fix(auth): stop logging expected token expiry as an error
verifyAccessToken logged every invalid/expired access token via console.error with a full stack trace. Access tokens are ~15 min and the client silently refreshes + retries on the 401, so this is an expected condition that flooded production logs (~every 15 min per active user) and buried real errors. Now only genuinely unexpected failures (non-JsonWebTokenError, e.g. a DB error in loadAuthData) are logged. No behavior change — verification still returns null on any token error. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -351,7 +351,17 @@ export async function verifyAccessToken(
|
|||||||
}) as unknown as JwtPayload;
|
}) as unknown as JwtPayload;
|
||||||
return loadAuthData(payload.sub);
|
return loadAuthData(payload.sub);
|
||||||
} catch (err) {
|
} catch (err) {
|
||||||
console.error("JWT verification error:", err);
|
// An expired or otherwise invalid access token is an EXPECTED condition:
|
||||||
|
// access tokens live ~15 min, and the client silently refreshes + retries
|
||||||
|
// on the resulting 401 (see src/admin/utils/api.ts). Logging every such
|
||||||
|
// case as an error — with a stack trace — floods the logs (roughly every
|
||||||
|
// 15 min per active user) and buries genuine errors. `JsonWebTokenError`
|
||||||
|
// is the base class of `TokenExpiredError`/`NotBeforeError`, so this skips
|
||||||
|
// all normal token-validation failures while still surfacing anything
|
||||||
|
// unexpected (e.g. a DB failure in loadAuthData).
|
||||||
|
if (!(err instanceof jwt.JsonWebTokenError)) {
|
||||||
|
console.error("Unexpected error verifying access token:", err);
|
||||||
|
}
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user