I am posting product only if user is Admin, everything is perfect, but unfortunately I am getting "done is not a function" when checking isRevoked token of user. Am I doing anything wrong to check if the user is Admin or not?

I am using express-jwt(7.7.5).

//app.js - File

app.use(authJwt());
app.use(errorHandler);

var { expressjwt: jwt } = require("express-jwt");
const { User } = require("../models/user");

function authJwt() {
    const secret = process.env.secret
    const api = process.env.API_URL;
    return jwt({
        secret,
        algorithms: ['HS256'],
        isRevoked: isRevoked,
    }).unless({
        path: [
            { url: /\/api\/v1\/products(.*)/, methods: ['GET', 'OPTIONS'] },
            { url: /\/api\/v1\/categories(.*)/, methods: ['GET', 'OPTIONS'] },
            `${api}/users/login`,
            `${api}/users/register`,
        ]
    })
}


async function isRevoked(req, payload, done) {
        console.log(payload);
        if (payload.isAdmin == false) {
            console.log('Not Admin');
            done(null, true);
        }
        console.log('Admin');
        done();

}


module.exports = authJwt;

function errorHandler(err, req, res, next) {

    if (err.name === 'UnauthorizedError') {
        // jwt authentication error
        return res.status(400).json({ status: false, message: "User not Authorized" });
    }

    if (err.name === 'ValidationError')
        //Validation error 
        return res.status(401).json({ message: err })

    // default to 500 server error
    console.log("Error Handler = ",err);
    return res.status(500).json({message : err.message});
}

module.exports = errorHandler;

CodePudding user response：

According to the fine manual, an isRevoked function should accept two arguments and return a Promise. There's no third done argument:

async function isRevoked(req, payload) {
  console.log(payload);
  if (payload.isAdmin == false) {
    console.log('Not Admin');
    return true;
  }
  console.log('Admin');
  return false;
}