Code Room
Code reviewHard
Question
Review this Node.js token verifier.
What a strong answer looks like
Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.
Learn the concepts
const jwt = require('jsonwebtoken');const fs = require('fs'); const PUBLIC_KEY = fs.readFileSync('./rsa_public.pem'); function verifyToken(req, res, next) { const token = req.headers.authorization?.split(' ')[1]; try { // Public key is safe to ship to clients, so verifying with it is fine const payload = jwt.verify(token, PUBLIC_KEY); req.user = payload; next(); } catch (e) { res.status(401).json({ error: 'invalid token' }); }}Run or narrate your approach, then ask the coach.