Patrick/medassist-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(auth): enhance error handling in requireAuth and add authError state in AuthProvider

Browse Source
This commit is contained in:
Daniel Volz
2025-12-27 00:59:47 +01:00
parent 777f49df16
commit 89d0c3f3f1
4 changed files with 91 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/src/plugins/auth.ts
+14 -5
View File
@@ -78,7 +78,8 @@ export async function requireAuth(request: FastifyRequest, reply: FastifyReply)
const token = request.cookies.access_token;
if (!token) {
return reply.status(401).send({ error: "Authentication required", code: "AUTH_REQUIRED" });
reply.status(401).send({ error: "Authentication required", code: "AUTH_REQUIRED" });
throw new Error("AUTH_REQUIRED");
}
try {
@@ -86,19 +87,27 @@ export async function requireAuth(request: FastifyRequest, reply: FastifyReply)
const [user] = await db.select().from(users).where(sql`${users.id} = ${decoded.sub}`);
if (!user) {
return reply.status(401).send({ error: "User not found", code: "USER_NOT_FOUND" });
reply.status(401).send({ error: "User not found", code: "USER_NOT_FOUND" });
throw new Error("USER_NOT_FOUND");
}
if (!user.isActive) {
return reply.status(401).send({ error: "Account disabled", code: "ACCOUNT_DISABLED" });
reply.status(401).send({ error: "Account disabled", code: "ACCOUNT_DISABLED" });
throw new Error("ACCOUNT_DISABLED");
}
request.user = {
id: user.id,
username: user.username,
};
} catch {
return reply.status(401).send({ error: "Invalid or expired token", code: "INVALID_TOKEN" });
} catch (err: any) {
// Re-throw our own errors
if (err?.message === "AUTH_REQUIRED" || err?.message === "USER_NOT_FOUND" || err?.message === "ACCOUNT_DISABLED") {
throw err;
}
// JWT verification failed
reply.status(401).send({ error: "Invalid or expired token", code: "INVALID_TOKEN" });
throw new Error("INVALID_TOKEN");
}
}
backend/src/plugins/env.ts
+30 -6
View File
@@ -28,15 +28,39 @@ const EnvSchema = z.object({
export type Env = z.infer<typeof EnvSchema>;
// Parse and validate
const parsed = EnvSchema.parse(process.env);
let parsed: z.infer<typeof EnvSchema>;
try {
parsed = EnvSchema.parse(process.env);
} catch (err) {
console.error("=".repeat(60));
console.error("ENVIRONMENT CONFIGURATION ERROR");
console.error("=".repeat(60));
console.error(err);
console.error("\nPlease check your .env file or environment variables.");
console.error("=".repeat(60));
process.exit(1);
}
// Validate that secrets are provided when auth is enabled
if (parsed.AUTH_ENABLED) {
if (!parsed.JWT_SECRET || !parsed.REFRESH_SECRET || !parsed.COOKIE_SECRET) {
throw new Error(
"AUTH_ENABLED=true requires JWT_SECRET, REFRESH_SECRET, and COOKIE_SECRET to be set. " +
"Generate them with: openssl rand -hex 32"
);
const missing: string[] = [];
if (!parsed.JWT_SECRET) missing.push("JWT_SECRET");
if (!parsed.REFRESH_SECRET) missing.push("REFRESH_SECRET");
if (!parsed.COOKIE_SECRET) missing.push("COOKIE_SECRET");
if (missing.length > 0) {
console.error("=".repeat(60));
console.error("AUTHENTICATION CONFIGURATION ERROR");
console.error("=".repeat(60));
console.error(`AUTH_ENABLED=true but missing required secrets: ${missing.join(", ")}`);
console.error("");
console.error("To fix this, either:");
console.error(" 1. Set these environment variables with secure random values:");
console.error(" Generate with: openssl rand -hex 32");
console.error("");
console.error(" 2. Or disable authentication by removing AUTH_ENABLED=true");
console.error("=".repeat(60));
process.exit(1);
}
}