Invalid Token JWT

Question

I've got a problem, when I'm trying to use the get method in the "localhost:3300/api/user/all" (or any other) it shows me an error in Postman ""error": "Invalid token"". I'm putting my token in the Authorization header using format "Bearer ". I'm clueless what can cause it.

My user.js

const express = require("express");
const router = express.Router();
const User = require("../models/user");
const {
  verifyToken,
  verifyTokenAndAdmin,
} = require("../routes/verifyToken");

router.get("/:id", verifyToken, async (req, res) => {
  try {
    const user = await User.findById(req.params.id);
    if (!user) {
      return res.status(404).json({ error: "User not found" });
    }
    res.json(user);
  } catch (err) {
    res.status(500).json({ error: err.message });
  }
});

router.get("/", verifyTokenAndAdmin, async (req, res) => {
  try {
    const users = await User.find({});
    res.json(users);
  } catch (err) {
    res.status(500).json({ error: err.message });
  }
});
router.put("/:id", verifyToken, async (req, res) => {
  try {
    const user = await User.findById(req.params.id);
    if (!user) {
      return res.status(404).json({ error: "User not found" });
    }
    user.firstName = req.body.firstName;
    user.lastName = req.body.lastName;
    user.address = req.body.address;
    user.phone = req.body.phone;
    user.dateOfBirth = req.body.dateOfBirth;

    const updatedUser = await user.save();
    res.json(updatedUser);
  } catch (err) {
    res.status(500).json({ error: err.message });
  }
});

router.delete("/:id", verifyTokenAndAdmin, async (req, res) => {
  try {
    const user = await User.findById(req.params.id);
    if (!user) {
      return res.status(404).json({ error: "User not found" });
    }

    await user.remove();
    res.json({ message: "User deleted successfully" });
  } catch (err) {
    res.status(500).json({ error: err.message });
  }
});

module.exports = router;

My verifyToken.js

const jwt = require("jsonwebtoken");



const verifyToken = (req, res, next) => {
  const authtoken = req.header("Authorization");
  const token = authtoken.split(" ")[1];

  if (!token) {
    return res.status(401).json({ error: "No token, authorization denied" });
  }

  try {
    const decoded = jwt.verify(token, process.env.JWT_SECRET);
    req.user = decoded;
    next();
  } catch (err) {
    console.log(token)
    res.status(401).json({ error: "Invalid token" });
  }
};
const verifyTokenAndAdmin = (req, res, next) => {
  verifyToken(req, res, () => {
    // Check if the user is an admin
    if (!req.user.isAdmin) {
      return res.status(403).json({ error: "Admin access required" });
    }
    next();
  });
};

const verifyTokenAndAuth = (req, res, next) => {
  verifyToken(req, res, () => {

    next();
  });
};

module.exports = {
  verifyToken,
  verifyTokenAndAdmin,
  verifyTokenAndAuth,
};

Answer 1

Did you inspect the server logs?

It looks like you should change verifyToken in verifyToken.js to log the error in the catch block instead of the token. That should get you closer to debugging.

Most likely the error is thrown in this line:

const decoded = jwt.verify(token, process.env.JWT_SECRET);

Either the verification fails or JWT_SECRET is invalid.

Change the lines below to see the error:

  } catch (err) {
    console.log(err) // <- err instead of token
    res.status(401).json({ error: "Invalid token" });
  }