Conversation
api/routes/auth.js
Outdated
| if (!username) throw new Error(`Username required to login`) | ||
|
|
||
| const guest = await User.findOne({username}) | ||
| const isValid = bcrypt.compare(password, guest.password) |
There was a problem hiding this comment.
I think this might need an await?
api/routes/auth.js
Outdated
| //make sure request body is OK - 400 | ||
| const { permissions } = req.body | ||
| const { id } = req.params | ||
| if ( permissions !== (true || false)) throw new Error (`There was a problem with your request body`) |
There was a problem hiding this comment.
This won't work like you want because of the way JS evaluates code. In this case, the first thing that's evaluated will be true || false which will evaluate to true. Then, you'll be left with the statement permissions !== true.
api/routes/auth.js
Outdated
| res.status(status).json({status}) | ||
|
|
||
| } catch (e) { | ||
| if (e.message == 'There was a problem with your request body') { |
There was a problem hiding this comment.
I don't know if this is the best way to capture the messages, although I see where you're going! Instead, maybe throw a "key" that you can interpret. For example:
if (!updatedUser) throw new Error('user_does_not_exist')
// ...
if (e.message == 'user_does_not_exist') { /* ... */ }This might be a bit easier in that if you want to change the message, you can do so more easily.
| } | ||
| //try/catch | ||
| try { | ||
| const payload = jsonwebtoken.verify(token, SECRET_KEY) |
There was a problem hiding this comment.
This is what you want to use for whether or not the person is authorized. Just having a token is not enough.
2 participants
Finishing up