auth fixes

backend/src/middleware/auth.js

@@ -12,6 +12,9 @@ const authenticateToken = async (req, res, next) => {
     });
   }
 
+  // Log token for debugging (remove in production)
+  console.log('Token received:', token.substring(0, 20) + '...');
+
   try {
     const decoded = jwt.verify(token, process.env.JWT_SECRET);
     

frontend/package.json

@@ -38,7 +38,7 @@
     "typescript": "^4.9.5"
   },
   "scripts": {
-    "start": "DANGEROUSLY_DISABLE_HOST_CHECK=true react-scripts start",
+    "start": "DANGEROUSLY_DISABLE_HOST_CHECK=true WDS_SOCKET_PORT=0 react-scripts start",
     "build": "react-scripts build",
     "test": "react-scripts test",
     "eject": "react-scripts eject"

frontend/src/services/api.js

@@ -32,16 +32,14 @@ apiClient.interceptors.response.use(
   (response) => response,
   (error) => {
     // Handle specific error codes
-    if (error.response?.status === 401) {
-      // Unauthorized - clear token and redirect to login
+    if (error.response?.status === 401 || error.response?.status === 403) {
+      // Unauthorized or malformed token - clear token and redirect to login
+      console.log('Clearing invalid token due to auth error:', error.response?.status);
       localStorage.removeItem('authToken');
       // Use React Router navigation instead of hard redirect
       if (window.location.pathname !== '/login' && window.location.pathname !== '/register') {
         window.location.href = '/login';
       }
-    } else if (error.response?.status === 403) {
-      // Forbidden
-      toast.error('You do not have permission to perform this action');
     } else if (error.response?.status >= 500) {
       // Server error
       toast.error('Server error. Please try again later.');