Challenge - 5 Problems

🎖️

JWT Middleware Master

Get all challenges correct to earn this badge!

Test your skills under time pressure!

❓ component_behavior

intermediate

2:00remaining

What does this JWT verification middleware do?

Consider this Express middleware that verifies a JWT token from the request header. What will happen if the token is missing?

Express

import jwt from 'jsonwebtoken';

const verifyToken = (req, res, next) => {
  const token = req.headers['authorization'];
  if (!token) {
    return res.status(401).json({ message: 'No token provided' });
  }
  jwt.verify(token, 'secretkey', (err, decoded) => {
    if (err) {
      return res.status(403).json({ message: 'Failed to authenticate token' });
    }
    req.userId = decoded.id;
    next();
  });
};

export default verifyToken;

AThe middleware throws an error and crashes the server.

BThe middleware calls next() without any checks and allows the request to continue.

CThe middleware sends a 403 response with message 'Failed to authenticate token' immediately.

DThe middleware sends a 401 response with message 'No token provided' and stops further processing.

Attempts:

2 left

📝 Syntax

intermediate

2:00remaining

Which option correctly verifies a JWT token asynchronously?

Choose the code snippet that correctly verifies a JWT token using the jsonwebtoken library in Express middleware.

Ajwt.verify(token, 'secretkey', (err, decoded) => { if (err) return res.status(403).send('Invalid token'); req.user = decoded; next(); });

Bconst decoded = jwt.verify(token, 'secretkey'); req.user = decoded; next();

Cjwt.verify(token, 'secretkey', (decoded, err) => { if (err) return res.status(403).send('Invalid token'); req.user = decoded; next(); });

Djwt.verify(token, (err, decoded) => { if (err) return res.status(403).send('Invalid token'); req.user = decoded; next(); });

Attempts:

2 left

🔧 Debug

advanced

2:00remaining

Why does this JWT middleware crash the server?

Look at this middleware code. Why does it crash the server when an invalid token is sent?

Express

import jwt from 'jsonwebtoken';

const verifyToken = (req, res, next) => {
  const token = req.headers['authorization'];
  const decoded = jwt.verify(token, 'secretkey');
  req.userId = decoded.id;
  next();
};

export default verifyToken;

ABecause next() is called before jwt.verify completes.

BBecause the token is missing and the code does not check for it.

CBecause jwt.verify throws an error on invalid token and it is not caught, crashing the server.

DBecause the secret key is incorrect.

Attempts:

2 left

❓ state_output

advanced

2:00remaining

What is the value of req.userId after this middleware runs with a valid token?

Given this middleware and a valid JWT token with payload { id: 42 }, what will req.userId be?

Express

import jwt from 'jsonwebtoken';

const verifyToken = (req, res, next) => {
  const token = req.headers['authorization'];
  jwt.verify(token, 'secretkey', (err, decoded) => {
    if (err) {
      return res.status(403).json({ message: 'Invalid token' });
    }
    req.userId = decoded.id;
    next();
  });
};

export default verifyToken;

A42

Bundefined

Cnull

DThrows an error

Attempts:

2 left

🧠 Conceptual

expert

2:00remaining

Why is it important to call next() only after successful JWT verification?

In Express middleware for JWT verification, why should next() be called only after the token is verified successfully?

ATo improve server performance by skipping token verification for all requests.

BTo prevent unauthorized requests from reaching protected routes by stopping the request early.

CTo allow all requests to pass through regardless of token validity.

DTo automatically refresh the JWT token for the user.

Attempts:

2 left