🛂 security: fix auth token validation flow

2026-02-17 21:33:59 +07:00
parent 63fcd8587b
commit 3122f34093
2 changed files with 5 additions and 3 deletions
--- a/src/helpers/http/jwt/decode/index.ts
+++ b/src/helpers/http/jwt/decode/index.ts
@ -9,7 +9,7 @@ export const jwtDecode = (payload: string) => {
  try {
    const decodedPayload = jwt.verify(payload, JWTKey);
    return decodedPayload as JWTAuthToken;
-  } catch (error) {
-    throw new AppError(401, "Invalid or expired token", error);
+  } catch {
+    throw new AppError(403, "Invalid or expired token");
  }
 };
--- a/src/modules/auth/services/http/tokenValidation.service.ts
+++ b/src/modules/auth/services/http/tokenValidation.service.ts
@ -1,9 +1,11 @@
+import { AppError } from "../../../../helpers/error/instances/app";
 import { ErrorForwarder } from "../../../../helpers/error/instances/forwarder";
 import { jwtDecode } from "../../../../helpers/http/jwt/decode";

 export const tokenValidationService = (payload: string) => {
  try {
-    if (!payload) return null;
+    if (!payload || payload.trim() === "")
+      throw new AppError(401, "Unauthorized: No token provided");
    const decoded = jwtDecode(payload);
    return decoded;
  } catch (error) {