From 287daf91250d8c8057262ecaf19e16a1fb212484 Mon Sep 17 00:00:00 2001
From: kolaente <k@knt.li>
Date: Fri, 29 Sep 2023 10:38:00 +0200
Subject: [PATCH] fix(auth): silently discard invalid auth tokens and log the
 user out

---
 src/stores/auth.ts | 30 +++++++++++++++++++-----------
 1 file changed, 19 insertions(+), 11 deletions(-)

diff --git a/src/stores/auth.ts b/src/stores/auth.ts
index cdb69b5cc..663920d12 100644
--- a/src/stores/auth.ts
+++ b/src/stores/auth.ts
@@ -226,15 +226,20 @@ export const useAuthStore = defineStore('auth', () => {
 		const jwt = getToken()
 		let isAuthenticated = false
 		if (jwt) {
-			const base64 = jwt
-				.split('.')[1]
-				.replace('-', '+')
-				.replace('_', '/')
-			const info = new UserModel(JSON.parse(atob(base64)))
-			const ts = Math.round((new Date()).getTime() / MILLISECONDS_A_SECOND)
-			isAuthenticated = info.exp >= ts
-			// Settings should only be loaded from the api request, not via the jwt
-			setUser(info, false)
+			try {
+				const base64 = jwt
+					.split('.')[1]
+					.replace('-', '+')
+					.replace('_', '/')
+				const info = new UserModel(JSON.parse(atob(base64)))
+				const ts = Math.round((new Date()).getTime() / MILLISECONDS_A_SECOND)
+
+				isAuthenticated = info.exp >= ts
+				// Settings should only be loaded from the api request, not via the jwt
+				setUser(info, false)
+			} catch (e) {
+				logout()
+			}
 
 			if (isAuthenticated) {
 				await refreshUserInfo()
@@ -292,11 +297,14 @@ export const useAuthStore = defineStore('auth', () => {
 
 			return newUser
 		} catch (e) {
-			if(e?.response?.data?.message === 'invalid or expired jwt') {
-				logout()
+			if(e?.response?.status === 401 ||
+				e?.response?.data?.message === 'missing, malformed, expired or otherwise invalid token provided') {
+				await logout()
 				return
 			}
 			
+			console.log('continuerd')
+			
 			const cause = {e}
 			
 			if (typeof e?.response?.data?.message !== 'undefined') {