no more 401 error for publicly browsing user

2025-10-07 11:43:05 -04:00
parent 9a9e96d007
commit 299522b3a6
8 changed files with 1272 additions and 249 deletions
--- a/backend/middleware/apiLogger.js
+++ b/backend/middleware/apiLogger.js
@@ -37,7 +37,10 @@ const apiLogger = (req, res, next) => {
    };

    if (res.statusCode >= 400 && res.statusCode < 500) {
-      reqLogger.warn('API Response - Client Error', responseData);
+      // Don't log 401s for /users/profile - these are expected auth checks
+      if (!(res.statusCode === 401 && req.url === '/profile')) {
+        reqLogger.warn('API Response - Client Error', responseData);
+      }
    } else if (res.statusCode >= 500) {
      reqLogger.error('API Response - Server Error', responseData);
    } else {
--- a/backend/middleware/auth.js
+++ b/backend/middleware/auth.js
@@ -58,4 +58,40 @@ const authenticateToken = async (req, res, next) => {
  }
 };

-module.exports = { authenticateToken };
+// Optional authentication - doesn't return 401 if no token, just continues
+const optionalAuth = async (req, res, next) => {
+  // Try to get token from cookie
+  let token = req.cookies?.accessToken;
+
+  if (!token) {
+    // No token is fine for optional auth, just continue
+    req.user = null;
+    return next();
+  }
+
+  try {
+    const decoded = jwt.verify(token, process.env.JWT_SECRET);
+    const userId = decoded.id;
+
+    if (!userId) {
+      req.user = null;
+      return next();
+    }
+
+    const user = await User.findByPk(userId);
+
+    if (!user) {
+      req.user = null;
+      return next();
+    }
+
+    req.user = user;
+    next();
+  } catch (error) {
+    // Token invalid/expired is fine for optional auth
+    req.user = null;
+    next();
+  }
+};
+
+module.exports = { authenticateToken, optionalAuth };
--- a/backend/package-lock.json
+++ b/backend/package-lock.json
--- a/backend/package.json
+++ b/backend/package.json
@@ -22,6 +22,7 @@
  "license": "ISC",
  "dependencies": {
    "@aws-sdk/client-ses": "^3.896.0",
+    "@aws-sdk/credential-providers": "^3.901.0",
    "@googlemaps/google-maps-services-js": "^3.4.2",
    "bcryptjs": "^3.0.2",
    "body-parser": "^2.2.0",
--- a/backend/routes/auth.js
+++ b/backend/routes/auth.js
@@ -416,4 +416,19 @@ router.post("/logout", (req, res) => {
  res.json({ message: "Logged out successfully" });
 });

+// Auth status check endpoint - returns 200 regardless of auth state
+const { optionalAuth } = require("../middleware/auth");
+router.get("/status", optionalAuth, async (req, res) => {
+  if (req.user) {
+    res.json({
+      authenticated: true,
+      user: req.user
+    });
+  } else {
+    res.json({
+      authenticated: false
+    });
+  }
+});
+
 module.exports = router;