There are a few things that I'd change about this file:
Firstly it's not really a handler (it doesn't respond to a request), it just validates authentication and passes that validation on to a handler. It should probably be moved to a different directory in your app (for example helpers or authentication).
There are some unnecessary requires (bcrypt, qs handleError).
You're calling jwt.verify with a callback which makes it asynchronous. Either change the whole function to be callback based (probably the better option) or use the non-callback jwt.verify:
jwt.verify(token, 'secret');
Your secret should be stored in environment variables! There's no point in signing cookies if you post the secret openly on GitHub.
No need to pass in res if you're not using it, you could even just only give handleAuth access to req.headers.cookie because you don't need anything else from the req object.
There are a few things that I'd change about this file:
jwt.verify
with a callback which makes it asynchronous. Either change the whole function to be callback based (probably the better option) or use the non-callbackjwt.verify
:res
if you're not using it, you could even just only givehandleAuth
access to req.headers.cookie because you don't need anything else from thereq
object.Something like:
This would mean changing the way the function is called in your routers also (the routes would need to be wrapped in the callback). #