From 150ef6148eabd1a3f339cc77736a71e25316473c Mon Sep 17 00:00:00 2001
From: Tim <135014430+nagisa77@users.noreply.github.com>
Date: Mon, 30 Jun 2025 18:54:22 +0800
Subject: [PATCH] Return 401 when JWT auth fails

---
 src/main/java/com/openisle/config/SecurityConfig.java | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/main/java/com/openisle/config/SecurityConfig.java b/src/main/java/com/openisle/config/SecurityConfig.java
index 18df57da8..44c44fd1b 100644
--- a/src/main/java/com/openisle/config/SecurityConfig.java
+++ b/src/main/java/com/openisle/config/SecurityConfig.java
@@ -82,8 +82,17 @@ public class SecurityConfig {
                         UserDetails userDetails = userDetailsService().loadUserByUsername(username);
                         UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
                         org.springframework.security.core.context.SecurityContextHolder.getContext().setAuthentication(authToken);
-                    } catch (Exception ignored) {
+                    } catch (Exception e) {
+                        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+                        response.setContentType("application/json");
+                        response.getWriter().write("{\"error\": \"Invalid or expired token\"}");
+                        return;
                     }
+                } else if (!request.getRequestURI().startsWith("/api/auth")) {
+                    response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+                    response.setContentType("application/json");
+                    response.getWriter().write("{\"error\": \"Missing token\"}");
+                    return;
                 }
                 filterChain.doFilter(request, response);
             }