How to get token from unprotected route

[neurosnap]

Hey all, I have routes that are unprotected but I still want to grab the user information if they provide an Authorization token, how could this be accomplished using this library? It seems like I either have to protect the routes to get the ctx.state.user object or leave them unprotected and not have access to the state user object.

Thanks!

[sdd]

You can initialize koajwt with the option passthrough:true to ensure that downstream middleware is called even when the auth fails. Then you can create a further middleware that returns a 401 if ctx.state.user is empty and use that for the authenticated routes.

[sdd]

Actually now that I think about it, this won't work. Why do you want to do this? You could do this by using the jsonwebtoken library's jwt.decode function directly for the unprotected routes. See https://www.npmjs.com/package/jsonwebtoken#jwtdecodetoken--options

[neurosnap]

Why do you want to do this?

I have an entity that can be publicly visible but depending on the record property (entity.public: true/false) it determines whether the person requesting the data has access to it.

So for example, let's say I'm rebuilding github and I want to fetch a specific repository. I want that endpoint to be public because the system allows for public repos that don't require authorization. But if the resource the user is trying to fetch is private then I need to reject the request. Does that make sense?

Yeah that was my thinking as well: rebuild the parts of koa-jwt that extract the authorization header and manually add a ctx.state.user object for those unprotected routes.