jwt.decode() 卡住而不是在格式错误的令牌上返回错误

Question

On an express nodejs server I try to validate a token with the jsonwebtoken package (v8.5.1). I experience something really odd and don't seem to find a solution for this.

Whenever I try to verify a malformed token the jwt.verify method becomes stuck instead of throwing the usual error which I expected. Can someone please point out what I am doing wrong. Underneath you'll find the code which becomes completely stuck.

When the token is valid, the console.log statement returns the content of the jwt. When it is invalid, the console.log statement is never run and the endpoint just never responds. So for some reason, it becomes completely stuck on the jwt.verify method.

 router.post('/session', async (req, res) => { try { const token = req.headers['x-auth-token']; if (!token) { return res.json(false); } const verified = jwt.verify(token, process.env.JWT_SECRET); console.log(verified); if (!verified) { return res.json(false); } return res.json(true); } catch (e) { return res.status(500); } });

Answer 1

Hey in that case I would suggest to use promisify and wait for the promise to throw an error.

 const verified = await promisify(jwt.verify)(req.params.token, process.env.JWT_SECRET);

using this require statement:

 const { promisify } = require('util');

you can check the node.js documentation

Answer 2

I still don't know exactly why it behaved the way it did, but at least I found a workaround that answers immediately when the token is incorrect instead of returning nothing.

I added a callback to the jwt.verify function:

 const verified = jwt.verify( token, process.env.JWT_SECRET, (err, verified) => { if (err) { return res.status(401).json('Error'); } return verified; } );