till/managarten
1
0
Fork 0
mirror of https://github.com/Memo-2023/mana-monorepo.git synced 2026-05-15 03:01:09 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

fix(mana-auth): avoid error.body access in login catch — triggers async stream read

Browse source 
Accessing (error as any)?.body?.code on a Better Auth APIError triggers an internal
async stream read. When the request body contains special chars like '!', the deferred
JSON parse fails as an unhandled rejection that races with the response, causing 500.

Use only error.status === 'FORBIDDEN' which is a simple string property.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Till JS 2026-03-31 21:41:06 +02:00
parent e624756d66
commit c6448a63bc
1 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
services/mana-auth/src/routes/auth.ts
View file

@ -142,10 +142,10 @@ export function createAuthRoutes(
return c.json(response);
} catch (error) {
// Better Auth throws APIError (status="FORBIDDEN", body.code="EMAIL_NOT_VERIFIED")
const isEmailNotVerified =
(error as any)?.body?.code === 'EMAIL_NOT_VERIFIED' ||
(error as any)?.status === 'FORBIDDEN';
// Better Auth throws APIError with status="FORBIDDEN" for unverified emails.
// Do NOT access error.body — it may be an async stream that triggers unhandled
// promise rejections when the request body contains special characters (e.g. !).
const isEmailNotVerified = (error as any)?.status === 'FORBIDDEN';
if (isEmailNotVerified) {
return c.json({ error: 'Email not verified', code: 'EMAIL_NOT_VERIFIED' }, 403);
}