-1

I'm working with jsonwebtoken and Im not entirely sure how it works. I have normal sign in sign up routes that should go before the .verify function. Ive used jwt many times but never had tried using routes before it.

Here is my routes files

var express = require('express');
var router = express.Router();
var usersController = require('../controllers').users;
var jwt = require('jsonwebtoken');



router.post('/signup', function(req,res,next) {
  return usersController.signup(req,res);
});

router.post('/signin', function(req,res,next) {
  return usersController.signin(req,res);
});

router.post('/social-signin', function(req,res,next) {
  return usersController.authSignin(req,res);
});

router.use('/auth', function (req,res,next) {
  jwt.verify(req.query.token, 'secret', function (err, decoded) {
    if (err) {
      return res.status(401).json({
        title: 'You are not authorized to do that',
        error: "Please sign out and sign back in"
      })
    }
  });
  next();
});

router.get('/auth', function(req,res){
  return usersController.getUser(req, res);
});

router.patch('/auth/update/:userId', function(req,res) {
  return usersController.update(req,res);
});

router.delete('/auth/delete', function(req,res,next) {
  return usersController.destroy(req,res);
});



module.exports = router;

Im receiving this error when doing a GET request for getUser. 

HttpErrorResponse {headers: HttpHeaders, status: 401, statusText: "Unauthorized", url: "http://localhost:3000/user/auth?token=eyJhbGciOiJI…3Njd9.FE3sYhOSFhfhnxkACKSmclcHEWKVhpItuAMqBl-A-5w", ok: false, …}
error
:
{title: "You are not authorized to do that", error: "Please sign out and sign back in"}
headers
:
HttpHeaders {normalizedNames: Map(0), lazyUpdate: null, lazyInit: ƒ}
message

I know its probably simple but I just have no idea.

*** Here is the code for getUser

getUser: function getUser(req, res) {
    var decoded = jwt.decode(req.query.token);
    return User.findOne({
      where: {
        id: decoded.user.id
      }
    }).then(function(user){
      return res.status(200).json({
        title: "User found",
        obj: user
      });
    }).catch(function(error) {
      return res.status(400).json({
        title: 'There was an error getting user!',
        error: error
      });
    });
  },
Jonathan Corrin
  • 1,219
  • 4
  • 17
  • 42

1 Answers1

0

In your auth, try:

router.use('/auth', function (req,res,next) {
  jwt.verify(req.query.token, 'secret', function (err, decoded) {
    if (err) {
      return next(new Error('You are not authorized to do that'));
    }
  });
  next();
});

This is still an issue

Since your getUser returns a Promise, and you are just returning that from your route. I believe you want to wait on the result of the Promise, before returning from your route.

CSharpAtl
  • 7,374
  • 8
  • 39
  • 53
  • I updated it to show the error I'm getting normally. The headers error is on the server side but the updated error is what Im receiving client side – Jonathan Corrin Aug 24 '17 at 04:21
  • That helped me get a better error. It was still only giving me you are not authorized to that. I separated my user into two files because I can't seem to set routes before that code you have above. – Jonathan Corrin Aug 24 '17 at 05:23