fix: invalid token wrong recognition

[josejooj]

The following code does not correctly handle cases where the bot token is invalid:

discord.js/packages/rest/src/lib/handlers/Shared.ts

Lines 141 to 143 in ab6a694

	if (status === 401 && requestData.auth === true) {
	manager.setToken(null!);
	}

Other requests may return a 401 status, which does not mean that the token is actually invalid. The following request is an example, where the webhook token is invalid, not the bot's token:

DiscordAPIError[50027]: Invalid Webhook Token
    at handleErrors (/application/node_modules/@discordjs/rest/dist/index.js:727:13)
    at process.processTicksAndRejections (node:internal/process/task_queues:105:5)
    at async SequentialHandler.runRequest (/application/node_modules/@discordjs/rest/dist/index.js:1128:23)
    at async SequentialHandler.queueRequest (/application/node_modules/@discordjs/rest/dist/index.js:959:14)
    at async _REST.request (/application/node_modules/@discordjs/rest/dist/index.js:1272:22)
    at async Object.f (/application/dist/util/tasks/carrinhos/treatments/cancelled/cancelled.js:4:320)
    at async C (/application/dist/util/tasks/carrinhos/main.js:1:2251) {
  requestBody: { files: undefined, json: { embeds: [Array], components: [] } },
  rawError: { message: 'Invalid Webhook Token', code: 50027 },
  code: 50027,
  status: 401,
  method: 'PATCH',
  url: 'https://discord.com/api/v10/webhooks/1332931122040143913/aW50ZXJhY3Rpb246MTM0ODY5NDU4MTYyNTIyOTQyNDozODF5NlBJTHYxZ09XWWtjdTl5ZlhCNU5qU2E0djI5SXhWV3psUUk0SFlKaXY4cmh0VXRoY1NKQjRKdmxIcmVEMDhEeG5WZ2pXUmNKaUc5Y1dXaW03WnlKYVJOU1RhaHJsSXZmdExJbTRxMjE1V1JBY2t5NE4yYTF0UDRBdU12YQ/messages/@original'
}

Remembering that you don't necessarily need to have a webhook to receive this error, it just takes a long time to respond to an interaction, so this wrong condition ends up affecting several bots, especially in Discord API instabilities.

This commit fixes invalid token wrong detection cases like these, only handling the case where the token is actually invalid, which is when receiving code 0 from the Discord API:

{ "message": "401: Unauthorized", "code": 0 }

Status and versioning classification:

• Code changes have been tested against the Discord API, or there are no code changes
• I know how to update typings and have done so, or typings don't need updating

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

2 Skipped Deployments

Name	Status	Preview	Comments	Updated (UTC)
discord-js	⬜️ Ignored (Inspect)	Visit Preview		Mar 10, 2025 11:28pm
discord-js-guide	⬜️ Ignored (Inspect)	Visit Preview		Mar 10, 2025 11:28pm

[didinele]

Remembering that you don't necessarily need to have a webhook to receive this error, it just takes a long time to respond to an interaction, so this wrong condition ends up affecting several bots, especially in Discord API instabilities.

FWIW I'm pretty sure this is wrong. When you respond too slow you get "Unknown interaction", which I assume is a 404, otherwise our issue tracker would probably be getting blown up if we invalidated the token every time you were too slow to respond...

Otherwise, for those webhook routes, the whole point is to pass in auth: false for routes that don't require the bot's token, i.e. see

discord.js/packages/discord.js/src/structures/Webhook.js

Lines 228 to 233 in ab6a694

	const d = await this.client.rest.post(Routes.webhook(this.id, this.token), {
	body,
	files,
	query,
	auth: false,
	});

and similar callsites from the main library.

All that said, I was not aware of this code 0, but this seems like a pretty nice additional measure that I'm not immediately against.

[josejooj]

FWIW I'm pretty sure this is wrong. When you respond too slow you get "Unknown interaction", which I assume is a 404, otherwise our issue tracker would probably be getting blown up if we invalidated the token every time you were too slow to respond...

I apologize, I really expressed myself wrong, this error does not happen when you take too long to respond to the interaction, but when you try to edit an interaction response that has been going on for a long time (15 minutes on my tests), here are 7 interactions routes that use the /webhooks route: Discord API Docs

I didn't know about the existence of auth: false, it probably solves the problem, but I leave my suggestion that code 0 be read to determine if the token is really invalid, we don't know which other routes may end up returning 401 without actually representing an invalid token, I work developing several bots, and some receive this error without actually having an invalid token, I continue to look for the causes, but treating code 0 should solve it.