Add JWT key diagnostics

app/Http/Middleware/JwtAuthMiddleware.php

@@ -45,8 +45,10 @@ class JwtAuthMiddleware
 
             return $next($request);
 
-        } catch (\Exception $e) {
+        } catch (\InvalidArgumentException $e) {
             return response()->json(['message' => 'Invalid or expired token'], 401);
+        } catch (\Throwable $e) {
+            return response()->json(['message' => $e->getMessage()], 500);
         }
     }
 
@@ -94,13 +96,19 @@ class JwtAuthMiddleware
         $publicKey = str_replace('\\n', "\n", (string) config('jwt.public_key'));
 
         if ($publicKey === '') {
-            return false;
+            throw new \RuntimeException('JWT public key is empty');
+        }
+
+        $keyResource = openssl_pkey_get_public($publicKey);
+
+        if ($keyResource === false) {
+            throw new \RuntimeException(openssl_error_string() ?: 'OpenSSL could not read JWT public key');
         }
 
         return openssl_verify(
             $header . '.' . $payload,
             $signature,
-            $publicKey,
+            $keyResource,
             OPENSSL_ALGO_SHA256
         ) === 1;
     }

routes/api.php

@@ -20,3 +20,16 @@ Route::prefix('v1')->middleware(['jwt.auth'])->group(function () {
     // Jogos
     Route::get('/games/most-played', [GameController::class, 'mostPlayed']);
 });
+
+Route::get('/health-check-key', function () {
+    $rawPublicKey = (string) config('jwt.public_key');
+    $formattedPublicKey = str_replace('\\n', "\n", $rawPublicKey);
+    $publicKeyResource = openssl_pkey_get_public($formattedPublicKey);
+
+    return response()->json([
+        'raw_key_empty' => $rawPublicKey === '',
+        'key_length' => strlen($formattedPublicKey),
+        'openssl_accepted' => $publicKeyResource !== false,
+        'openssl_error' => openssl_error_string(),
+    ]);
+});