From 8219e2d8b076672478704ddb70ec9561fb70bc99 Mon Sep 17 00:00:00 2001
From: Prithvish Baidya <deformercoding@gmail.com>
Date: Fri, 5 Sep 2025 00:44:01 +0530
Subject: [PATCH] better keypair auth error message

---
 src/server/middleware/auth.ts | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/src/server/middleware/auth.ts b/src/server/middleware/auth.ts
index fb21508d..781b617c 100644
--- a/src/server/middleware/auth.ts
+++ b/src/server/middleware/auth.ts
@@ -331,14 +331,12 @@ const handleKeypairAuth = async (args: {
     }) as jsonwebtoken.JwtPayload;
 
     // If `bodyHash` is provided, it must match a hash of the POST request body.
-    if (
-      req.method === "POST" &&
-      payload?.bodyHash &&
-      payload.bodyHash !== hashRequestBody(req)
-    ) {
-      error =
-        "The request body does not match the hash in the access token. See: https://portal.thirdweb.com/engine/features/keypair-authentication";
-      throw error;
+    if (req.method === "POST" && payload?.bodyHash) {
+      const computedBodyHash = hashRequestBody(req);
+      if (computedBodyHash !== payload.bodyHash) {
+        error = `The request body does not match the hash in the access token. See: https://portal.thirdweb.com/engine/v2/features/keypair-authentication. [hash in access token: ${payload.bodyHash}, hash computed from request: ${computedBodyHash}]`;
+        throw error;
+      }
     }
 
     const { isAllowed, ip } = await checkIpInAllowlist(req);