nhcarrigan/elysium
9
0
Fork 0
generated from nhcarrigan/template
Code Issues 5 Pull Requests 1 Actions Releases 10 Activity

fix: suppress expired-token log noise and redirect expired sessions to login #241

Merged
naomi merged 1 commits from fix/auth into main 2026-04-06 20:17:29 -07:00
Conversation 0 Commits 1 Files Changed 3
+51 -11
hikari commented 2026-04-06 20:13:38 -07:00
Owner
Copy Link
Copy Source

Summary

  • Server: authMiddleware no longer calls logger.error for expired tokens — expiry is expected behaviour, not an error. Only tampered signatures and malformed tokens (genuinely suspicious) still log.
  • Client: fetchJson now handles 401 responses by clearing elysium_token and elysium_save_signature from localStorage and redirecting to /. Players whose 30-day token has expired will see the login page instead of a stuck "Invalid or expired token" error screen with no recovery path.

Closes #241

This PR was created with help from Hikari~ 🌸

## Summary - **Server**: `authMiddleware` no longer calls `logger.error` for expired tokens — expiry is expected behaviour, not an error. Only tampered signatures and malformed tokens (genuinely suspicious) still log. - **Client**: `fetchJson` now handles 401 responses by clearing `elysium_token` and `elysium_save_signature` from localStorage and redirecting to `/`. Players whose 30-day token has expired will see the login page instead of a stuck "Invalid or expired token" error screen with no recovery path. Closes #241 ✨ This PR was created with help from Hikari~ 🌸
hikari added 1 commit 2026-04-06 20:13:38 -07:00
fix: suppress expired-token log noise and redirect expired sessions to login
Security Scan and Upload / Security & DefectDojo Upload (pull_request) Successful in 1m11s
Details
CI / Lint, Build & Test (pull_request) Successful in 1m14s
Details
d5284ff78c 
- authMiddleware no longer logs token expiry as an error; only tampered
  or malformed tokens (genuinely suspicious) trigger logger.error
- fetchJson clears elysium_token and elysium_save_signature from
  localStorage and redirects to / on any 401, so players with expired
  sessions see the login page instead of a stuck error screen
naomi merged commit 2bc47b79aa into main 2026-04-06 20:17:29 -07:00
naomi deleted branch fix/auth 2026-04-06 20:17:29 -07:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
aspect
code
Concerns the software code in the repository
aspect
dx
Concerns developers' experience with the codebase
aspect
interface
Concerns end-users' experience with the software
aspect
text
Concerns the documentation material in the repository
contribute
good first issue
A great opportunity for a team member to learn a new codebase
contribute
help wanted
Open for anyone on our team to grab.
contribute
staff only
Restricted to our executive leadership.
goal
addition
Addition of new feature
goal
fix
Bug fix
goal
improvement
Improvement to an existing feature
points
1
Very simple issue requiring minimal effort and complexity.
points
13
Extremely complex issue representing major undertakings. Should be broken down into smaller pieces.
points
2
Simple issue that requires a bit more thought or investigation.
points
3
Moderate complexity issue requiring more substantial work.
points
5
Complex issue requiring significant effort and expertise.
points
8
Very complex issue requiring extensive work and deep expertise.
priority
critical
1
Must be fixed ASAP
priority
high
2
Stalls work on the project or its dependents
priority
low
4
Low priority and doesn't need to be rushed
priority
medium
3
Not blocking but should be fixed soon
priority
none
5
No priority, should only be performed when a developer is available
status
awaiting triage
Has not been triaged & therefore, not ready for work
status
blocked
Blocked and therefore not ready for work
status
discarded
Will not be worked on
status
discontinued
Not suitable for work as repo is in maintenance
status
label work required
Needs proper labelling before it can be worked on
status
ready for dev
Ready for work
status
ticket work required
Needs more details before it can be worked on
talk
discussion
Open for discussions and feedback
talk
question
Can be resolved with an answer
time
1 day
Approximately one full day of development work.
time
1-2 weeks
One to two weeks of focused development effort.
time
2-3 days
Two to three days of development effort.
time
4-5 days
Approximately one week of development work.
time
<1 day
Less than one day of focused work. Quick fixes or simple tasks.
time
>2 weeks
More than two weeks of development work. Must be broken down into smaller pieces.
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
gurkirat hanna (Hanna Rose) hikari (Hikari) minori (Minori) naomi (Naomi Carrigan) rain teklu tim
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: nhcarrigan/elysium#241
Delete Branch "fix/auth"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?