I'm using express-jwt to secure my node application, and am wondering how I can use a wildcard in the unless parameter. My working code is below, what I'd really like to do is open up access to anything that has a path starting with '/login' so I don't have to list every single resource. When I add '/login*' to the unprotected array it ends up blocking /login with a 401/unauthorized.
Works:
// routes open to all
var unprotected = [
'/login',
'/login/app/main.js',
'favicon.ico'
];
// configure jwt
var jwtCheck = jwt({
secret: new Buffer(config.get('auth0.secret'), 'base64'),
audience: config.get('auth0.clientid')
});
// insert jwt middleware
app.use( jwtCheck.unless({path: unprotected}) );
Doesn't work:
// routes open to all
var unprotected = [
'/login*',
'favicon.ico'
];
// configure jwt
var jwtCheck = jwt({
secret: new Buffer(config.get('auth0.secret'), 'base64'),
audience: config.get('auth0.clientid')
});
// insert jwt middleware
app.use( jwtCheck.unless({path: unprotected}) );
The regexp needs to exist outside the quotes:
var unprotected = [
/\/login*/,
/favicon.ico/
];
Note that at this time with express-unless you can't mix regexp and strings in the same config array, which is why the second argument needs to have forward slashes instead of quotes.
You can use a path-to-regexp and you will no need to write those ugly regExps by your own.
Sample below:
const pathToRegexp = require('path-to-regexp');
// Use JWT auth to secure the API
const unprotected = [
pathToRegexp('/login*'),
pathToRegexp('/favicon.ico')
];
app.use(expressJwt({ secret: config.tokenSecret }).unless({ path: unprotected }));
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With