fix(auth): ignore malformed user cookies

1 files changed, 9 insertions, 4 deletions

diff --git a/src/graphql/user/resolvers.ts b/src/graphql/user/resolvers.ts
index dfbaa927..360d622b 100644
--- a/src/graphql/user/resolvers.ts
+++ b/src/graphql/user/resolvers.ts
@@ -1,4 +1,7 @@
-import { userIdentity, type UserIdentity } from "$lib/Data/AniList/identity";
+import {
+	safeUserIdentity,
+	type UserIdentity,
+} from "$lib/Data/AniList/identity";
 import {
 	addUserBadge,
 	getUserBadges,
@@ -24,7 +27,7 @@ import {
 	type UserPreferences,
 } from "$lib/Database/SB/User/preferences";
 import privilegedUser from "$lib/Utility/privilegedUser";
-import { decodeAuthCookieOrThrow } from "$lib/Effect/authCookie";
+import { decodeAuthCookieOrNull } from "$lib/Effect/authCookie";
 
 type Context = RequestEvent<Partial<Record<string, string>>, string | null>;
 type UserResolvers = Pick<
@@ -52,9 +55,11 @@ const auth = async (context: Context) => {
 
 	if (!userCookie) return Error("Unauthorised");
 
-	const user = decodeAuthCookieOrThrow(userCookie);
+	const user = decodeAuthCookieOrNull(userCookie);
+
+	if (!user) return Error("Unauthorised");
 
-	return await userIdentity(user);
+	return (await safeUserIdentity(user)) ?? Error("Unauthorised");
 };
 
 const authenticatedBadgesOperation = async (