0

I am stucking with this code. I need to check if a token is ok before proceed to a an "api" route. My problem is my callback in the line

checkTokenAlive(token, function (err) {

never returns.

What am I doing wrong?

const express = require('express')
const app = express()
const server = require('http').Server(app)
....
checkTokenAlive = (decoded, cb) => {
    const now = Date.now().valueOf() / 1000
    if (typeof decoded.exp !== 'undefined' && decoded.exp < now) {
        cb(`token expired: ${JSON.stringify(decoded)}`)
    }
    if (typeof decoded.nbf !== 'undefined' && decoded.nbf > now) {
        cb(`token not yet valid: ${JSON.stringify(decoded)}`)
    }
}
checkTokenAuthenticated = (req, res, next) => {
    let token = req.body.token;
    checkTokenAlive(token, function (err) {

       console.log('I am here');  //problem - never called
       if (err) {
            console.log(err)
            return res.status(400).end(err)
        }
        return next()
    });
}

app.post('/api', checkTokenAuthenticated, async (req, res) => {
    ....
})
Improve this question
3
  • Well, if both decoded.exp and decoded.nbf are undefined or have certain values then you never call your callback. And, since those values come from req.body which can contain anything from an incoming request, that is clearly a problem. Also, it appears that you don't call the callback when the token is still valid. Commented Feb 28, 2020 at 14:13
  • I think, your both if condition if (typeof decoded.exp !== 'undefined' && decoded.exp < now) { and if (typeof decoded.nbf !== 'undefined' && decoded.nbf > now) inside checkTokenAlive function are evaluated to false. So, it never reaches cb Commented Feb 28, 2020 at 14:13
  • Hi, Thank you friends. It was it Commented Feb 28, 2020 at 14:20

1 Answer 1

Reset to default
1

It appears your logic is flawed in checkTokenAlive() because you may never call the callback under some conditions (like when the token is valid) and you could even call it twice. I don't know exactly what all the conditions should be, but here's one idea:

checkTokenAlive = (decoded, cb) => {
    const now = Date.now().valueOf() / 1000;
    if (!decoded || typeof decoded.exp !== "number" || typeof decoded.nbf !== number") {
        cb(`invalid or missing token`);
    } else if (decoded.exp < now) {
        cb(`token expired: ${JSON.stringify(decoded)}`)
    } else if (decoded.nbf > now) {
        cb(`token not yet valid: ${JSON.stringify(decoded)}`)
    } else {
        // token looks good
        cb();
    }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.