fix(auth): stop logging expected token expiry as an error

verifyAccessToken logged every invalid/expired access token via console.error with a full stack trace. Access tokens are ~15 min and the client silently refreshes + retries on the 401, so this is an expected condition that flooded production logs (~every 15 min per active user) and buried real errors. Now only genuinely unexpected failures (non-JsonWebTokenError, e.g. a DB error in loadAuthData) are logged. No behavior change — verification still returns null on any token error.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
BOHA
2026-06-06 01:23:56 +02:00
parent 4a78d31a7f
commit 88c9b7c2b8

View File

@@ -351,7 +351,17 @@ export async function verifyAccessToken(
}) as unknown as JwtPayload;
return loadAuthData(payload.sub);
} catch (err) {
console.error("JWT verification error:", err);
// An expired or otherwise invalid access token is an EXPECTED condition:
// access tokens live ~15 min, and the client silently refreshes + retries
// on the resulting 401 (see src/admin/utils/api.ts). Logging every such
// case as an error — with a stack trace — floods the logs (roughly every
// 15 min per active user) and buries genuine errors. `JsonWebTokenError`
// is the base class of `TokenExpiredError`/`NotBeforeError`, so this skips
// all normal token-validation failures while still surfacing anything
// unexpected (e.g. a DB failure in loadAuthData).
if (!(err instanceof jwt.JsonWebTokenError)) {
console.error("Unexpected error verifying access token:", err);
}
return null;
}
}