zhlajiex
commited on
Commit
·
bdb0988
1
Parent(s):
0c4f642
Fix: Stabilize authentication system with default secrets and better error handling
Browse files- backend/middleware/auth.js +3 -1
- backend/public/chat.html +8 -0
- backend/server.js +5 -0
backend/middleware/auth.js
CHANGED
|
@@ -20,8 +20,10 @@ exports.protect = asyncHandler(async (req, res, next) => {
|
|
| 20 |
return next(new ErrorResponse('Not authorized: Neural token missing', 401));
|
| 21 |
}
|
| 22 |
|
|
|
|
|
|
|
| 23 |
try {
|
| 24 |
-
const decoded = jwt.verify(token, process.env.JWT_SECRET);
|
| 25 |
req.user = await User.findById(decoded.id);
|
| 26 |
|
| 27 |
if (!req.user) {
|
|
|
|
| 20 |
return next(new ErrorResponse('Not authorized: Neural token missing', 401));
|
| 21 |
}
|
| 22 |
|
| 23 |
+
console.log(`[DEBUG_AUTH] Verifying token: ${token.substring(0, 10)}... (Length: ${token.length})`);
|
| 24 |
+
|
| 25 |
try {
|
| 26 |
+
const decoded = jwt.verify(token, process.env.JWT_SECRET || 'secret');
|
| 27 |
req.user = await User.findById(decoded.id);
|
| 28 |
|
| 29 |
if (!req.user) {
|
backend/public/chat.html
CHANGED
|
@@ -284,6 +284,14 @@
|
|
| 284 |
async function init() {
|
| 285 |
try {
|
| 286 |
const res = await fetch(`${API_BASE}/api/users/profile`, { headers: { 'Authorization': `Bearer ${token}` } });
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 287 |
const data = await res.json();
|
| 288 |
if (data.success) {
|
| 289 |
const p = data.data.preferences || {};
|
|
|
|
| 284 |
async function init() {
|
| 285 |
try {
|
| 286 |
const res = await fetch(`${API_BASE}/api/users/profile`, { headers: { 'Authorization': `Bearer ${token}` } });
|
| 287 |
+
|
| 288 |
+
if (res.status === 401) {
|
| 289 |
+
console.error("Neural link unauthorized. Clearing local storage.");
|
| 290 |
+
localStorage.removeItem('token');
|
| 291 |
+
window.location.href = '/auth?error=UNAUTHORIZED';
|
| 292 |
+
return;
|
| 293 |
+
}
|
| 294 |
+
|
| 295 |
const data = await res.json();
|
| 296 |
if (data.success) {
|
| 297 |
const p = data.data.preferences || {};
|
backend/server.js
CHANGED
|
@@ -18,6 +18,11 @@ const { syncToCloud, restoreFromCloud } = require('./services/persistenceService
|
|
| 18 |
|
| 19 |
dotenv.config();
|
| 20 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 21 |
// Connect to Cloud Database
|
| 22 |
connectDB();
|
| 23 |
restoreFromCloud();
|
|
|
|
| 18 |
|
| 19 |
dotenv.config();
|
| 20 |
|
| 21 |
+
// Critical Environment Defaults
|
| 22 |
+
process.env.JWT_SECRET = process.env.JWT_SECRET || 'TITAN_CORE_BETA_SECRET_2026';
|
| 23 |
+
process.env.JWT_EXPIRE = process.env.JWT_EXPIRE || '30d';
|
| 24 |
+
process.env.JWT_COOKIE_EXPIRE = process.env.JWT_COOKIE_EXPIRE || '30';
|
| 25 |
+
|
| 26 |
// Connect to Cloud Database
|
| 27 |
connectDB();
|
| 28 |
restoreFromCloud();
|