Code Room
Code reviewHardcr-g034
Subject Auth bypassLevel Senior–Staff~30 minCommon in Security interviewsIndustries Software development

Question

Review this Node.js JWT verification middleware.

What a strong answer looks like

Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.

Talk through your review
Code to reviewjs
const jwt = require('jsonwebtoken'); function authenticate(req, res, next) {  const token = (req.headers.authorization || '').replace('Bearer ', '');  try {    const payload = jwt.verify(token, PUBLIC_KEY);    req.user = payload;    next();  } catch {    return res.status(401).json({ error: 'unauthorized' });  }}
Run or narrate your approach, then ask the coach.