small medium large xlarge

The latest version of the book is P1.0, released 29 days ago. If you've bought a PDF of the book and would like to update it to this version (for free), visit your home page.

By default this page displays the errata for the latest version of the book. If you have a previous version, select it here:

If you've found a new error, please submit it.

  • Typo
  • Tech. error
  • Suggestion
  • Maybe next edition
  • Not a problem
  • Reported in: P1.0 (27-Sep-19)
#85822
PDF page: 186
There is a refactoring of lib/token-auth.js on this page that breaks the JWT authentication. We are attempting to handle corrupted JWT's with a 401, w...more...
Jonathan Lee Martin says: Hi Michael, thanks for reaching out! I double checked pages 106–109 in the PDF (perhaps the page number you mention — 186 — is from the ebook?). It looks like you might have applied one of the steps to a similar looking region; the user variable definitely shouldn't be unused. What do you have immediately following that line? Here's what it should be by midway through page 109 in the PDF version: ``` let tokenAuth = (req, res, next) => { let header = req.headers.authorization || ''; let [type, token] = header.split(' '); if (type === 'Bearer') { let payload; try { payload = jwt.verify(token, signature); } catch(err) { res.sendStatus(401); return; } let user = findUserByToken(payload); if (user) { req.user = user; } else { res.sendStatus(401); return; } } next(); }; ``` My guess is you moved the if-else statement we added on page 107 that comes right after "let user = findUserByToken(payload)" and turned it into the try-catch block we add on page 109, since the code looks quite similar and that code block omits the remaining code with a "[...]". Would you check if that gets you back on track?