Missing Error Handler on aliasHandler

[theRichu]

Hi,

I encounter 'unhandled rejection' error when upgrade moleculer-web v0.6.3 to v.0.8.0

and I've found error handler is missing on aliasHandler,

In my situation,
in authorize function, return promise with rejection I've got unhandled rejection error

 return Promise.reject(new UnAuthorizedError(ERR_NO_TOKEN))

and my suggestion

src/index.js :392

        // If not, it handled request/response by itself. Break the flow.
       return true;
        })
        .catch(err => this.sendError(req, res, err));
},

[icebob]

Thanks, I'm fixing.

[icebob]

Could you show relevant parts of your code? I can't reproduce it. For me, no unhandled rejection, the error goes back to the caller properly.

Custom alias:

aliases: {
	"POST users": "users.create",
	"health": "$node.health",
	"custom"(req, res) {
		res.writeHead(201);
		res.end();
	}
},

with this authorize: https://github.com/moleculerjs/moleculer-web/blob/master/examples/full/index.js#L299

[theRichu]

Not in alias,
rejection in authorize method,
I called action to service via broker

You may reproduce this way,

const {
  UnAuthorizedError
} = ApiGateway.Errors

authorize (ctx, route, req, res) {
    if (req.needAuth !== 'required') {
        return ctx
      }
      let token
      if (req.headers.authorization) {
        let type = req.headers.authorization.split(' ')[0]
        if (type === 'Token') {
          token = req.headers.authorization.split(' ')[1]
        }
      }
      if (req.needAuth === 'required' && !token) {
        return Promise.reject(new UnAuthorizedError(ERR_NO_TOKEN))
      }
      // Verify JWT token
      return ctx.call('users.resolveToken', {
        token
      })
        .then(user => {
          return Promise.reject(new UnAuthorizedError(ERR_NO_TOKEN))
        })
}

and request any route.

and get
Unhandled rejection TokenExpiredError: jwt expired

[icebob]

By the error message, I think the problem is not in authorize, but in users.resolveToken. Could you show the source of this action?

[theRichu]

resolveToken: {
      cache: {
        keys: ['token'],
        ttl: 60 * 60 // 1 hour
      },
      params: {
        token: 'string'
      },
      handler (ctx) {
        return new this.Promise((resolve, reject) => {
          jwt.verify(ctx.params.token, this.settings.JWT_SECRET, (err, decoded) => {
            if (err) {
              return reject(err)
            }
            resolve(decoded)
          })
        }).then(decoded => {
          if (decoded.user) {
            return User.findOne({
              where: {
                id: decoded.user
              }
            }).then(user => {
              return user.dataValues
            })
          }
        })
      }
    },

This is my resolveToken code

[theRichu]

I know the error message is from jwtwebtoken package,
the problem is I can't handle the rejection error anywhere.
So, request are just pending when token is expired or invalid.

I just want to response error code and message.

[icebob]

The return reject(err) is called when the token is expired or invalid?

[theRichu]

Yes,

[icebob]

I tried it but no unhandled rejection. Could you create a small repro repo?

[theRichu]

https://github.com/theRichu/moleculer-web-unhandled

check this repo please

[icebob]

Thanks. The unhandled issue is fixed in the master branch. You can update & test it with npm i moleculerjs/moleculer-web.
By the way, the calling order changed and there is a side effect in your repo. The onBeforeCall & authorize are called before action middlewares. So 'GET /user/me': [auth.required(), 'users.me'] won't work because the authorize called sooner than auth.required().