From 306a9faa636dc6460a676a85a3c36cc990b5983a Mon Sep 17 00:00:00 2001
From: devthejo <devthejo@protonmail.com>
Date: Mon, 30 Jun 2025 17:18:31 +0200
Subject: [PATCH] fix: wip

---
 libs/common/oapi/services/auth.js | 30 +++++++++++-------------------
 1 file changed, 11 insertions(+), 19 deletions(-)

diff --git a/libs/common/oapi/services/auth.js b/libs/common/oapi/services/auth.js
index c6cac0c..aa44f2d 100644
--- a/libs/common/oapi/services/auth.js
+++ b/libs/common/oapi/services/auth.js
@@ -47,26 +47,18 @@ module.exports = function () {
           { error: err },
           "Allowing expired JWT for meta.auth-token scope"
         )
-        // Continue processing with expired JWT
-      } else {
-        logger.error({ error: err }, "jwVerify failed")
-        return false
+        const req = reqCtx.get("req")
+        const authTokenHeader = req?.headers?.["x-auth-token"]
+        if (!authTokenHeader) {
+          return false
+        }
+        // Create a session that indicates auth token processing is needed
+        const session = { isAuthTokenRequest: true, authToken: authTokenHeader }
+        reqCtx.set("session", session)
+        return true
       }
-    }
-
-    // For meta.auth-token scope, check for X-Auth-Token header
-    if (hasMetaAuthToken) {
-      const req = reqCtx.get("req")
-      const authTokenHeader = req?.headers?.["x-auth-token"]
-
-      if (!authTokenHeader) {
-        return false
-      }
-
-      // Create a session that indicates auth token processing is needed
-      const session = { isAuthTokenRequest: true, authToken: authTokenHeader }
-      reqCtx.set("session", session)
-      return true
+      logger.error({ error: err }, "jwVerify failed")
+      return false
     }
 
     // Regular user JWT processing