Barazo default frontend
barazo.forum
fix(auth): guard against undefined OAuth redirect URL (#91)
Validate that initiateLogin and initiateCrossPostAuth responses
contain a url property before navigating. If the API response is
missing the url (e.g. due to stale browser cache or unexpected
response), throw a clear error instead of navigating to
/login/undefined/.
authored by
Guido X Jansen
and committed by
GitHub
8a2739c6
2aa3e743
+12
-4
+12
-4
src/lib/api/client.ts
+12
-4
src/lib/api/client.ts
···
111
111
112
112
// --- Auth endpoints ---
113
113
114
-
export function initiateLogin(handle: string): Promise<{ url: string }> {
114
+
export async function initiateLogin(handle: string): Promise<{ url: string }> {
115
115
const query = buildQuery({ handle })
116
-
return apiFetch<{ url: string }>(`/api/auth/login${query}`)
116
+
const result = await apiFetch<{ url: string }>(`/api/auth/login${query}`)
117
+
if (!result?.url) {
118
+
throw new ApiError(502, 'Login endpoint did not return a redirect URL')
119
+
}
120
+
return result
117
121
}
118
122
119
-
export function initiateCrossPostAuth(token: string): Promise<{ url: string }> {
120
-
return apiFetch<{ url: string }>('/api/auth/crosspost-authorize', {
123
+
export async function initiateCrossPostAuth(token: string): Promise<{ url: string }> {
124
+
const result = await apiFetch<{ url: string }>('/api/auth/crosspost-authorize', {
121
125
headers: { Authorization: `Bearer ${token}` },
122
126
})
127
+
if (!result?.url) {
128
+
throw new ApiError(502, 'Cross-post auth endpoint did not return a redirect URL')
129
+
}
130
+
return result
123
131
}
124
132
125
133
export function handleCallback(code: string, state: string): Promise<AuthSession> {