fix: suppress expired-token log noise and redirect expired sessions to login (#241)

## Summary - **Server**: `authMiddleware` no longer calls `logger.error` for expired tokens — expiry is expected behaviour, not an error. Only tampered signatures and malformed tokens (genuinely suspicious) still log. - **Client**: `fetchJson` now handles 401 responses by clearing `elysium_token` and `elysium_save_signature` from localStorage and redirecting to `/`. Players whose 30-day token has expired will see the login page instead of a stuck "Invalid or expired token" error screen with no recovery path. Closes #241 ✨ This PR was created with help from Hikari~ 🌸 Reviewed-on: #241 Co-authored-by: Hikari <hikari@nhcarrigan.com> Co-committed-by: Hikari <hikari@nhcarrigan.com>
2026-04-06 20:17:28 -07:00
parent 3afe64e48a
commit 2bc47b79aa
3 changed files with 51 additions and 11 deletions
@@ -35,12 +35,16 @@ export const authMiddleware: MiddlewareHandler<HonoEnvironment> = async(
    const payload = verifyToken(token);
    context.set("discordId", payload.discordId);
  } catch (error) {
-    void logger.error(
-      "auth_middleware",
-      error instanceof Error
-        ? error
-        : new Error(String(error)),
-    );
+    const isExpiredToken
+      = error instanceof Error && error.message === "Token has expired";
+    if (!isExpiredToken) {
+      void logger.error(
+        "auth_middleware",
+        error instanceof Error
+          ? error
+          : new Error(String(error)),
+      );
+    }
    return context.json({ error: "Invalid or expired token" }, 401);
  }