From 6db875355c6a4b3a981212782582751adb0b979b Mon Sep 17 00:00:00 2001
From: Wuesteon <nils.weiser@outlook.com>
Date: Mon, 8 Dec 2025 22:52:59 +0100
Subject: [PATCH] debug(auth): add detailed logging to JwtAuthGuard
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add console.log statements to JwtAuthGuard to diagnose
401 errors on /api/v1/settings endpoint.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 .../src/common/guards/jwt-auth.guard.ts              | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/services/mana-core-auth/src/common/guards/jwt-auth.guard.ts b/services/mana-core-auth/src/common/guards/jwt-auth.guard.ts
index bd83c130d..27724df9f 100644
--- a/services/mana-core-auth/src/common/guards/jwt-auth.guard.ts
+++ b/services/mana-core-auth/src/common/guards/jwt-auth.guard.ts
@@ -5,7 +5,7 @@ import {
 	UnauthorizedException,
 } from '@nestjs/common';
 import { ConfigService } from '@nestjs/config';
-import { jwtVerify, createRemoteJWKSet, type JWTPayload } from 'jose';
+import { jwtVerify, createRemoteJWKSet } from 'jose';
 
 /**
  * JWT Auth Guard using JWKS (Better Auth compatible)
@@ -23,7 +23,10 @@ export class JwtAuthGuard implements CanActivate {
 		const request = context.switchToHttp().getRequest();
 		const token = this.extractTokenFromHeader(request);
 
+		console.log('[JwtAuthGuard] Token (first 50 chars):', token?.substring(0, 50));
+
 		if (!token) {
+			console.log('[JwtAuthGuard] No token provided');
 			throw new UnauthorizedException('No token provided');
 		}
 
@@ -32,17 +35,22 @@ export class JwtAuthGuard implements CanActivate {
 			if (!this.jwks) {
 				const baseUrl = this.configService.get<string>('BASE_URL') || 'http://localhost:3001';
 				const jwksUrl = new URL('/api/v1/auth/jwks', baseUrl);
+				console.log('[JwtAuthGuard] Initializing JWKS from:', jwksUrl.toString());
 				this.jwks = createRemoteJWKSet(jwksUrl);
 			}
 
 			const issuer = this.configService.get<string>('jwt.issuer') || 'manacore';
 			const audience = this.configService.get<string>('jwt.audience') || 'manacore';
 
+			console.log('[JwtAuthGuard] Verifying with issuer:', issuer, 'audience:', audience);
+
 			const { payload } = await jwtVerify(token, this.jwks, {
 				issuer,
 				audience,
 			});
 
+			console.log('[JwtAuthGuard] Verification SUCCESS, user:', payload.sub);
+
 			// Attach user to request
 			request.user = {
 				userId: payload.sub,
@@ -52,7 +60,7 @@ export class JwtAuthGuard implements CanActivate {
 
 			return true;
 		} catch (error) {
-			console.debug('[JwtAuthGuard] Token verification failed:', error);
+			console.error('[JwtAuthGuard] Token verification FAILED:', error);
 			throw new UnauthorizedException('Invalid token');
 		}
 	}