makiolaj/GearBox
1
0
Fork 0
Code Issues 8 Pull Requests Actions Packages Projects Releases 10 Wiki Activity

fix: address code review issues — MCP auth, error handling, password route

Browse Source 
- MCP auth middleware now rejects requests without API key when users exist
- Image /from-url route distinguishes validation errors (400) from server errors (500)
- Password change route returns 401 when no session cookie instead of crashing

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Jean-Luc Makiola
2026-04-03 13:42:34 +02:00
parent ba9662aeaf
commit 17d76761bb
3 changed files with 23 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/server/routes/auth.ts
View File

@@ -121,8 +121,15 @@ app.put(
zValidator("json", changePasswordSchema),
async (c) => {
const db = c.get("db");
const sessionId = getCookie(c, COOKIE_NAME)!;
const session = getSession(db, sessionId)!;
const sessionId = getCookie(c, COOKIE_NAME);
if (!sessionId) {
return c.json({ error: "Session required for password change" }, 401);
}
const session = getSession(db, sessionId);
if (!session) {
return c.json({ error: "Session required for password change" }, 401);
}
const userRecord = db
.select()