chore: address coderabbit

Author: ThatDeparted2061

src/store/authStore.ts

@@ -32,15 +32,27 @@ export const useAuthStore = defineStore({
     actions: {
         setToken(token: string): void {
             try {
-                const payload = JSON.parse(globalThis.atob(token.split('.')[1] ?? ''))
-                if (!payload) throw new Error('Empty payload')
+                const part = token.split('.')[1] ?? ''
+                // base64url -> base64 with padding
+                const b64 = part.replace(/-/g, '+').replace(/_/g, '/')
+                    .padEnd(Math.ceil(part.length / 4) * 4, '=')
+                const payload: any = JSON.parse(globalThis.atob(b64))
+                if (!payload || typeof payload !== 'object') throw new Error('Empty/invalid payload')
+
+                // Reject expired tokens
+                const now = Math.floor(Date.now() / 1000)
+                if (typeof payload.exp === 'number' && payload.exp < now) {
+                    throw new Error('Token expired')
+                }
+
                 this.isLoggedIn = true
-                this.userId   = payload.user_id
+               this.userId = payload.user_id ?? payload.sub ?? ''
                 this.username = payload.username ?? 'Guest'
-                // TODO: validate `exp`, `iat`, etc. – sign out if expired
+                // Optional: persist token for session restore (guarded for web/tauri)
+                try { if (typeof localStorage !== 'undefined') localStorage.setItem('cv_token', token) } catch {}
             } catch (err) {
                 console.error('[authStore] Invalid JWT:', err)
-                this.signOut()                // ensure clean state
+                this.signOut()
                 return
             }
         },

v0/src/store/authStore.ts

@@ -32,15 +32,27 @@ export const useAuthStore = defineStore({
     actions: {
         setToken(token: string): void {
             try {
-                const payload = JSON.parse(globalThis.atob(token.split('.')[1] ?? ''))
-                if (!payload) throw new Error('Empty payload')
+                const part = token.split('.')[1] ?? ''
+                // base64url -> base64 with padding
+                const b64 = part.replace(/-/g, '+').replace(/_/g, '/')
+                    .padEnd(Math.ceil(part.length / 4) * 4, '=')
+                const payload: any = JSON.parse(globalThis.atob(b64))
+                if (!payload || typeof payload !== 'object') throw new Error('Empty/invalid payload')
+
+                // Reject expired tokens
+                const now = Math.floor(Date.now() / 1000)
+                if (typeof payload.exp === 'number' && payload.exp < now) {
+                    throw new Error('Token expired')
+                }
+
                 this.isLoggedIn = true
-                this.userId   = payload.user_id
+               this.userId = payload.user_id ?? payload.sub ?? ''
                 this.username = payload.username ?? 'Guest'
-                // TODO: validate `exp`, `iat`, etc. – sign out if expired
+                // Optional: persist token for session restore (guarded for web/tauri)
+                try { if (typeof localStorage !== 'undefined') localStorage.setItem('cv_token', token) } catch {}
             } catch (err) {
                 console.error('[authStore] Invalid JWT:', err)
-                this.signOut()                // ensure clean state
+                this.signOut()
                 return
             }
         },

v1/src/store/authStore.ts

@@ -32,15 +32,27 @@ export const useAuthStore = defineStore({
     actions: {
         setToken(token: string): void {
             try {
-                const payload = JSON.parse(globalThis.atob(token.split('.')[1] ?? ''))
-                if (!payload) throw new Error('Empty payload')
+                const part = token.split('.')[1] ?? ''
+                // base64url -> base64 with padding
+                const b64 = part.replace(/-/g, '+').replace(/_/g, '/')
+                    .padEnd(Math.ceil(part.length / 4) * 4, '=')
+                const payload: any = JSON.parse(globalThis.atob(b64))
+                if (!payload || typeof payload !== 'object') throw new Error('Empty/invalid payload')
+
+                // Reject expired tokens
+                const now = Math.floor(Date.now() / 1000)
+                if (typeof payload.exp === 'number' && payload.exp < now) {
+                    throw new Error('Token expired')
+                }
+
                 this.isLoggedIn = true
-                this.userId   = payload.user_id
+               this.userId = payload.user_id ?? payload.sub ?? ''
                 this.username = payload.username ?? 'Guest'
-                // TODO: validate `exp`, `iat`, etc. – sign out if expired
+                // Optional: persist token for session restore (guarded for web/tauri)
+                try { if (typeof localStorage !== 'undefined') localStorage.setItem('cv_token', token) } catch {}
             } catch (err) {
                 console.error('[authStore] Invalid JWT:', err)
-                this.signOut()                // ensure clean state
+                this.signOut()
                 return
             }
         },