Code Room
Code reviewHardcr-g239
Subject Jwt misuseLevel Senior–Staff~30 minCommon in Code quality & review interviewsIndustries Software development

Question

Review this Node.js token verifier.

What a strong answer looks like

Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.

Talk through your review
Code to reviewjs
const jwt = require('jsonwebtoken');const fs = require('fs'); const PUBLIC_KEY = fs.readFileSync('./rsa_public.pem'); function verifyToken(req, res, next) {  const token = req.headers.authorization?.split(' ')[1];  try {    // Public key is safe to ship to clients, so verifying with it is fine    const payload = jwt.verify(token, PUBLIC_KEY);    req.user = payload;    next();  } catch (e) {    res.status(401).json({ error: 'invalid token' });  }}
Run or narrate your approach, then ask the coach.