From 0a9f011f08d554459e0e3865104d243a7adfa09b Mon Sep 17 00:00:00 2001
From: Rafi Arrafif <rafiarrafif05@gmail.com>
Date: Wed, 21 Jan 2026 10:29:48 +0700
Subject: [PATCH] =?UTF-8?q?=F0=9F=94=92=20security:=20handle=20unauthoriza?=
 =?UTF-8?q?tion=20user?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 shared/models/auth/validateAndDecodeJWT.ts | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/shared/models/auth/validateAndDecodeJWT.ts b/shared/models/auth/validateAndDecodeJWT.ts
index a62fce6..ba60b0d 100644
--- a/shared/models/auth/validateAndDecodeJWT.ts
+++ b/shared/models/auth/validateAndDecodeJWT.ts
@@ -29,8 +29,13 @@ export interface UserSession {
   exp: number;
 }
 
-export const validateAndDecodeJWT = async (): Promise<UserSession> => {
+export const validateAndDecodeJWT = async (): Promise<UserSession | null> => {
   const cookieHeader = (await cookies()).get("auth_token")?.value;
+
+  if (!cookieHeader) {
+    return null;
+  }
+
   const res = (await backendFetch("auth/token/validate", {
     method: "POST",
     body: JSON.stringify({