2

I am new in nodejs,expressjs and trying to authenticate routes using express-jwt package by creating a middleware. Everything is working fine with GET routes but when I am access POST routes and trying to revoke a token, it returns me 500 internal server error without any message. I am very confused that what is the main reason behind this. So guys please help me if possible. My code is as following.

const { expressjwt: expressJwt } = require('express-jwt');

function authJwt() {
    const secret = process.env.secret;
    const api = process.env.API_URL;
    return expressJwt({
        secret,
        algorithms: ['HS256'],
        isRevoked: isRevoked
    }).unless({
        path: [
            {url: /\/api\/v1\/products(.*)/ , methods: ['GET', 'OPTIONS'] },
            {url: /\/api\/v1\/categories(.*)/ , methods: ['GET', 'OPTIONS'] },
            `${api}/users/login`,
            `${api}/users/register`,
        ]
    })
}

async function isRevoked(req,payload,done) {
    if(!payload.isAdmin) {
        return done(null, true);
    }
    done();
}



module.exports = authJwt
Mohd Hasan
  • 324
  • 1
  • 4
  • 17
  • Can you share the request that leads to the 500 response, please? – Heiko Theißen Jul 21 '22 at 14:57
  • It is a POST request on localhost "http://localhost:3000/api/v1/products" – Mohd Hasan Jul 22 '22 at 04:37
  • The `GET` requests are probably working fine, because they are not protected by any authentication ... You could for instance add some exception handling to your `isRevoked` method. – derpirscher Jul 22 '22 at 15:38
  • @MohdHasan I think we're following the same tutorial, Did you find a solution to your problem ? If so please share it to help others – Laspeed Aug 11 '22 at 19:02

4 Answers4

2

this is how I solve this problem:

async function isRevoked(req, token) {
   
    if(!token.payload.isAdmin) {
        return true
    }
     return undefined;
}

isRevoked receives either undefined or true. So if you find the user is not an admin return undefined else return true

Rakin
  • 55
  • 9
  • @Tyler2P isRevoked receives either undefined or true. So if you find the user is not an admin return undefined else return true. – Rakin Aug 20 '22 at 16:30
0
async function isRevoked(req, token) {
  if (!token.payload.isAdmin) {
    return undefined
  }
  return true;
}

The code above works fine on my side, only switched the undefined and true.

Tyler2P
  • 2,324
  • 26
  • 22
  • 31
nininina
  • 1
  • If you have a new question, please ask it by clicking the [Ask Question](https://stackoverflow.com/questions/ask) button. Include a link to this question if it helps provide context. - [From Review](/review/late-answers/32900131) – Tirolel Oct 14 '22 at 09:15
0
async function isRevoked(req, object) {
  console.log('object', object);
  if (object.payload.isAdmin === false) {
    console.log('This is not admin');
    return true;
  }
     
  console.log('This is admin');
  return false;
}

We same in tutorial I solve use this code

Tyler2P
  • 2,324
  • 26
  • 22
  • 31
Tyan Andriansyah
  • 1
-2
async function isRevoked(req, token) {
   
    if(!token.payload.isAdmin) {
        return true
    }
     return undefined;
}

this code, upon running this api in postman,"localhost:3000/api/v1/products", it returns anauthorised error even with bearers token loaded.

pierre
  • 19
  • 3
  • 1
    This does not provide an answer to the question. You can [search for similar questions](/search), or refer to the related and linked questions on the right-hand side of the page to find an answer. If you have a related but different question, [ask a new question](/questions/ask), and include a link to this one to help provide context. See: [Ask questions, get answers, no distractions](/tour) – jmoerdyk Sep 02 '22 at 15:21