I'm trying to make a login system in nodejs rest api, and want to protect a route usin jwt token. But the problem is whenever I try to access the protected route with the user token returned by the jwt, it runs the catch(err) block, instead of returning the data in the protected route.
This is how my verifiedToken code looks like:
const jwt = require("jsonwebtoken"); module.exports = function (req, res, next) { const token = req.header("auth-token"); if (!token) return res.status(401).send("Access Denied"); try { const verified = jwt.verify(token, process.env.SECRET); req.user = verified; next(); } catch (err) { res.status(400).send("Invalid Token"); } };This is how my protected route looks like:
router.get("/", verify, async (req, res) => { const userList = await User.find().select("-passwordHash"); if (!userList) { res.status(500).json({ success: false }); console.log("error in userlist"); } res.send(userList); });Here's how I'm generating the JWT in my login route:
router.post("/login", async (req, res) => { const user = await User.findOne({ email: req.body.email, }); if (!user) { return res.status(400).send("The user not found"); } if (user && bcrypt.compareSync(req.body.passwordHash, user.passwordHash)) { const token = jwt.sign( { userId: user.id, }, "process.env.SECRET", { expiresIn: "1d" } ); res.header("auth-token", token).send(token); } else { res.status(400).send("password not match"); } });console.log(err) gives me back this error:
JsonWebTokenError: invalid signature at H:\xanther\authentication-rest\node_modules\jsonwebtoken\verify.js:133:19 at getSecret (H:\xanther\authentication-rest\node_modules\jsonwebtoken\verify.js:90:14) at Object.module.exports [as verify] (H:\xanther\authentication-rest\node_modules\jsonwebtoken\verify.js:94:10) at module.exports (H:\xanther\authentication-rest\routes\verifyToken.js:8:26) at Layer.handle [as handle_request] (H:\xanther\authentication-rest\node_modules\express\lib\router\layer.js:95:5) at next (H:\xanther\authentication-rest\node_modules\express\lib\router\route.js:137:13) at Route.dispatch (H:\xanther\authentication-rest\node_modules\express\lib\router\route.js:112:3) at Layer.handle [as handle_request] (H:\xanther\authentication-rest\node_modules\express\lib\router\layer.js:95:5) at H:\xanther\authentication-rest\node_modules\express\lib\router\index.js:281:22 at Function.process_params (H:\xanther\authentication-rest\node_modules\express\lib\router\index.js:335:12) at next (H:\xanther\authentication-rest\node_modules\express\lib\router\index.js:275:10) at Function.handle (H:\xanther\authentication-rest\node_modules\express\lib\router\index.js:174:3) at router (H:\xanther\authentication-rest\node_modules\express\lib\router\index.js:47:12) at Layer.handle [as handle_request] (H:\xanther\authentication-rest\node_modules\express\lib\router\layer.js:95:5) at trim_prefix (H:\xanther\authentication-rest\node_modules\express\lib\router\index.js:317:13) at H:\xanther\authentication-rest\node_modules\express\lib\router\index.js:284:7can anyone tell me why this is not working as expected?
https://stackoverflow.com/questions/66756984/getting-the-error-from-the-catch-block-even-try-block-should-work March 23, 2021 at 11:44AM
没有评论:
发表评论