fix(auth): ignore malformed user cookies

author: Fuwn <[email protected]> 2026-03-28 06:02:54 +0000
committer: Fuwn <[email protected]> 2026-03-28 06:04:13 +0000
commit: 8a99dd5c4b74a4ea2ce715aed5e517022621f05c (patch)
tree: 56e24474d2240e77887450e0e52617e358ac3379 /src/hooks.server.ts
parent: fix(cache): respect AniList media list recache windows (diff)
download: due.moe-8a99dd5c4b74a4ea2ce715aed5e517022621f05c.tar.xz
due.moe-8a99dd5c4b74a4ea2ce715aed5e517022621f05c.zip
1 files changed, 7 insertions, 2 deletions
diff --git a/src/hooks.server.ts b/src/hooks.server.ts
index 9f28b4e9..ca4fd8d3 100644
--- a/src/hooks.server.ts
+++ b/src/hooks.server.ts
@@ -1,5 +1,5 @@
 import root from "$lib/Utility/root";
-import { decodeAuthCookieOrThrow } from "$lib/Effect/authCookie";
+import { decodeAuthCookieOrNull } from "$lib/Effect/authCookie";
 import type { Handle, RequestEvent } from "@sveltejs/kit";
 
 const redirectWithParameters = (
@@ -22,7 +22,12 @@ export const handle: Handle = async ({ event, resolve }) => {
 	const { cookies } = event;
 	const user = cookies.get("user");
 
-	if (user) event.locals.user = decodeAuthCookieOrThrow(user);
+	if (user) {
+		const decodedUser = decodeAuthCookieOrNull(user);
+
+		if (decodedUser) event.locals.user = decodedUser;
+		else cookies.delete("user", { path: "/" });
+	}
 
 	switch (event.url.pathname) {
 		case "/birthdays":
author	Fuwn <[email protected]>	2026-03-28 06:02:54 +0000
committer	Fuwn <[email protected]>	2026-03-28 06:04:13 +0000
commit	8a99dd5c4b74a4ea2ce715aed5e517022621f05c (patch)
tree	56e24474d2240e77887450e0e52617e358ac3379 /src/hooks.server.ts
parent	fix(cache): respect AniList media list recache windows (diff)
download	due.moe-8a99dd5c4b74a4ea2ce715aed5e517022621f05c.tar.xz due.moe-8a99dd5c4b74a4ea2ce715aed5e517022621f05c.zip