Error not shown on Postman and causes NodeJS server to crash

Question

I am working on user authentication and creating a protected route using JWT. I have an authMiddleware that should throw an error if there's no token. When testing this with Postman (providing no token), Postman shows

Could not get response
Error: read ECONNRESET 

and the server crashes. This is the error shown on the console:

throw new Error("Not authorized");
            ^

Error: Not authorized at protect (file:///C:/Users/Suleyman/Desktop/converter/server/middleware/authMiddleware.js:26:13)

Somehow I am getting an error on the line itself + the actual error message, but the server crashes, needing to be restarted. I am using an errorMiddleware, which I don't think is the issue. Here's my related code:

authMiddleware:

import User from '../models/userModel.js';

export const protect = async (req, res, next) => {
  let token;

  if (
    req.headers.authorization &&
    req.headers.authorization.startsWith("Bearer")
  ) {
    try {
      // Get token from header
      token = req.headers.authorization.split(" ")[1];

      // Verify token
      const decoded = jwt.verify(token, process.env.JWT_SECRET);

      // Get user from the token
      req.user = await User.findById(decoded.id).select("-password");

      next();
    } catch (error) {
      console.log(error);
      res.status(401);
      throw new Error("Not authorized");
    }
  }

  if (!token) {
    res.status(401);
    throw new Error("Not authorized, no token");
  }
}; 

controller file:

 // Get Me

export const getMe =  (req,res) => {
   res.json({message:'user data'})
} 

userRoutes

import { getMe, loginUser, registerUser } from "../controllers/userController.js";
import { protect } from "../middleware/authMiddleware.js";

const router = express.Router();



router.post("/register", registerUser);
router.post("/login", loginUser);
router.get("/me",protect, getMe);
 
export default router;

Answer 1

The problem is in your catch:

catch (error) {
  console.log(error);
  res.status(401);
  throw new Error("Not authorized"); // you should remove this line
}

Your catch get the error, but then you're throwing a new one which won't be catched by anyone: that's where your server is crashing.

A better way would be to pass the error to next , so it can be detected and handled in your error middleware (with your res.sendStatus(401) ):

catch (error) {
  console.error(error);
  next(error);
}

( console.error may be moved in the error middleware as well)

Answer 2

Your code should be the following one Because you need to send the error message in the response, So instead of throwing the error, you need to send the error using the res.status(status_code).send('error message').

import User from '../models/userModel.js';

export const protect = async (req, res, next) => {
  let token;

  if (
    req.headers.authorization &&
    req.headers.authorization.startsWith("Bearer")
  ) {
    try {
      // Get token from header
      token = req.headers.authorization.split(" ")[1];

      // Verify token
      const decoded = jwt.verify(token, process.env.JWT_SECRET);

      // Get user from the token
      req.user = await User.findById(decoded.id).select("-password");

      next();
    } catch (error) {
      console.log(error);
      // throw new Error("Not authorized");
      res.status(401).send("Not authorized");
    }
  }

  if (!token) {
    // throw new Error("Not authorized, no token");
    res.status(401).send('"Not authorized, no token"')
  }
};