From 8a99dd5c4b74a4ea2ce715aed5e517022621f05c Mon Sep 17 00:00:00 2001
From: Fuwn <contact@fuwn.net>
Date: Sat, 28 Mar 2026 06:02:54 +0000
Subject: fix(auth): ignore malformed user cookies

---
 src/routes/api/preferences/+server.ts | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'src/routes/api/preferences/+server.ts')

diff --git a/src/routes/api/preferences/+server.ts b/src/routes/api/preferences/+server.ts
index 0537c9bc..47ce442b 100644
--- a/src/routes/api/preferences/+server.ts
+++ b/src/routes/api/preferences/+server.ts
@@ -1,5 +1,5 @@
 import { Schema } from "effect";
-import { userIdentity } from "$lib/Data/AniList/identity";
+import { safeUserIdentity } from "$lib/Data/AniList/identity";
 import {
 	getUserPreferences,
 	setBiography,
@@ -9,7 +9,7 @@ import {
 	toggleHideMissingBadges,
 	togglePinnedBadgeWallCategory,
 } from "$lib/Database/SB/User/preferences";
-import { decodeAuthCookieOrThrow } from "$lib/Effect/authCookie";
+import { decodeAuthCookieOrNull } from "$lib/Effect/authCookie";
 import { decodeRequestJsonOrThrow } from "$lib/Effect/requestBody";
 import { appOriginHeaders } from "$lib/Utility/appOrigin";
 
@@ -22,7 +22,11 @@ const authenticatedUserId = async (cookies: {
 
 	if (!userCookie) return null;
 
-	return (await userIdentity(decodeAuthCookieOrThrow(userCookie))).id;
+	const user = decodeAuthCookieOrNull(userCookie);
+
+	if (!user) return null;
+
+	return (await safeUserIdentity(user))?.id ?? null;
 };
 
 export const GET = async ({ url }) => {
-- 
cgit v1.2.3