MS
Back to missions

CR-037

Fix Auth Middleware Token Expiry

The verifyToken middleware is silently returning 401 when a token is within the 60-second grace window. Your job is to harden the check, ship a regression test, and deploy.

SecurityMedium
45m
+220 XP

Brief

An on-call alert just paged you. Users with valid-but-about-to- expire JWTs are being kicked out mid-session. The logs show a 401 at verifyToken, but the token is still technically within its 60-second grace window.

Audit the middleware, identify the off-by-one, and ship a fix covered by a regression test. Bonus points for clarity in your commit message — the next engineer reading this diff should understand why the grace window exists.

Acceptance Criteria

  • Tokens within the grace window return 200 with a refreshed cookie.
  • Tokens past the grace window return 401 with a clear error body.
  • A regression test covers both branches and fails against the current implementation.

Pillar Weights

  • Security45%
  • Code Quality25%
  • Accuracy20%
  • Performance10%