feat(jwt-auth): throw 401 session expired error for expired token

[abdellah257]

Description

Throw a 401 status HTTP error with SESSION_EXPIRED message, for jwt authentication with an expired token.

Motivation

Separate the session expired errors, from the 403 unauthorized errors, to inform the user of session expiration instead of silently failing.

Changes:

• updated the jwt-auth.guard.ts making use of the info field in case of Token Expired.

Tests included

• Included for each change/fix?
• Passing?

Documentation

• swagger documentation updated (required for API changes)
• official documentation updated

official documentation info

Summary by Sourcery

Bug Fixes:

• Return a 401 SESSION_EXPIRED unauthorized error when JWT authentication fails due to an expired token, instead of treating it as a generic unauthorized failure.

[sourcery-ai]

Hey - I've left some high level feedback:

• Instead of typing info as any, consider using a more specific type (e.g. the Passport/JWT error type or a narrow union) so that info?.name === "TokenExpiredError" is type-safe and self-documenting.
• If "SESSION_EXPIRED" is reused or needs localization, consider extracting it into a shared constant or an error code enum to avoid hardcoding the string in the guard.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- Instead of typing `info` as `any`, consider using a more specific type (e.g. the Passport/JWT error type or a narrow union) so that `info?.name === "TokenExpiredError"` is type-safe and self-documenting.
- If `"SESSION_EXPIRED"` is reused or needs localization, consider extracting it into a shared constant or an error code enum to avoid hardcoding the string in the guard.

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}