Improve security and error handling in backend functions

Update Supabase functions for cancel-email-change, detect-location, send-escalation-notification, and upload-image to enhance security and implement robust error handling.

Replit-Commit-Author: Agent
Replit-Commit-Session-Id: a46bc7a0-bbf8-43ab-97c0-a58c66c2e365
Replit-Commit-Checkpoint-Type: intermediate_checkpoint

supabase/functions/cancel-email-change/index.ts

@@ -1,23 +1,27 @@
 import { createClient } from 'https://esm.sh/@supabase/supabase-js@2.57.4';
-import { decode as base64Decode } from "https://deno.land/std@0.190.0/encoding/base64.ts";
 
 const corsHeaders = {
   'Access-Control-Allow-Origin': '*',
   'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type',
 };
 
-// Helper function to decode JWT and extract user ID using secure base64 decoding
+// Helper function to decode JWT and extract user ID
+// Properly handles base64url encoding used by JWTs
 function decodeJWT(token: string): { sub: string } | null {
   try {
     const parts = token.split('.');
     if (parts.length !== 3) return null;
     
     // JWT uses base64url encoding, convert to standard base64
-    const base64 = parts[1].replace(/-/g, '+').replace(/_/g, '/');
-    const padding = '='.repeat((4 - base64.length % 4) % 4);
+    let base64 = parts[1].replace(/-/g, '+').replace(/_/g, '/');
     
-    // Decode using Deno's standard library instead of browser-specific atob
-    const decoded = new TextDecoder().decode(base64Decode(base64 + padding));
+    // Add padding if needed
+    while (base64.length % 4) {
+      base64 += '=';
+    }
+    
+    // Decode and parse the payload
+    const decoded = atob(base64);
     const payload = JSON.parse(decoded);
     return payload;
   } catch (error) {