'JWT must be provided - Delete method returning token as null instead of user token
I have issue as title say. I will show you code in NodeJS. Request is blogRouter.delete
controllers/blog.js (only delete method)
const blogsRouter = require('express').Router()
const jwt = require('jsonwebtoken');
const Blog = require('../models/blog')
const User = require('../models/user')
blogsRouter.delete('/:id', async (request, response, next) => {
const token = getTokenFrom(request)
console.log('token: ',token)
try {
const decodedToken = jwt.verify(token, process.env.SECRET)
if (!token || !decodedToken.id) {
return response.status(401).json({ error: 'token missing or invalid' })
}
const userid = await User.findById(decodedToken.id)
const blogs = await Blog.findById(request.params.id)
if(blogs.user.toString() === userid.toString()) {
await Blog.findByIdAndRemove(request.params.id)
response.status(204).end()
} else {
response.status(404).end()
}
}catch(exception){next(exception)}
})
When i console log token i get null via helper function getTokenFrom
getTokenFrom
const getTokenFrom = request => {
const authorization = request.get('authorization')
if (authorization && authorization.toLowerCase().startsWith('bearer ')) {
return authorization.substring(7)
}
return null
}
In post request token working perfectly fine. Im able to create a blog. But when i do the same thing with delete method it wont show token. It says its null. So it returning me my getTokenFrom function correctly but i want to be able to access token in delete method so i can be able to delete certain blog.
controller/login
const jwt = require('jsonwebtoken')
const bcrypt = require('bcryptjs')
const loginRouter = require('express').Router()
const User = require('../models/user')
loginRouter.post('/', async (request, response) => {
const body = request.body
const user = await User.findOne({username: body.username})
const passwordCorrect = user == null ?
false : await bcrypt.compare(body.password, user.passwordHash)
if(!(user && passwordCorrect)) {
return response.status(401).json({
error: "Invalid username or passowrd"
})
}
const userForToken = {
username: user.username,
id: user._id,
}
const token = jwt.sign(userForToken, process.env.SECRET)
response.status(200).send({token, username: user.username, name: user.name})
})
module.exports = loginRouter
https://prnt.sc/qfjgka --> This is a picture. I send http.delete request and i get token null. JWT must be provided. I dont know were is my mistake. I tried a lot of things but it wont work. I tried to define token with token.request.jwt but then i get it undifined.
I just need to access that token somehow in blogRoute.delete method.
Thanks in forward
EDIT : This is my post method and when i console log token here it returns me value of the token but when i do same things in delete method it wont work
blogsRouter.post('/', async (request, response, next) => {
const body = request.body
console.log('body', body)
const token = getTokenFrom(request)
console.log('token: ', token)
try {
const decodedToken = jwt.verify(token, process.env.SECRET)
if (!token || !decodedToken.id) {
return response.status(401).json({ error: 'token missing or invalid' })
}
const user = await User.findById(decodedToken.id)
const blog = new Blog({
title: body.title,
author: body.author,
url: body.url,
likes: body.likes,
user: user._id
})
const savedBlog = await blog.save()
user.blogs = user.blogs.concat(savedBlog._id)
await user.save()
response.json(savedBlog.toJSON())
} catch(exception) {
next(exception)
}
})
Solution 1:[1]
" if (blogs.user.toString() === userid.toString()) {" it is important to restrict user access to his own resources, so that the route is something like: delete posts/:id rather than, delete /users/:uid/posts/:id because hackers will be able to guess out the ids and delete other people's posts.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Frank Guo |