leave middleware stack on error

Question

leave middleware stack on error

trendschau opened this issue 5 years ago · 3 comments

I have the following use-case:

the JWT middleware checks the authentication first.
the CSRF middleware checks the csrf-token next.

If the jwt authentication fails, I return an error with the error callback. The problem is, that the application still goes through the whole middleware stack and so the csrf-token gets invalidated. If the user tries the next call (with the old csrf-token), then it does not pass.

Is there any way to leave the stack on error and directly return the response? The "before" middleware would be a perfect fit but it is only executed when JWT authentication is successful, not if there is an error.

Is there any advise for this?

Answer 1 · 2019-07-29T07:06:29.000Z

You could add the CSRF token to the response in the error callback. Changing the order of middlewares might also help.

Answer 2 · 2019-07-29T09:01:21.000Z

thank you, my stupidity, I messed the order of middleware once again. Anyway it seems that the csrf token gets invalidated independent from middleware order. I managed to add a new csrf-token to the response but for some reason that is invalid for a new call, either. Maybe my application still has a wrong logic somehwere. Anywhere, I close this because seems not related to jwt...

Thank you for help

Answer 3 · 2019-07-29T09:08:29.000Z

OMG I am so stupid and destroyed the session somewhere. It is monday morning, sorry....