diff --git a/src/services/auth.ts b/src/services/auth.ts index 54ed06f..fd0c303 100644 --- a/src/services/auth.ts +++ b/src/services/auth.ts @@ -351,7 +351,17 @@ export async function verifyAccessToken( }) as unknown as JwtPayload; return loadAuthData(payload.sub); } catch (err) { - console.error("JWT verification error:", err); + // An expired or otherwise invalid access token is an EXPECTED condition: + // access tokens live ~15 min, and the client silently refreshes + retries + // on the resulting 401 (see src/admin/utils/api.ts). Logging every such + // case as an error — with a stack trace — floods the logs (roughly every + // 15 min per active user) and buries genuine errors. `JsonWebTokenError` + // is the base class of `TokenExpiredError`/`NotBeforeError`, so this skips + // all normal token-validation failures while still surfacing anything + // unexpected (e.g. a DB failure in loadAuthData). + if (!(err instanceof jwt.JsonWebTokenError)) { + console.error("Unexpected error verifying access token:", err); + } return null; } }