This is axios call I have in my frontend that stores the user's ID in my backend database. But when this application is deployed and the url isn't localhost for that backend server, can't a user just see it from the developer console and trigger it however much he/she wants? How can I use JWT to fix this problem. So far I have spotify Oauth that gives a user an access and refresh token that spotify passes to the url after login. I save those tokens to local storage. Those spotify tokens give me access to their private spotify information such as their userID which I want to add to my database. So as I'm adding that (below is the code), the endpoints need some kind of Authentication so non-authenticated clients can trigger them.
Frontend
userExists = () => {
const userid = {
name: this.props.userID
}
axios.post('http://localhost:5000/users/add', userid)
.then(res => console.log(res.data))
.catch(err => console.log(err));
}
Backend
const router = require('express').Router();
let User = require('../models/user.model');
router.route('/').get((req, res) => {
User.find()
.then(users => res.json(users))
.catch(err => res.status(400).json('Error: ' + err));
});
router.route('/add').post((req, res) => {
const name = req.body.id;
const newUser = new User({
id,
});
User.exists({id})
.then(username => {
if (!username){
newUser.save()
.then(() => res.json('User added!'))
.catch(err => res.status(400).json('Error: ' + err));
}
else{
res.status(200).send("User Already Exists");
}
})
});
