express-jwt Not respecting unprotected paths

Instead of using all:

app.all('/apiv1', token.unless({ path: ['apiv1/user/create', '/apiv1/auth/login']}));

Try using use and adding in the path route a slash / at the beginning:

app.use('/apiv1', token.unless({ path: ['/apiv1/user/create', '/apiv1/auth/login']}));

Here it is an example that is working:

app.js:

var express = require('express');var app = express();var expressJwt = require('express-jwt');var jwt = require('jsonwebtoken');var secret = 'secret';app.use('/api', expressJwt({secret: secret}).unless({path: ['/api/token']}));app.get('/api/token', function(req, res) {  var token = jwt.sign({foo: 'bar'}, secret);  res.send({token: token});});app.get('/api/protected', function(req, res) {  res.send('hello from /api/protected route.');});app.use(function(err, req, res, next) {  res.status(err.status || 500).send(err);});app.listen(4040, function() {  console.log('server up and running at 4040 port');});module.exports = app;

test.js:

var request = require('supertest');var app = require('./app.js');describe('Test API', function() {  var token = '';  before(function(done) {    request(app)      .get('/api/token')      .end(function(err, response) {        if (err) { return done(err); }        var result = JSON.parse(response.text);        token = result.token;        done();      });  });  it('should not be able to consume /api/protected since no token was sent', function(done) {    request(app)      .get('/api/protected')      .expect(401, done);  });  it('should be able to consume /api/protected since token was sent', function(done) {    request(app)      .get('/api/protected')      .set('Authorization', 'Bearer ' + token)      .expect(200, done);  });});