Node.js callback for jwt.verify()
Question
I have an authentication route on my Node.js server that authenticates requests:
app.get('/loggedin', auth, function(req, res){
console.log(req.authenticated);
res.send(req.authenticated ? req.authenticated: false)
})
As I understand it, auth is run before app.get() . Here is the code for auth :
var jwt = require('jsonwebtoken');
var config = require('./config');
module.exports = function(req,res,next){
var bearerHeader = req.headers['authorization'];
var token;
console.log(bearerHeader);
req.authenticated = false;
if (bearerHeader){
console.log("11111");
var bearer = bearerHeader.split(" ");
token = bearer[1];
jwt.verify(token, config.secret, function (err, decoded){
console.log("22222");
if (err){
console.log(err);
req.authenticated = false;
req.decoded = null;
} else {
console.log("33333");
req.decoded = decoded;
req.authenticated = true;
}
});
}
next();
}
On the server log, however, I receive the following output:
Bearer jsflkdjlsdfjksodfkjlsdfjkls
11111
false
22222
33333
This means that there is a token on the client's side, and that is passes the jwt verification. However, the server decides to begin running app.get() before it finishes returning information in the authentication callback. What gives?
3 answers
solution1
8 2019-01-29 10:51:19
According to jwt documentation you can implement the jwt.verify() method with two options:
Asynchronous: If a callback is supplied, function acts asynchronously. The callback is called with the decoded payload if the signature is valid and optional expiration, audience, or issuer are valid. If not, it will be called with the error.
// async
jwt.verify(token, pass, (err, decoded) => { async callback } );
Synchronous: If a callback is not supplied, function acts synchronously. Returns the payload decoded if the signature is valid and optional expiration, audience, or issuer are valid. If not, it will throw the error.
//sync
try {
const decoded = jwt.verify(token, pass);
}
catch (ex) { console.log(ex.message); }
solution2
3 2016-07-22 18:59:37
Ok just fixed it. The problem is that jwt.verify() is async, so it won't do it immediately. The only way to get around this to call next() only after you've got either result:
module.exports = function(req,res,next){
var bearerHeader = req.headers['authorization'];
var token;
console.log(bearerHeader);
req.authenticated = false;
if (bearerHeader){
console.log("11111");
var bearer = bearerHeader.split(" ");
token = bearer[1];
jwt.verify(token, config.secret, function (err, decoded){
console.log("22222");
if (err){
console.log(err);
req.authenticated = false;
req.decoded = null;
next();
} else {
console.log("33333");
req.decoded = decoded;
req.authenticated = true;
next();
}
});
}
}
solution3
1 2020-06-19 16:21:31
You can use synchronous version and promisify
const promisify = fn => {
return (...args) => {
return new Promise((resolve, reject) => {
function customCallback(err, ...results) {
if (err) {
return reject(err);
}
return resolve(results.length === 1 ? results[0] : results)
}
args.push(customCallback);
fn.call(this, ...args);
})
}
}
// inside your code for varification
promisify(jwt.verify)(token, process.env.JWT_SECRET)
.then(result => {
console.log(result);
}).catch(err => {
console.log(err);
});
next();
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.