From 8a99dd5c4b74a4ea2ce715aed5e517022621f05c Mon Sep 17 00:00:00 2001
From: Fuwn <contact@fuwn.net>
Date: Sat, 28 Mar 2026 06:02:54 +0000
Subject: fix(auth): ignore malformed user cookies

---
 src/hooks.server.ts | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'src/hooks.server.ts')

diff --git a/src/hooks.server.ts b/src/hooks.server.ts
index 9f28b4e9..ca4fd8d3 100644
--- a/src/hooks.server.ts
+++ b/src/hooks.server.ts
@@ -1,5 +1,5 @@
 import root from "$lib/Utility/root";
-import { decodeAuthCookieOrThrow } from "$lib/Effect/authCookie";
+import { decodeAuthCookieOrNull } from "$lib/Effect/authCookie";
 import type { Handle, RequestEvent } from "@sveltejs/kit";
 
 const redirectWithParameters = (
@@ -22,7 +22,12 @@ export const handle: Handle = async ({ event, resolve }) => {
 	const { cookies } = event;
 	const user = cookies.get("user");
 
-	if (user) event.locals.user = decodeAuthCookieOrThrow(user);
+	if (user) {
+		const decodedUser = decodeAuthCookieOrNull(user);
+
+		if (decodedUser) event.locals.user = decodedUser;
+		else cookies.delete("user", { path: "/" });
+	}
 
 	switch (event.url.pathname) {
 		case "/birthdays":
-- 
cgit v1.2.3