Skip to content

[Bug] authMiddleware bypasses the centralized error-handling architecture, breaking consistent API error responses #274

Description

@divyanshim27

Before submitting

  • I have searched existing issues to make sure this is not a duplicate.
  • I have read the contribution guidelines.

Bug summary

The Middleware & Utilities section explicitly documents that authMiddleware.js "Returns 401 on any failure without forwarding to global handler" — while every other part of the backend (Auth Module, User Module, and the entire errorHandler.js middleware) is built around funneling all errors through the centralized ApiError → global error handler → standardized ApiResponse pipeline documented in the Middleware section.

Steps to reproduce

  1. Refactor authMiddleware.js to throw new ApiError(401, "message") instead of directly sending a response, and call next(err) so it flows into the existing global errorHandler.js.
  2. Add a unit/integration test confirming a request with a missing/invalid/expired token returns the same standardized ApiResponse.error() shape as other error types (matching the existing table: JsonWebTokenError → 3. "Invalid token", TokenExpiredError → "Token expired").
    Update any frontend code that currently special-cases the old 401 shape.

Expected behavior

Restores a single, predictable error contract across the entire API — makes the frontend simpler and future contributors' lives easier since they only need to learn one response format.

Actual behavior

LACKING - Restores a single, predictable error contract across the entire API — makes the frontend simpler and future contributors' lives easier since they only need to learn one response format.

Screenshots or recordings

No response

Browser and device information

Browser:
Browser version:
Operating system:
Device:
Screen size/resolution:

Additional context

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions