Before submitting
Bug summary
The Middleware & Utilities section explicitly documents that authMiddleware.js "Returns 401 on any failure without forwarding to global handler" — while every other part of the backend (Auth Module, User Module, and the entire errorHandler.js middleware) is built around funneling all errors through the centralized ApiError → global error handler → standardized ApiResponse pipeline documented in the Middleware section.
Steps to reproduce
- Refactor authMiddleware.js to throw new ApiError(401, "message") instead of directly sending a response, and call next(err) so it flows into the existing global errorHandler.js.
- Add a unit/integration test confirming a request with a missing/invalid/expired token returns the same standardized ApiResponse.error() shape as other error types (matching the existing table: JsonWebTokenError → 3. "Invalid token", TokenExpiredError → "Token expired").
Update any frontend code that currently special-cases the old 401 shape.
Expected behavior
Restores a single, predictable error contract across the entire API — makes the frontend simpler and future contributors' lives easier since they only need to learn one response format.
Actual behavior
LACKING - Restores a single, predictable error contract across the entire API — makes the frontend simpler and future contributors' lives easier since they only need to learn one response format.
Screenshots or recordings
No response
Browser and device information
Browser:
Browser version:
Operating system:
Device:
Screen size/resolution:
Additional context
No response
Before submitting
Bug summary
The Middleware & Utilities section explicitly documents that authMiddleware.js "Returns 401 on any failure without forwarding to global handler" — while every other part of the backend (Auth Module, User Module, and the entire errorHandler.js middleware) is built around funneling all errors through the centralized ApiError → global error handler → standardized ApiResponse pipeline documented in the Middleware section.
Steps to reproduce
Update any frontend code that currently special-cases the old 401 shape.
Expected behavior
Restores a single, predictable error contract across the entire API — makes the frontend simpler and future contributors' lives easier since they only need to learn one response format.
Actual behavior
LACKING - Restores a single, predictable error contract across the entire API — makes the frontend simpler and future contributors' lives easier since they only need to learn one response format.
Screenshots or recordings
No response
Browser and device information
Browser:
Browser version:
Operating system:
Device:
Screen size/resolution:
Additional context
No response