I am posting product only if user is Admin, everything is perfect, but unfortunately I am getting "done is not a function" when checking isRevoked
token of user. Am I doing anything wrong to check if the user is Admin or not?
I am using express-jwt(7.7.5).
//app.js - File
app.use(authJwt());
app.use(errorHandler);
var { expressjwt: jwt } = require("express-jwt");
const { User } = require("../models/user");
function authJwt() {
const secret = process.env.secret
const api = process.env.API_URL;
return jwt({
secret,
algorithms: ['HS256'],
isRevoked: isRevoked,
}).unless({
path: [
{ url: /\/api\/v1\/products(.*)/, methods: ['GET', 'OPTIONS'] },
{ url: /\/api\/v1\/categories(.*)/, methods: ['GET', 'OPTIONS'] },
`${api}/users/login`,
`${api}/users/register`,
]
})
}
async function isRevoked(req, payload, done) {
console.log(payload);
if (payload.isAdmin == false) {
console.log('Not Admin');
done(null, true);
}
console.log('Admin');
done();
}
module.exports = authJwt;
function errorHandler(err, req, res, next) {
if (err.name === 'UnauthorizedError') {
// jwt authentication error
return res.status(400).json({ status: false, message: "User not Authorized" });
}
if (err.name === 'ValidationError')
//Validation error
return res.status(401).json({ message: err })
// default to 500 server error
console.log("Error Handler = ",err);
return res.status(500).json({message : err.message});
}
module.exports = errorHandler;
CodePudding user response:
According to the fine manual, an isRevoked
function should accept two arguments and return a Promise. There's no third done
argument:
async function isRevoked(req, payload) {
console.log(payload);
if (payload.isAdmin == false) {
console.log('Not Admin');
return true;
}
console.log('Admin');
return false;
}