From 5e7e39753c875f77fd4469822354f779ebf129d8 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 7 Nov 2025 16:32:04 +0000
Subject: [PATCH] Add validation and logging improvements based on code review

Co-authored-by: whyour <22700758+whyour@users.noreply.github.com>
---
 back/services/user.ts | 16 ++++++++++++++++
 back/shared/auth.ts   | 21 +++++++++++++--------
 2 files changed, 29 insertions(+), 8 deletions(-)

diff --git a/back/services/user.ts b/back/services/user.ts
index ff845488..068b850c 100644
--- a/back/services/user.ts
+++ b/back/services/user.ts
@@ -193,6 +193,11 @@ export default class UserService {
   }
 
   public async logout(platform: string, tokenValue: string): Promise<any> {
+    if (!platform || !tokenValue) {
+      this.logger.warn('Invalid logout parameters - empty platform or token');
+      return;
+    }
+
     const authInfo = await this.getAuthInfo();
 
     // Verify the token exists before attempting to remove it
@@ -203,6 +208,9 @@ export default class UserService {
     );
     if (!tokenExists && authInfo.token !== tokenValue) {
       // Token not found, but don't throw error - user may have already logged out
+      this.logger.info(
+        `Logout attempted for non-existent token on platform: ${platform}`,
+      );
       return;
     }
 
@@ -430,6 +438,14 @@ export default class UserService {
     tokenInfo: TokenInfo,
     maxTokensPerPlatform: number = config.maxTokensPerPlatform,
   ): Record<string, TokenInfo[]> {
+    // Validate maxTokensPerPlatform parameter
+    if (!Number.isInteger(maxTokensPerPlatform) || maxTokensPerPlatform < 1) {
+      this.logger.warn(
+        `Invalid maxTokensPerPlatform value: ${maxTokensPerPlatform}, using default`,
+      );
+      maxTokensPerPlatform = config.maxTokensPerPlatform;
+    }
+
     const normalized = this.normalizeTokens(tokens);
 
     if (!normalized[platform]) {
diff --git a/back/shared/auth.ts b/back/shared/auth.ts
index 15344978..8789f5cf 100644
--- a/back/shared/auth.ts
+++ b/back/shared/auth.ts
@@ -27,15 +27,20 @@ export function isValidToken(
 
   // Check platform-specific tokens (support both legacy string and new TokenInfo[] format)
   const platformTokens = tokens[platform];
-  if (platformTokens) {
-    if (typeof platformTokens === 'string') {
-      // Legacy format: single string token
-      return headerToken === platformTokens;
-    } else if (Array.isArray(platformTokens)) {
-      // New format: array of TokenInfo objects
-      return platformTokens.some((t: TokenInfo) => t.value === headerToken);
-    }
+
+  // Handle null/undefined platformTokens
+  if (platformTokens === null || platformTokens === undefined) {
+    return false;
   }
 
+  if (typeof platformTokens === 'string') {
+    // Legacy format: single string token
+    return headerToken === platformTokens;
+  } else if (Array.isArray(platformTokens)) {
+    // New format: array of TokenInfo objects
+    return platformTokens.some((t: TokenInfo) => t && t.value === headerToken);
+  }
+
+  // Unexpected type - log warning and reject
   return false;
 }