From 3122f340931f1f32714377ab22ee4560b633b180 Mon Sep 17 00:00:00 2001 From: Rafi Arrafif Date: Tue, 17 Feb 2026 21:33:59 +0700 Subject: [PATCH] =?UTF-8?q?=F0=9F=9B=82=20security:=20fix=20auth=20token?= =?UTF-8?q?=20validation=20flow?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/helpers/http/jwt/decode/index.ts | 4 ++-- src/modules/auth/services/http/tokenValidation.service.ts | 4 +++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/src/helpers/http/jwt/decode/index.ts b/src/helpers/http/jwt/decode/index.ts index caed720..36aee54 100644 --- a/src/helpers/http/jwt/decode/index.ts +++ b/src/helpers/http/jwt/decode/index.ts @@ -9,7 +9,7 @@ export const jwtDecode = (payload: string) => { try { const decodedPayload = jwt.verify(payload, JWTKey); return decodedPayload as JWTAuthToken; - } catch (error) { - throw new AppError(401, "Invalid or expired token", error); + } catch { + throw new AppError(403, "Invalid or expired token"); } }; diff --git a/src/modules/auth/services/http/tokenValidation.service.ts b/src/modules/auth/services/http/tokenValidation.service.ts index 602748c..6bf5b4a 100644 --- a/src/modules/auth/services/http/tokenValidation.service.ts +++ b/src/modules/auth/services/http/tokenValidation.service.ts @@ -1,9 +1,11 @@ +import { AppError } from "../../../../helpers/error/instances/app"; import { ErrorForwarder } from "../../../../helpers/error/instances/forwarder"; import { jwtDecode } from "../../../../helpers/http/jwt/decode"; export const tokenValidationService = (payload: string) => { try { - if (!payload) return null; + if (!payload || payload.trim() === "") + throw new AppError(401, "Unauthorized: No token provided"); const decoded = jwtDecode(payload); return decoded; } catch (error) {