Update frontend's ability to deal with expired JWT

backend/app.js

@@ -1,4 +1,3 @@
-require("dotenv").config();
 const express = require("express");
 const cors = require("cors");
 const User = require("./models/user.model");
@@ -7,7 +6,7 @@ const app = express();
 app.use(express.json());
 
 const allowedOrigins = process.env.ALLOWED_ORIGINS.split(",").map(origin => origin.trim());
-console.log("Allowed Origins: ", allowedOrigins);
+console.log("Allowed Origins:", allowedOrigins);
 app.use(
   cors({
     origin: function (origin, callback) {

backend/models/user.model.js

@@ -17,7 +17,7 @@ exports.createUser = async (username, hashedPassword, name) => {
   const result = await pool.query(
     `INSERT INTO users (username, password, name, role)
      VALUES ($1, $2, $3, $4)`,
-    [username, hashedPassword, name, this.ROLES.EDITOR]
+    [username, hashedPassword, name, this.ROLES.VIEWER]
   );
   return result.rows[0];
 };

frontend/src/api/axios.js

@@ -16,4 +16,17 @@ api.interceptors.request.use((config => {
   return config;
 }));
 
+api.interceptors.response.use(
+  response => response,
+  error => {
+    if (error.response?.status === 401 &&
+      error.response?.data?.message === "Invalid or expired token") {
+      localStorage.removeItem("token");
+      window.location.href = "/login";
+      alert("Your session has expired. Please log in again.");
+    }
+    return Promise.reject(error);
+  }
+);
+
 export default api;