0

On one working project I downloaded from internet...

In one location of the code I have the following:

passport.use(new JwtStrategy({
        secretOrKey: credentials.secret,
        jwtFromRequest: ExtractJwt.fromAuthHeader(),
    },
    function(payload, done) {
        User.findById(
            payload._id,
            function(err, user) {
                if (err) {
                    return done(err, false);
                }
                if (user) {
                    return done(null, user);
                } else {
                    return done(null, false);
                }
            }
        );
    }
));

In other location of the code I have the following:

var requireAuth = passport.authenticate('jwt', { session: false });
//...
module.exports = function(app) {
    //...
    authRoutes.get('/protected', requireAuth, function(req, res) {
        res.send({ content: 'Success' });
    });
    //...
}

I have 2 questions here:

1- What about if instead doing: return done(err, false); we do: done(err, false); without return?

2- Is the 3rd argument (that middleware function) in the call of: authRoutes.get(*, *, *) always reached no matter what's going on inside the function: function(payload, done){} (second argument on: new JwtStrategy(*, *)? Notice that middleware function (that 3rd argument) returns a Success response. What about if something goes wrong inside the JWT authentication process?

davidesp
  • 3,743
  • 10
  • 39
  • 77

1 Answers1

0
  1. That's fine. Both cases will result in undefined being returned anyways.
  2. Middleware is executed in the order in which they are defined. So requireAuth will always execute first and then function(req, res){}. But if requireAuth fails for whatever reason, function(req, res){} will be skipped in the middleware stack. Any errors should be handled in error middleware. If you do not handle them, then the whole application will crash.
Cisco
  • 20,972
  • 5
  • 38
  • 60
  • 1- why "Both cases will result in undefined being returned anyways"? – davidesp Apr 26 '18 at 18:00
  • 2- what happens if I remove all the content of the function: `function(err, user) {}`? is still the function in the 3rd argument getting reached? 3- what implication has the calling of function `done()` for that function in the 3rd argument? Could you answer me these 3 questions on your answer above? (by editing it) – davidesp Apr 26 '18 at 18:04
  • Many of the questions you've asked already have answers here on stack overflow such as https://stackoverflow.com/questions/17337064/does-every-javascript-function-have-to-return-a-value You will need to do some searching for them or ask a new question. – Cisco Apr 26 '18 at 18:22
  • sorry Francisco, but my question is not related to the basics of Javascript, which I have been using for more than 15 years. I just want to know what impact could have (how affect) the call to the function: `done(*, *)` on the middleware chain statement: `authRoutes.get('/protected', requireAuth, function(req, res) { ... })` – davidesp Apr 26 '18 at 21:02
  • If you use `done(err, false)` without `return`, then the callback will be properly executed, however the function will continue the execution. In this particular case, there is no harm - e.g. there is no user found, so `return done(null, false)` will be executed. If you don't use `return` here either, then the function will still continue and, upon reaching its end, return automatically. However, if you don't want the function to continue till the end of it, you must use `return`. – Alexander Apr 27 '18 at 09:55
  • Made me actually think if calling `done()` twice has any impact. Not too familiar with passport, but looking at its source and checking how it handles the callback would probably be the way to go to understand it. Generally, you don't want to skip `return` keyword, though. – Alexander Apr 27 '18 at 10:00