From e81acebc457c474800e7ae569d4adb5a70ab598d Mon Sep 17 00:00:00 2001
From: Vadym Samoilenko <vadymsamoilenko@oliver.agency>
Date: Wed, 29 Apr 2026 14:11:59 +0100
Subject: [PATCH] security: remove exception detail from /auth/refresh response
 (C-03)

Replaced the bare except that leaked str(e) (JWT library internals,
claim validation messages) with a generic "Invalid refresh token" detail.
Full traceback is now logged server-side via the structured logger.
Re-raises HTTPException before the generic handler so valid 401s from
inner checks are not double-wrapped.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 backend/app/api/v1/routes_auth.py | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/backend/app/api/v1/routes_auth.py b/backend/app/api/v1/routes_auth.py
index e038176..657d0a8 100644
--- a/backend/app/api/v1/routes_auth.py
+++ b/backend/app/api/v1/routes_auth.py
@@ -312,13 +312,17 @@ async def refresh_token(
             full_name=user.full_name
         )
 
+    except HTTPException:
+        raise
     except Exception as e:
-        print(f"🚨 REFRESH ERROR: Exception during refresh: {type(e).__name__}: {e}")
         import traceback
-        print(f"Traceback:\n{traceback.format_exc()}")
+        from ...core.logging import get_logger
+        get_logger(__name__).exception(
+            "Refresh token error: %s\n%s", type(e).__name__, traceback.format_exc()
+        )
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED,
-            detail=f"Invalid refresh token: {str(e)}",
+            detail="Invalid refresh token",
         )