From 67cc0fb846966d2687ee3ab092b0ef14c4158be6 Mon Sep 17 00:00:00 2001 From: ansien12 Date: Tue, 30 Jul 2019 22:00:08 +0200 Subject: [PATCH] Add a check to make sure provided secret is a string. ``` const JWTOptions: JwtAuthOptions = { secret: process.env.JWT_SECRET as string, timeout: 5_000, decodedPropertyName: 'decodedToken', }; ``` Without the change I made and the options snipped above where the secret is actualy "undefined" because the .env file wasn't loaded yet you get a really weird situation that's very hard to debug. With "undefined" used as secret the client will successfully connect and send its "authenticate" event without a problem. But the server will not do anything. No errors, no timeouts, nothing. --- lib/index.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/index.js b/lib/index.js index 46d4d66..947dc61 100644 --- a/lib/index.js +++ b/lib/index.js @@ -111,6 +111,10 @@ function noQsMethod(options) { function authorize(options, onConnection) { options = xtend({ decodedPropertyName: 'decoded_token', encodedPropertyName: 'encoded_token' }, options); + + if (typeof options.secret !== 'string') { + throw new Error(`Provided secret "${options.secret}" is invalid, must be of type string.`) + } if (!options.handshake) { return noQsMethod(options);