Code Room
Code reviewHardcr-g574
Subject Jwt auth vulnerabilityLevel Senior–Staff~28 minCommon in Security interviewsIndustries Software development, Technology

Question

Review this Node.js JWT verification middleware.

What a strong answer looks like

Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.

Talk through your review
Code to reviewjs
const jwt = require('jsonwebtoken'); function authenticate(req, res, next) {  const token = req.headers.authorization?.split(' ')[1];  const header = JSON.parse(Buffer.from(token.split('.')[0], 'base64').toString());  const decoded = jwt.verify(token, SECRET, { algorithms: [header.alg] });  req.user = decoded;  next();}
Run or narrate your approach, then ask the coach.