From da43e32aded28a8f42579c7331273cb1f6b0f869 Mon Sep 17 00:00:00 2001
From: Jake Kasper <jake.kasper@hpe.com>
Date: Thu, 21 Aug 2025 12:49:56 -0500
Subject: [PATCH] auth fixes

---
 backend/src/middleware/auth.js | 3 +++
 frontend/package.json          | 2 +-
 frontend/src/services/api.js   | 8 +++-----
 3 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/backend/src/middleware/auth.js b/backend/src/middleware/auth.js
index 8977997..95bb70a 100644
--- a/backend/src/middleware/auth.js
+++ b/backend/src/middleware/auth.js
@@ -12,6 +12,9 @@ const authenticateToken = async (req, res, next) => {
     });
   }
 
+  // Log token for debugging (remove in production)
+  console.log('Token received:', token.substring(0, 20) + '...');
+
   try {
     const decoded = jwt.verify(token, process.env.JWT_SECRET);
     
diff --git a/frontend/package.json b/frontend/package.json
index d61da1b..3f6aacd 100644
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -38,7 +38,7 @@
     "typescript": "^4.9.5"
   },
   "scripts": {
-    "start": "DANGEROUSLY_DISABLE_HOST_CHECK=true react-scripts start",
+    "start": "DANGEROUSLY_DISABLE_HOST_CHECK=true WDS_SOCKET_PORT=0 react-scripts start",
     "build": "react-scripts build",
     "test": "react-scripts test",
     "eject": "react-scripts eject"
diff --git a/frontend/src/services/api.js b/frontend/src/services/api.js
index a93dd58..801a2dc 100644
--- a/frontend/src/services/api.js
+++ b/frontend/src/services/api.js
@@ -32,16 +32,14 @@ apiClient.interceptors.response.use(
   (response) => response,
   (error) => {
     // Handle specific error codes
-    if (error.response?.status === 401) {
-      // Unauthorized - clear token and redirect to login
+    if (error.response?.status === 401 || error.response?.status === 403) {
+      // Unauthorized or malformed token - clear token and redirect to login
+      console.log('Clearing invalid token due to auth error:', error.response?.status);
       localStorage.removeItem('authToken');
       // Use React Router navigation instead of hard redirect
       if (window.location.pathname !== '/login' && window.location.pathname !== '/register') {
         window.location.href = '/login';
       }
-    } else if (error.response?.status === 403) {
-      // Forbidden
-      toast.error('You do not have permission to perform this action');
     } else if (error.response?.status >= 500) {
       // Server error
       toast.error('Server error. Please try again later.');