generated from nhcarrigan/template
fix: suppress expired-token log noise and redirect expired sessions to login (#241)
## Summary - **Server**: `authMiddleware` no longer calls `logger.error` for expired tokens — expiry is expected behaviour, not an error. Only tampered signatures and malformed tokens (genuinely suspicious) still log. - **Client**: `fetchJson` now handles 401 responses by clearing `elysium_token` and `elysium_save_signature` from localStorage and redirecting to `/`. Players whose 30-day token has expired will see the login page instead of a stuck "Invalid or expired token" error screen with no recovery path. Closes #241 ✨ This PR was created with help from Hikari~ 🌸 Reviewed-on: #241 Co-authored-by: Hikari <hikari@nhcarrigan.com> Co-committed-by: Hikari <hikari@nhcarrigan.com>
This commit was merged in pull request #241.
This commit is contained in:
@@ -35,12 +35,16 @@ export const authMiddleware: MiddlewareHandler<HonoEnvironment> = async(
|
||||
const payload = verifyToken(token);
|
||||
context.set("discordId", payload.discordId);
|
||||
} catch (error) {
|
||||
void logger.error(
|
||||
"auth_middleware",
|
||||
error instanceof Error
|
||||
? error
|
||||
: new Error(String(error)),
|
||||
);
|
||||
const isExpiredToken
|
||||
= error instanceof Error && error.message === "Token has expired";
|
||||
if (!isExpiredToken) {
|
||||
void logger.error(
|
||||
"auth_middleware",
|
||||
error instanceof Error
|
||||
? error
|
||||
: new Error(String(error)),
|
||||
);
|
||||
}
|
||||
return context.json({ error: "Invalid or expired token" }, 401);
|
||||
}
|
||||
|
||||
|
||||
@@ -6,18 +6,26 @@ vi.mock("../../src/services/jwt.js", () => ({
|
||||
verifyToken: vi.fn(),
|
||||
}));
|
||||
|
||||
vi.mock("../../src/services/logger.js", () => ({
|
||||
logger: {
|
||||
error: vi.fn().mockResolvedValue(undefined),
|
||||
},
|
||||
}));
|
||||
|
||||
describe("authMiddleware", () => {
|
||||
beforeEach(() => {
|
||||
vi.resetModules();
|
||||
vi.clearAllMocks();
|
||||
});
|
||||
|
||||
const makeApp = async () => {
|
||||
const { authMiddleware } = await import("../../src/middleware/auth.js");
|
||||
const { verifyToken } = await import("../../src/services/jwt.js");
|
||||
const { logger } = await import("../../src/services/logger.js");
|
||||
const app = new Hono<{ Variables: { discordId: string } }>();
|
||||
app.use("*", authMiddleware);
|
||||
app.get("/test", (c) => c.json({ discordId: c.get("discordId") }));
|
||||
return { app, verifyToken };
|
||||
return { app, logger, verifyToken };
|
||||
};
|
||||
|
||||
it("returns 401 when Authorization header is missing", async () => {
|
||||
@@ -45,8 +53,8 @@ describe("authMiddleware", () => {
|
||||
expect(body.discordId).toBe("user_123");
|
||||
});
|
||||
|
||||
it("returns 401 when verifyToken throws", async () => {
|
||||
const { app, verifyToken } = await makeApp();
|
||||
it("returns 401 and logs when verifyToken throws a non-expiry error", async () => {
|
||||
const { app, logger, verifyToken } = await makeApp();
|
||||
vi.mocked(verifyToken).mockImplementationOnce(() => {
|
||||
throw new Error("Invalid token");
|
||||
});
|
||||
@@ -54,10 +62,15 @@ describe("authMiddleware", () => {
|
||||
headers: { Authorization: "Bearer bad_token" },
|
||||
}));
|
||||
expect(res.status).toBe(401);
|
||||
/* eslint-disable-next-line @typescript-eslint/consistent-type-assertions -- logger mock requires cast */
|
||||
expect((logger.error as ReturnType<typeof vi.fn>)).toHaveBeenCalledWith(
|
||||
"auth_middleware",
|
||||
expect.any(Error),
|
||||
);
|
||||
});
|
||||
|
||||
it("returns 401 when verifyToken throws a non-Error value", async () => {
|
||||
const { app, verifyToken } = await makeApp();
|
||||
it("returns 401 and logs when verifyToken throws a non-Error value", async () => {
|
||||
const { app, logger, verifyToken } = await makeApp();
|
||||
vi.mocked(verifyToken).mockImplementationOnce(() => {
|
||||
throw "raw string error";
|
||||
});
|
||||
@@ -65,5 +78,23 @@ describe("authMiddleware", () => {
|
||||
headers: { Authorization: "Bearer bad_token" },
|
||||
}));
|
||||
expect(res.status).toBe(401);
|
||||
/* eslint-disable-next-line @typescript-eslint/consistent-type-assertions -- logger mock requires cast */
|
||||
expect((logger.error as ReturnType<typeof vi.fn>)).toHaveBeenCalledWith(
|
||||
"auth_middleware",
|
||||
expect.any(Error),
|
||||
);
|
||||
});
|
||||
|
||||
it("returns 401 without logging when token has expired", async () => {
|
||||
const { app, logger, verifyToken } = await makeApp();
|
||||
vi.mocked(verifyToken).mockImplementationOnce(() => {
|
||||
throw new Error("Token has expired");
|
||||
});
|
||||
const res = await app.fetch(new Request("http://localhost/test", {
|
||||
headers: { Authorization: "Bearer expired_token" },
|
||||
}));
|
||||
expect(res.status).toBe(401);
|
||||
/* eslint-disable-next-line @typescript-eslint/consistent-type-assertions -- logger mock requires cast */
|
||||
expect((logger.error as ReturnType<typeof vi.fn>)).not.toHaveBeenCalled();
|
||||
});
|
||||
});
|
||||
|
||||
@@ -92,6 +92,11 @@ const fetchJson = async <T>(
|
||||
= typeof errorBody.error === "string"
|
||||
? errorBody.error
|
||||
: "Unknown error";
|
||||
if (response.status === 401) {
|
||||
globalThis.localStorage.removeItem("elysium_token");
|
||||
globalThis.localStorage.removeItem("elysium_save_signature");
|
||||
globalThis.location.href = "/";
|
||||
}
|
||||
if (response.status >= 400 && response.status < 500) {
|
||||
throw new ValidationError(message, response.status);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user