From aa46e57c7075315d09737bcd237b649b73650eca Mon Sep 17 00:00:00 2001 From: Gustavo Marques de Lima Date: Tue, 2 Jun 2026 19:17:02 -0300 Subject: [PATCH 1/9] docs: improve jwt-auth package documentation --- README.md | 295 ++++++++++++++++++++++++++++++------------------------ 1 file changed, 164 insertions(+), 131 deletions(-) diff --git a/README.md b/README.md index d07e68e..5f4e9d0 100644 --- a/README.md +++ b/README.md @@ -3,33 +3,74 @@ [![npm version](https://img.shields.io/npm/v/@devflow-modules/jwt-auth)](https://www.npmjs.com/package/@devflow-modules/jwt-auth) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE) -# 🔐 @devflow-modules/jwt-auth +# @devflow-modules/jwt-auth -Módulo de autenticação JWT seguro, modular e reutilizável para aplicações Node.js. Oferece suporte completo a: +Reusable JWT authentication package for Node.js and Express applications. -- ✅ **Access Token** -- 🔁 **Refresh Token** -- 🔑 **Hash e verificação de senhas** -- 🛡️ **Middleware de proteção de rotas** -- 🧪 **Testes com cobertura** -- 🚫 **Zero dependência de banco de dados** +This package provides access tokens, refresh tokens, password hashing, route protection and HttpOnly Cookie helpers without requiring a database dependency. --- -## 📦 Requisitos +## Recruiter Summary + +`@devflow-modules/jwt-auth` is a reusable authentication module created as part of the DevFlow Labs ecosystem. + +It demonstrates package-oriented engineering, authentication fundamentals, middleware design, test coverage, CI/CD awareness and reusable API design for Node.js applications. + +Best for evaluating: + +- JWT authentication fundamentals +- Express middleware design +- Password hashing with bcrypt +- Refresh token flows +- Cookie-based authentication helpers +- Test coverage and package readiness + +--- + +## Features + +- Access token generation and verification +- Refresh token generation and verification +- Password hashing and comparison +- Express route protection middleware +- HttpOnly Cookie helpers +- Cookie-based protected route middleware +- Multiple JWT algorithms: HS256, HS512 and RS256 +- No database dependency +- Jest test coverage +- CI, Codecov, npm and MIT license badges + +--- + +## Runtime and Module Format + +This package currently ships as **CommonJS**. + +Use it with `require`: + +```js +const { jwt, password, middleware, cookies } = require('@devflow-modules/jwt-auth'); +``` + +Native ESM import/export compatibility is listed in the roadmap and should be treated as future work. + +--- + +## Requirements - Node.js >= 16 - npm >= 8 --- -## 🚀 Instalação +## Installation ```bash npm install @devflow-modules/jwt-auth ``` -Para uso local com desenvolvimento: +For local development: ```bash npm link @@ -37,165 +78,165 @@ npm link --- -## 📆 Variáveis de ambiente +## Environment Variables -Crie um arquivo `.env` com: +Create a `.env` file with: ```env -JWT_SECRET=chave_secreta_access_token +JWT_SECRET=your_access_token_secret JWT_EXPIRES_IN=1h -JWT_REFRESH_SECRET=chave_secreta_refresh_token +JWT_REFRESH_SECRET=your_refresh_token_secret JWT_REFRESH_EXPIRES_IN=7d ``` ---- - -## 🔧 Suporte a múltiplos algoritmos JWT - -Este módulo suporta algoritmos simétricos (HS256, HS512) e assimétricos (RS256) para assinar/verificar tokens JWT. - -✅ Configuração via `.env` +For algorithm configuration: ```env -# Algoritmo padrão (HS256, HS512 ou RS256) JWT_ALGORITHM=HS256 +``` -# Para algoritmos HS256 / HS512 +For HS256 / HS512: + +```env JWT_SECRET=your_hmac_secret +``` -# Para RS256 (criptografia com chave pública/privada) +For RS256: + +```env JWT_PRIVATE_KEY_PATH=src/keys/private.key JWT_PUBLIC_KEY_PATH=src/keys/public.key ``` -🔐 Gerar chaves para RS256 - -Se você optar por usar `RS256`, gere suas chaves com: +Generate RS256 keys: ```bash openssl genrsa -out src/keys/private.key 2048 openssl rsa -in src/keys/private.key -pubout -out src/keys/public.key ``` -💡 As chaves devem ser referenciadas corretamente nas variáveis `JWT_PRIVATE_KEY_PATH` e `JWT_PUBLIC_KEY_PATH`. -✅ Exemplo de uso (sem alterações no código) +--- -A mesma API funciona com qualquer algoritmo: +## Public API Reference -```js -const { signToken, verifyToken } = require('@devflow-modules/jwt-auth'); +The package exports grouped namespaces from `src/index.js`. + +| Namespace | Function | Description | +|---|---|---| +| `jwt` | `signToken(payload, options)` | Creates an access token. | +| `jwt` | `verifyToken(token, options)` | Verifies an access token and returns the decoded payload. | +| `jwt` | `signRefreshToken(payload, options)` | Creates a refresh token. | +| `jwt` | `verifyRefreshToken(token)` | Verifies a refresh token and returns the decoded payload. | +| `password` | `hashPassword(password)` | Hashes a plain-text password using bcrypt. | +| `password` | `comparePassword(password, hash)` | Compares a plain-text password against a bcrypt hash. | +| `middleware` | `protectRoute` | Express middleware for Bearer-token protected routes. | +| `middleware` | `protectRouteFromCookie` | Express middleware for cookie-based protected routes. | +| `cookies` | `setTokenCookie(res, token, options)` | Sets a JWT token cookie. | +| `cookies` | `getTokenFromCookie(req, name)` | Reads a JWT token from cookies. | + +> Note: `protectWithRoles` exists in the source tree and has tests, but it is not part of the public namespace export shown above. Public export should be verified before documenting it as package-level API. -const token = signToken({ id: '123' }); -const decoded = verifyToken(token); -``` --- -## ✅ Funcionalidades +## Usage -### 🔐 Geração e Verificação de Access Token +### Access Token ```js -// CommonJS -const { signToken, verifyToken } = require('@devflow-modules/jwt-auth'); +const { jwt } = require('@devflow-modules/jwt-auth'); -// ESModules (futuro) -import { signToken, verifyToken } from '@devflow-modules/jwt-auth'; +const token = jwt.signToken({ id: '123', role: 'admin' }); +const payload = jwt.verifyToken(token); -const token = signToken({ id: '123', role: 'admin' }); -const payload = verifyToken(token); -// { id: '123', role: 'admin', iat, exp } +console.log(payload.id); ``` ---- - -### 🔁 Geração e Verificação de Refresh Token +### Refresh Token ```js -const { signRefreshToken, verifyRefreshToken } = require('@devflow-modules/jwt-auth'); +const { jwt } = require('@devflow-modules/jwt-auth'); -const refresh = signRefreshToken({ id: '123' }); -const payload = verifyRefreshToken(refresh); -``` +const refresh = jwt.signRefreshToken({ id: '123' }); +const payload = jwt.verifyRefreshToken(refresh); ---- +console.log(payload.id); +``` -### 🔑 Hash e Verificação de Senhas +### Password Hashing ```js -const { hashPassword, comparePassword } = require('@devflow-modules/jwt-auth'); +const { password } = require('@devflow-modules/jwt-auth'); -const hash = await hashPassword('minhasenha'); -const isValid = await comparePassword('minhasenha', hash); // true ou false +const hash = await password.hashPassword('my-password'); +const isValid = await password.comparePassword('my-password', hash); ``` ---- - -### 🛡️ Middleware: `protectRoute` (Express) - -Protege rotas de acesso não autenticado. +### Express Protected Route ```js const express = require('express'); -const { protectRoute } = require('@devflow-modules/jwt-auth'); +const { middleware } = require('@devflow-modules/jwt-auth'); const app = express(); -app.get('/private', protectRoute, (req, res) => { +app.get('/private', middleware.protectRoute, (req, res) => { res.json({ user: req.user }); }); ``` -### 🛡️ Middleware: `protectWithRoles` (Express) - -Protege rotas com base em roles (funções/permissões) do usuário autenticado. +### Cookie Helpers ```js const express = require('express'); -const { protectWithRoles } = require('@devflow-modules/jwt-auth'); +const cookieParser = require('cookie-parser'); +const { jwt, cookies, middleware } = require('@devflow-modules/jwt-auth'); const app = express(); +app.use(express.json()); +app.use(cookieParser()); -// Permite acesso apenas para usuários com role 'admin' ou 'editor' -app.get('/admin', protectWithRoles(['admin', 'editor']), (req, res) => { - res.json({ message: 'Acesso permitido para administradores e editores.' }); +app.post('/login', (req, res) => { + const token = jwt.signToken({ id: 'user-123' }); + cookies.setTokenCookie(res, token); + res.json({ ok: true }); }); -// Permite acesso apenas para usuários com role 'user' -app.get('/profile', protectWithRoles(['user']), (req, res) => { - res.json({ message: 'Acesso permitido para usuários.' }); +app.get('/private', middleware.protectRouteFromCookie, (req, res) => { + res.json({ user: req.user }); }); ``` + --- -### 💻 Exemplo completo (Express) +## Complete Express Refresh Example -```js -require('dotenv').config(); -const express = require('express'); -const { signToken, signRefreshToken, protectRoute } = require('@devflow-modules/jwt-auth'); +A complete refresh-auth example is available at: -const app = express(); -app.use(express.json()); +```text +examples/express-refresh-auth/server.cjs +``` -// login (gera access e refresh token) -app.post('/login', (req, res) => { - const token = signToken({ id: 'user123' }); - const refresh = signRefreshToken({ id: 'user123' }); - res.json({ token, refresh }); -}); +It demonstrates: -app.get('/private', protectRoute, (req, res) => { - res.json({ user: req.user }); -}); - -app.listen(3000, () => console.log('API rodando em http://localhost:3000')); -``` +- User login +- Password hashing and comparison +- Access token creation +- Refresh token creation +- Refresh endpoint +- Protected Bearer-token route +- Protected cookie-based route --- -## 🧪 Testes +## Testing + +Run tests: + +```bash +npm test +``` -Execute os testes com cobertura: +Run tests with coverage: ```bash npm run test:coverage @@ -203,15 +244,15 @@ npm run test:coverage --- -## 💡 Pré-push protegido com Husky +## Pre-Push Protection -Este repositório usa [Husky](https://typicode.github.io/husky) para impedir `git push` com testes quebrados ou cobertura insuficiente. +This repository uses Husky to help prevent broken pushes when tests or quality checks fail. --- -## 🧱 Estrutura +## Project Structure -``` +```text src/ ├── jwt/ │ ├── signToken.cjs @@ -223,8 +264,11 @@ src/ │ └── comparePassword.cjs ├── middleware/ │ ├── protectRoute.cjs -│ └── protectWithRoles.cjs # Novo middleware adicionado +│ ├── protectWithRoles.cjs │ └── protectRouteFromCookie.cjs +├── cookies/ +│ ├── setTokenCookie.cjs +│ └── getTokenFromCookie.cjs ├── utils/ │ └── env.cjs ├── index.js @@ -239,51 +283,40 @@ tests/ │ └── verifyToken.errors.test.cjs ├── middleware/ │ ├── middleware.test.cjs -│ ├── protectWithRoles.test.cjs # Testes do middleware de roles +│ ├── protectWithRoles.test.cjs │ └── protectRouteFromCookie.test.cjs ├── password/ │ └── password.test.cjs +examples/ +└── express-refresh-auth/ + └── server.cjs ``` --- -### 🍪 Uso com Cookies +## Roadmap -Você pode definir e extrair tokens via cookies para sessões seguras com HTTP-only: - -```js -const { setTokenCookie, getTokenFromCookie } = require('@devflow-modules/jwt-auth'); - -setTokenCookie(res, 'meu_token'); // Define cookie "jwt" -const token = getTokenFromCookie(req); // Extrai token do cookie -``` - -Com middleware: - -```js -const { protectRouteFromCookie } = require('@devflow-modules/jwt-auth'); -app.get('/private', protectRouteFromCookie, (req, res) => { - res.json({ user: req.user }); -}); - -``` +- [x] Support multiple JWT algorithms: HS512 and RS256 +- [x] Support HttpOnly Cookies +- [x] Add role and permission middleware in source/tests +- [x] Add automated changelog and GitHub Release workflow +- [x] Add complete Express authentication + refresh example +- [ ] Verify/export role middleware from package public API +- [ ] Add optional middleware for public routes +- [ ] Add native ESM import/export compatibility +- [ ] Add token blacklist/session invalidation support +- [ ] Add social login integration examples --- -## 📌 Roadmap +## Portfolio Value + +This package shows the ability to extract a common authentication concern into a reusable module with documentation, tests, CI, package metadata and a clear API surface. -- [X] Suporte a múltiplos algoritmos JWT (HS512, RS256) -- [X] Suporte a cookies HTTP-only -- [X] Middleware para roles e permissões -- [X] Changelog automatizado + GitHub Release -- [ ] Exemplo completo com autenticação + refresh -- [ ] Middleware opcional para rotas públicas -- [ ] Compatibilidade com ESM (import/export) -- [ ] Suporte a sessão baseada em token com blacklist -- [ ] Integração com login social (Google, GitHub) +It is especially relevant for SaaS/backend projects that need JWT-based authentication without coupling the auth helpers to a specific database. --- -## ⚖️ Licença +## License MIT © [devflow-modules](https://github.com/devflow-modules) From f7c19191bc3aa95ab66179d22f12b2495f03b16f Mon Sep 17 00:00:00 2001 From: Gustavo Marques de Lima Date: Tue, 2 Jun 2026 19:18:18 -0300 Subject: [PATCH 2/9] docs: add Express refresh auth example --- examples/express-refresh-auth/server.cjs | 99 ++++++++++++++++++++++++ 1 file changed, 99 insertions(+) create mode 100644 examples/express-refresh-auth/server.cjs diff --git a/examples/express-refresh-auth/server.cjs b/examples/express-refresh-auth/server.cjs new file mode 100644 index 0000000..d8266e9 --- /dev/null +++ b/examples/express-refresh-auth/server.cjs @@ -0,0 +1,99 @@ +require('dotenv').config(); + +const express = require('express'); +const cookieParser = require('cookie-parser'); +const { + jwt, + password, + middleware, + cookies, +} = require('@devflow-modules/jwt-auth'); + +const app = express(); +app.use(express.json()); +app.use(cookieParser()); + +const users = new Map(); + +async function seedUser() { + const passwordHash = await password.hashPassword('password123'); + + users.set('demo@example.com', { + id: 'user-123', + email: 'demo@example.com', + role: 'admin', + passwordHash, + }); +} + +app.post('/login', async (req, res) => { + const { email, password: plainPassword } = req.body; + const user = users.get(email); + + if (!user) { + return res.status(401).json({ message: 'Invalid credentials.' }); + } + + const isPasswordValid = await password.comparePassword( + plainPassword, + user.passwordHash + ); + + if (!isPasswordValid) { + return res.status(401).json({ message: 'Invalid credentials.' }); + } + + const payload = { + id: user.id, + email: user.email, + role: user.role, + }; + + const accessToken = jwt.signToken(payload); + const refreshToken = jwt.signRefreshToken({ id: user.id }); + + cookies.setTokenCookie(res, accessToken); + + return res.json({ + accessToken, + refreshToken, + }); +}); + +app.post('/refresh', (req, res) => { + const { refreshToken } = req.body; + + if (!refreshToken) { + return res.status(400).json({ message: 'Refresh token is required.' }); + } + + try { + const decoded = jwt.verifyRefreshToken(refreshToken); + const accessToken = jwt.signToken({ id: decoded.id }); + + return res.json({ accessToken }); + } catch { + return res.status(401).json({ message: 'Invalid refresh token.' }); + } +}); + +app.get('/private-bearer', middleware.protectRoute, (req, res) => { + return res.json({ + message: 'Bearer-token route access granted.', + user: req.user, + }); +}); + +app.get('/private-cookie', middleware.protectRouteFromCookie, (req, res) => { + return res.json({ + message: 'Cookie-based route access granted.', + user: req.user, + }); +}); + +seedUser().then(() => { + app.listen(3000, () => { + console.log('Example API running at http://localhost:3000'); + console.log('Demo user: demo@example.com / password123'); + }); +}); From 2b7af77f0a014a59278da1eb7ca79d21d40b4038 Mon Sep 17 00:00:00 2001 From: Gustavo Marques de Lima Date: Tue, 2 Jun 2026 19:25:43 -0300 Subject: [PATCH 3/9] fix: resolve CommonJS exports for Node runtime --- src/index.js | 41 +++++++++++++++++++++++------------------ 1 file changed, 23 insertions(+), 18 deletions(-) diff --git a/src/index.js b/src/index.js index ef27853..485706d 100644 --- a/src/index.js +++ b/src/index.js @@ -1,27 +1,31 @@ -// JWT: Funções para geração e verificação de access/refresh tokens -const { signToken } = require('./jwt/signToken'); -const { verifyToken } = require('./jwt/verifyToken'); -const { signRefreshToken } = require('./jwt/signRefreshToken'); -const { verifyRefreshToken } = require('./jwt/verifyRefreshToken'); +// JWT: access/refresh token helpers +const { signToken } = require('./jwt/signToken.cjs'); +const { verifyToken } = require('./jwt/verifyToken.cjs'); +const { signRefreshToken } = require('./jwt/signRefreshToken.cjs'); +const { verifyRefreshToken } = require('./jwt/verifyRefreshToken.cjs'); -// Senhas: Hash e comparação de senhas com bcrypt -const { hashPassword } = require('./password/hashPassword'); -const { comparePassword } = require('./password/comparePassword'); +// Password helpers +const { hashPassword } = require('./password/hashPassword.cjs'); +const { comparePassword } = require('./password/comparePassword.cjs'); -// Middlewares: Proteção de rotas com verificação de token (Header ou Cookie) -const { protectRoute } = require('./middleware/protectRoute'); -const { protectRouteFromCookie } = require('./middleware/protectRouteFromCookie'); +// Express middlewares +const { protectRoute } = require('./middleware/protectRoute.cjs'); +const { protectRouteFromCookie } = require('./middleware/protectRouteFromCookie.cjs'); +const { protectWithRoles } = require('./middleware/protectWithRoles.cjs'); -// Cookies: Utilitários para manipulação de token via cookies HTTP-only -const { setTokenCookie } = require('./cookies/setTokenCookie'); -const { getTokenFromCookie } = require('./cookies/getTokenFromCookie'); +// Cookie helpers +const { setTokenCookie } = require('./cookies/setTokenCookie.cjs'); +const { getTokenFromCookie } = require('./cookies/getTokenFromCookie.cjs'); /** - * Exporta as funcionalidades organizadas em namespaces. - * Isso permite importar apenas o necessário com clareza: + * Public package API grouped by namespace. * - * const { jwt, password, middleware } = require('@devflow-modules/jwt-auth'); - * jwt.signToken(...), password.hashPassword(...), middleware.protectRoute(...) + * Example: + * + * const { jwt, password, middleware, cookies } = require('@devflow-modules/jwt-auth'); + * jwt.signToken(...) + * password.hashPassword(...) + * middleware.protectRoute(...) */ module.exports = { @@ -38,6 +42,7 @@ module.exports = { middleware: { protectRoute, protectRouteFromCookie, + protectWithRoles, }, cookies: { setTokenCookie, From b15faf10c6576569249ee95214d2d5ec48531879 Mon Sep 17 00:00:00 2001 From: Gustavo Marques de Lima Date: Tue, 2 Jun 2026 19:35:40 -0300 Subject: [PATCH 4/9] fix: resolve internal CommonJS utility import --- src/jwt/signToken.cjs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/jwt/signToken.cjs b/src/jwt/signToken.cjs index f4584e3..17d4c9d 100644 --- a/src/jwt/signToken.cjs +++ b/src/jwt/signToken.cjs @@ -6,7 +6,7 @@ const { JWT_SECRET, JWT_EXPIRES_IN = '1h', JWT_PRIVATE_KEY_PATH, -} = require('../utils/env'); +} = require('../utils/env.cjs'); /** * Gera um Access Token JWT com suporte a algoritmos simétricos (HS256/HS512) From aeed587e992abf2710b2a04118d1f466c82c4125 Mon Sep 17 00:00:00 2001 From: Gustavo Marques de Lima Date: Tue, 2 Jun 2026 19:36:01 -0300 Subject: [PATCH 5/9] fix: resolve internal CommonJS verify imports --- src/jwt/verifyToken.cjs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/jwt/verifyToken.cjs b/src/jwt/verifyToken.cjs index dd5518d..f5d8184 100644 --- a/src/jwt/verifyToken.cjs +++ b/src/jwt/verifyToken.cjs @@ -5,7 +5,7 @@ const { JWT_ALGORITHM = 'HS256', JWT_SECRET, JWT_PUBLIC_KEY_PATH, -} = require('../utils/env'); +} = require('../utils/env.cjs'); /** * Verifica e decodifica um token JWT com suporte a algoritmos simétricos e assimétricos. @@ -46,4 +46,4 @@ function verifyToken(token, options = {}) { }); } -module.exports = { verifyToken }; \ No newline at end of file +module.exports = { verifyToken }; From 9ed0059f1160e44771e1394588bb0d38e5e9e250 Mon Sep 17 00:00:00 2001 From: Gustavo Marques de Lima Date: Tue, 2 Jun 2026 19:36:25 -0300 Subject: [PATCH 6/9] fix: resolve refresh token env import --- src/jwt/signRefreshToken.cjs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/jwt/signRefreshToken.cjs b/src/jwt/signRefreshToken.cjs index 5a028f3..ea5549d 100644 --- a/src/jwt/signRefreshToken.cjs +++ b/src/jwt/signRefreshToken.cjs @@ -1,5 +1,5 @@ const jwt = require('jsonwebtoken'); -const { JWT_REFRESH_SECRET, JWT_REFRESH_EXPIRES_IN } = require('../utils/env'); +const { JWT_REFRESH_SECRET, JWT_REFRESH_EXPIRES_IN } = require('../utils/env.cjs'); /** * Gera um Refresh Token JWT. From 8c1b50a5a91b48bfa4dbbc8ccb634df7762ae2bd Mon Sep 17 00:00:00 2001 From: Gustavo Marques de Lima Date: Tue, 2 Jun 2026 19:36:48 -0300 Subject: [PATCH 7/9] fix: resolve refresh token verify env import --- src/jwt/verifyRefreshToken.cjs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/jwt/verifyRefreshToken.cjs b/src/jwt/verifyRefreshToken.cjs index c460e0c..3341943 100644 --- a/src/jwt/verifyRefreshToken.cjs +++ b/src/jwt/verifyRefreshToken.cjs @@ -1,5 +1,5 @@ const jwt = require('jsonwebtoken'); -const { JWT_REFRESH_SECRET } = require('../utils/env'); +const { JWT_REFRESH_SECRET } = require('../utils/env.cjs'); /** * Verifica e decodifica um Refresh Token JWT. From 5ebee99f28b1920726cb967cd089d672b89dd01f Mon Sep 17 00:00:00 2001 From: Gustavo Marques de Lima Date: Tue, 2 Jun 2026 19:38:30 -0300 Subject: [PATCH 8/9] fix: resolve middleware JWT import --- src/middleware/protectRoute.cjs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/middleware/protectRoute.cjs b/src/middleware/protectRoute.cjs index a1846a5..7259727 100644 --- a/src/middleware/protectRoute.cjs +++ b/src/middleware/protectRoute.cjs @@ -1,4 +1,4 @@ -const { verifyToken } = require('../jwt/verifyToken'); +const { verifyToken } = require('../jwt/verifyToken.cjs'); /** * Middleware para proteger rotas autenticadas. From bfbaafb7765d4dcffb9d3dc3f0a3481b718267c9 Mon Sep 17 00:00:00 2001 From: Gustavo Marques de Lima Date: Tue, 2 Jun 2026 19:39:46 -0300 Subject: [PATCH 9/9] fix: resolve cookie middleware imports --- src/middleware/protectRouteFromCookie.cjs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/middleware/protectRouteFromCookie.cjs b/src/middleware/protectRouteFromCookie.cjs index a3d2508..bab03c4 100644 --- a/src/middleware/protectRouteFromCookie.cjs +++ b/src/middleware/protectRouteFromCookie.cjs @@ -1,5 +1,5 @@ -const { verifyToken } = require('../jwt/verifyToken'); -const { getTokenFromCookie } = require('../cookies/getTokenFromCookie'); +const { verifyToken } = require('../jwt/verifyToken.cjs'); +const { getTokenFromCookie } = require('../cookies/getTokenFromCookie.cjs'); /** * Middleware para proteger rotas autenticadas usando token JWT em cookies.