-router.post('/save', jobApplicationController.saveJob);
-router.post('/unsave', jobApplicationController.unsaveJob);
+router.post('/save', verifyToken, jobApplicationController.saveJob);
+router.post('/unsave', verifyToken, jobApplicationController.unsaveJob);
 
 // Apply to job route
-router.post('/apply', jobApplicationController.applyToJob);
+router.post('/apply', verifyToken, jobApplicationController.applyToJob);
 
 // Get jobs by status for an employee
-router.get('/saved/:employeeId', jobApplicationController.getSavedJobs);
-router.get('/applied/:employeeId', jobApplicationController.getAppliedJobs);
-router.get('/employee/:employeeId', jobApplicationController.getEmployeeApplications);
+router.get('/saved/:employeeId', verifyToken, jobApplicationController.getSavedJobs);
+router.get('/applied/:employeeId', verifyToken, jobApplicationController.getAppliedJobs);
+router.get('/employee/:employeeId', verifyToken, jobApplicationController.getEmployeeApplications);
 
 // Update application status
-router.patch('/:applicationId/status', jobApplicationController.updateApplicationStatus);
+router.patch('/:applicationId/status', verifyToken, jobApplicationController.updateApplicationStatus);
 
 module.exports = router;

server/routes/jobRoutes.js

@@ -1,18 +1,19 @@
 const express = require('express');
 const JobController = require('../controllers/jobController');
+const verifyToken = require('../middleware/authMiddleware');
 
 const router = express.Router();
 
 // Job routes
-router.post('/', JobController.createJob);
-router.get('/', JobController.getAllJobs);
-router.get('/employer/:employer_id', JobController.getJobsByEmployer);
-router.get('/employer/:employer_id/applications', JobController.getJobsWithApplicationsByEmployer);
-router.get('/status/:status', JobController.getJobsByStatus);
-router.get('/company/:company_name', JobController.getJobsByCompany);
-router.get('/:id/applications', JobController.getJobApplications);
-router.get('/:id', JobController.getJobById);
-router.put('/:id', JobController.updateJob);
-router.patch('/:id/status', JobController.updateJobStatus);
+router.post('/', verifyToken, JobController.createJob);
+router.get('/', verifyToken, JobController.getAllJobs);
+router.get('/employer/:employer_id', verifyToken, JobController.getJobsByEmployer);
+router.get('/employer/:employer_id/applications', verifyToken, JobController.getJobsWithApplicationsByEmployer);
+router.get('/status/:status', verifyToken, JobController.getJobsByStatus);
+router.get('/company/:company_name', verifyToken, JobController.getJobsByCompany);
+router.get('/:id/applications', verifyToken, JobController.getJobApplications);
+router.get('/:id', verifyToken, JobController.getJobById);
+router.put('/:id', verifyToken, JobController.updateJob);
+router.patch('/:id/status', verifyToken, JobController.updateJobStatus);
 
 module.exports = router;