Handling parameterised routes in express-jwt using unless

Question

Given the following route:

router.get('/api/members/confirm/:id, function (req, res, next)

how do I specify the route to be excluded? I have tried:

app.use('/api', expressJwt({ secret: config.secret}).unless({path: ['/api/members/confirm']}));

and

app.use('/api', expressJwt({ secret: config.secret}).unless({path: ['/api/members/confirm/:id']}));

but neither path in the unless array seem to work?

score 25 · Accepted Answer · answered May 31 '15 at 16:37

The express-jwt module is using express-unless to give you this unless method, which doesn't accept express' :param path arguments syntax.

But it does accept a regex, so you could do this:

app.use('/api', expressJwt({ secret: config.secret}).unless({path: [/^\/api\/members\/confirm\/.*/]}));

If you don't like that, you can also give unless a function:

var myFilter = function(req) {return true;}
app.use('/api', expressJwt({ secret: config.secret}).unless(myFilter));

score 15 · Answer 2 · answered Oct 05 '18 at 18:52

You must be using regex to achieve what you are looking for, and you can also add in another field to specify what methods are allowed like so:

expressJwt({ secret, isRevoked }).unless({
    path: [
        { url: /^\/api\/members\/confirm\/.*/, methods: ['GET', 'PUT'] }
    ]
})

2 Answers2