Search code examples
javascriptnode.jserror-handlingjwtmern

Error not shown on Postman and causes NodeJS server to crash

I am working on user authentication and creating a protected route using JWT. I have an authMiddleware that should throw an error if there's no token. When testing this with Postman (providing no token), Postman shows

Could not get response
Error: read ECONNRESET

and the server crashes. This is the error shown on the console:

throw new Error("Not authorized");
            ^

Error: Not authorized at protect (file:///C:/Users/Suleyman/Desktop/converter/server/middleware/authMiddleware.js:26:13)

Somehow I am getting an error on the line itself + the actual error message, but the server crashes, needing to be restarted. I am using an errorMiddleware, which I don't think is the issue. Here's my related code:

authMiddleware:


import User from '../models/userModel.js';

export const protect = async (req, res, next) => {
  let token;

  if (
    req.headers.authorization &&
    req.headers.authorization.startsWith("Bearer")
  ) {
    try {
      // Get token from header
      token = req.headers.authorization.split(" ")[1];

      // Verify token
      const decoded = jwt.verify(token, process.env.JWT_SECRET);

      // Get user from the token
      req.user = await User.findById(decoded.id).select("-password");

      next();
    } catch (error) {
      console.log(error);
      res.status(401);
      throw new Error("Not authorized");
    }
  }

  if (!token) {
    res.status(401);
    throw new Error("Not authorized, no token");
  }
};

controller file:

 // Get Me

export const getMe =  (req,res) => {
   res.json({message:'user data'})
}

userRoutes

import { getMe, loginUser, registerUser } from "../controllers/userController.js";
import { protect } from "../middleware/authMiddleware.js";

const router = express.Router();



router.post("/register", registerUser);
router.post("/login", loginUser);
router.get("/me",protect, getMe);
 
export default router;
Solution

  • The problem is in your catch:

    catch (error) {
  console.log(error);
  res.status(401);
  throw new Error("Not authorized"); // you should remove this line
}

    Your catch get the error, but then you're throwing a new one which won't be catched by anyone: that's where your server is crashing.

    A better way would be to pass the error to next, so it can be detected and handled in your error middleware (with your res.sendStatus(401)):

    catch (error) {
  console.error(error);
  next(error);
}

    (console.error may be moved in the error middleware as well)