From f30ac8f34fa89b1fe7e0821bdfdaddc93b0d04fe Mon Sep 17 00:00:00 2001
From: JoE11-y <Josephedoh77@gmail.com>
Date: Sun, 26 Apr 2026 01:28:38 +0100
Subject: [PATCH] chore: fix auth routes

---
 apps/backend-relayer/src/common/guards/admin-jwt.guard.ts | 3 ++-
 apps/backend-relayer/src/common/guards/user-jwt.guard.ts  | 3 ++-
 apps/backend-relayer/test/e2e/admin.e2e-spec.ts           | 8 ++++----
 apps/backend-relayer/test/e2e/ads.e2e-spec.ts             | 2 +-
 apps/backend-relayer/test/e2e/chain.e2e-spec.ts           | 4 ++--
 apps/backend-relayer/test/e2e/notifications.e2e-spec.ts   | 2 +-
 apps/backend-relayer/test/e2e/routes.e2e-spec.ts          | 4 ++--
 apps/backend-relayer/test/e2e/token.e2e-spec.ts           | 2 +-
 apps/backend-relayer/test/e2e/trade-e2e-spec.ts           | 2 +-
 9 files changed, 16 insertions(+), 14 deletions(-)

diff --git a/apps/backend-relayer/src/common/guards/admin-jwt.guard.ts b/apps/backend-relayer/src/common/guards/admin-jwt.guard.ts
index 2a59f6ac..35c378e9 100644
--- a/apps/backend-relayer/src/common/guards/admin-jwt.guard.ts
+++ b/apps/backend-relayer/src/common/guards/admin-jwt.guard.ts
@@ -5,6 +5,7 @@ import {
   CanActivate,
   ExecutionContext,
   UnauthorizedException,
+  ForbiddenException,
 } from '@nestjs/common';
 import { PrismaService } from '@prisma/prisma.service';
 import { env } from '@libs/configs';
@@ -36,7 +37,7 @@ export class AdminJwtGuard implements CanActivate {
     const admin = await this.prisma.admin.findUnique({
       where: { id: decoded.sub },
     });
-    if (!admin) throw new UnauthorizedException('Admin no longer exists');
+    if (!admin) throw new ForbiddenException('Admin privileges required');
 
     req.admin = decoded;
     return true;
diff --git a/apps/backend-relayer/src/common/guards/user-jwt.guard.ts b/apps/backend-relayer/src/common/guards/user-jwt.guard.ts
index 61d41065..b10a00de 100644
--- a/apps/backend-relayer/src/common/guards/user-jwt.guard.ts
+++ b/apps/backend-relayer/src/common/guards/user-jwt.guard.ts
@@ -5,6 +5,7 @@ import {
   CanActivate,
   ExecutionContext,
   UnauthorizedException,
+  ForbiddenException,
 } from '@nestjs/common';
 import { PrismaService } from '@prisma/prisma.service';
 import { env } from '@libs/configs';
@@ -36,7 +37,7 @@ export class UserJwtGuard implements CanActivate {
     const user = await this.prisma.user.findUnique({
       where: { id: decoded.sub },
     });
-    if (!user) throw new UnauthorizedException('User no longer exists');
+    if (!user) throw new ForbiddenException('User access required');
 
     req.user = decoded;
     return true;
diff --git a/apps/backend-relayer/test/e2e/admin.e2e-spec.ts b/apps/backend-relayer/test/e2e/admin.e2e-spec.ts
index 277fabe6..93b90176 100644
--- a/apps/backend-relayer/test/e2e/admin.e2e-spec.ts
+++ b/apps/backend-relayer/test/e2e/admin.e2e-spec.ts
@@ -67,18 +67,18 @@ describe('Admin E2E', () => {
       .expect(200);
   });
 
-  it('POST /v1/admin/addAdmin -> 403 without token', async () => {
+  it('POST /v1/admin/addAdmin -> 401 without token', async () => {
     await request(app.getHttpServer())
       .post('/v1/admin/addAdmin')
       .send({ email: 'noauth@x.com', password: 'Whatever#1' })
-      .expect(403);
+      .expect(401);
   });
 
-  it('POST /v1/admin/addAdmin -> 403 with invalid token', async () => {
+  it('POST /v1/admin/addAdmin -> 401 with invalid token', async () => {
     await request(app.getHttpServer())
       .post('/v1/admin/addAdmin')
       .set('Authorization', 'Bearer not-a-jwt')
       .send({ email: 'badtoken@x.com', password: 'Whatever#1' })
-      .expect(403);
+      .expect(401);
   });
 });
diff --git a/apps/backend-relayer/test/e2e/ads.e2e-spec.ts b/apps/backend-relayer/test/e2e/ads.e2e-spec.ts
index 555f5d35..3574f35f 100644
--- a/apps/backend-relayer/test/e2e/ads.e2e-spec.ts
+++ b/apps/backend-relayer/test/e2e/ads.e2e-spec.ts
@@ -29,7 +29,7 @@ describe('Ads E2E', () => {
         creatorDstAddress: userWallet.address,
         fundAmount: '1000',
       })
-      .expect(403);
+      .expect(401);
   });
 
   it('creates an ad, persists INACTIVE row, then fetches it', async () => {
diff --git a/apps/backend-relayer/test/e2e/chain.e2e-spec.ts b/apps/backend-relayer/test/e2e/chain.e2e-spec.ts
index b7228601..ebcb3257 100644
--- a/apps/backend-relayer/test/e2e/chain.e2e-spec.ts
+++ b/apps/backend-relayer/test/e2e/chain.e2e-spec.ts
@@ -33,7 +33,7 @@ describe('Chains E2E', () => {
         adManagerAddress: randomAddress(),
         orderPortalAddress: randomAddress(),
       })
-      .expect(403);
+      .expect(401);
   });
 
   describe('Chain CRUD operations', () => {
@@ -101,7 +101,7 @@ describe('Chains E2E', () => {
       await request(app.getHttpServer())
         .patch(`/v1/admin/chains/${chainUUID}`)
         .send({ adManagerAddress: '0xAdMgrUpdated' })
-        .expect(403);
+        .expect(401);
     });
 
     it('fails to update non-existent chain', async () => {
diff --git a/apps/backend-relayer/test/e2e/notifications.e2e-spec.ts b/apps/backend-relayer/test/e2e/notifications.e2e-spec.ts
index 7d91e675..b70495fb 100644
--- a/apps/backend-relayer/test/e2e/notifications.e2e-spec.ts
+++ b/apps/backend-relayer/test/e2e/notifications.e2e-spec.ts
@@ -96,7 +96,7 @@ describe('Notifications E2E', () => {
   });
 
   it('GET /v1/notifications requires auth', async () => {
-    await request(app.getHttpServer()).get('/v1/notifications').expect(403);
+    await request(app.getHttpServer()).get('/v1/notifications').expect(401);
   });
 
   it('GET /v1/notifications/unread-count returns 0 for a fresh user', async () => {
diff --git a/apps/backend-relayer/test/e2e/routes.e2e-spec.ts b/apps/backend-relayer/test/e2e/routes.e2e-spec.ts
index 83c66241..9edcb71e 100644
--- a/apps/backend-relayer/test/e2e/routes.e2e-spec.ts
+++ b/apps/backend-relayer/test/e2e/routes.e2e-spec.ts
@@ -30,7 +30,7 @@ describe('Routes E2E', () => {
     await request(app.getHttpServer())
       .post('/v1/admin/routes/create')
       .send({ adTokenId: 't1', orderTokenId: 't2' })
-      .expect(403);
+      .expect(401);
   });
 
   it('creates a route, fetches it, lists by token ids', async () => {
@@ -144,7 +144,7 @@ describe('Routes E2E', () => {
     const random = randomUUID();
     await request(app.getHttpServer())
       .delete(`/v1/admin/routes/${random}`)
-      .expect(403);
+      .expect(401);
   });
 
   it('deletes a route then 404 on get', async () => {
diff --git a/apps/backend-relayer/test/e2e/token.e2e-spec.ts b/apps/backend-relayer/test/e2e/token.e2e-spec.ts
index 48aa3966..0717decb 100644
--- a/apps/backend-relayer/test/e2e/token.e2e-spec.ts
+++ b/apps/backend-relayer/test/e2e/token.e2e-spec.ts
@@ -33,7 +33,7 @@ describe('Tokens E2E', () => {
         decimals: 18,
         kind: 'NATIVE',
       })
-      .expect(403);
+      .expect(401);
   });
 
   it('creates a token (POST /v1/tokens)', async () => {
diff --git a/apps/backend-relayer/test/e2e/trade-e2e-spec.ts b/apps/backend-relayer/test/e2e/trade-e2e-spec.ts
index c5902ffd..b4541578 100644
--- a/apps/backend-relayer/test/e2e/trade-e2e-spec.ts
+++ b/apps/backend-relayer/test/e2e/trade-e2e-spec.ts
@@ -60,7 +60,7 @@ describe('Trades E2E', () => {
         amount: '1000',
         bridgerDstAddress: Wallet.createRandom().address,
       })
-      .expect(403);
+      .expect(401);
   });
 
   it('creates a trade (happy path)', async () => {