patrick/bullseye-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

improve auth error handling to not leak internal details

Browse Source
This commit is contained in:
hiperman
2026-02-22 02:11:46 -05:00
parent 92b65309e8
commit 37e69a35db
1 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/lib/api/auth.remote.ts
+7 -5
View File
@@ -7,13 +7,13 @@ export const signup = form(signupSchema, async (user, issue) => {
try {
await auth.api.signUpEmail({ body: user });
} catch (error: any) {
console.error(error)
// Use invalid to mark fields as invalid
console.error('Signup error:', error?.body?.code);
if (error?.body?.code === 'USER_ALREADY_EXISTS') {
invalid(issue.email('An account with this email already exists'));
}
// Generic error for the whole form
invalid(error?.body?.message || error?.message || 'Signup failed');
// Show generic error message on unknown errors
invalid('Unable to create account. Please try again.');
}
redirect(307, `/`);
@@ -24,11 +24,13 @@ export const login = form(loginSchema, async (user, issue) => {
const { request } = getRequestEvent();
await auth.api.signInEmail({ body: user, headers: request.headers });
} catch (error: any) {
console.error('Login error:', error?.body?.code);
// Handle invalid credentials
if (error?.body?.code === 'INVALID_EMAIL_OR_PASSWORD') {
invalid('Invalid email or password');
}
// Generic error
// Show generic error message on unknown errors
invalid('Login failed');
}