我正面临一个问题,我的应用程序正在崩溃与JWT令牌过期错误。我也改变了秘密密钥,但我仍然面临同样的问题。
代码如下:
Mddleware:
const auth = async (req, res, next) => {
try {
const token = req.headers.authorization.split(" ")[1];
const isCustomAuth = token?.length < 500;
if (!token)
{return res.status(401).json({ message: "No token provided" });}
let decodedData;
if(token && isCustomAuth){
decodedData= verifyToken(token);
req.userId = decodedData?.id;
}
else{
decodedData = jwt.decode(token);
console.log(decodedData + "decoded token");
req.userId = decodedData?.sub;
}
next();
} catch (error) {
console.log(error);
res.status(403).json({ message: "Token is not valid" });
throw Error();
}
};
import jwt from "jsonwebtoken";
const secret = process.env.SECRET;
export const generateToken = (data) => {
try {
return jwt.sign({ email: data.email, id: data._id }, secret , { expiresIn: "24h" });
} catch(e) {
throw new Error(e)
}
}
export const verifyToken = (token) => {
try {
return jwt.verify(token, secret);
} catch(e) {
throw new Error(e)
}
}
应用程序崩溃说jwt过期错误。请帮助。
问题可能是您的catch语句:
const auth = async (req, res, next) => {
try {
// ...
} catch (error) {
console.log(error);
res.status(403).json({ message: "Token is not valid" });
throw Error(); // <--- Remove this. Don't throw in a middleware, an error response is enough
}
};
顺便说一下,还有一个提高的机会。下面的catch什么都不做,甚至是错误的(您正在将一个错误实例传递给另一个error),所以我建议您完全删除try-catch,或者在那里返回一些空值。
export const verifyToken = (token) => {
try {
return jwt.verify(token, secret);
} catch(e) {
throw new Error(e) // <---- You are catching only to re-throw another error, not to mention this is a wrong way to create an error.
}
}
应该是
export const verifyToken = (token) => {
return jwt.verify(token, secret);
}
或this,然后在中间件
中处理空值export const verifyToken = (token) => {
try {
return jwt.verify(token, secret);
} catch(e) {
return null;
}
}