makiolaj/GearBox
1
0
Fork 0
Code Issues 8 Pull Requests Actions Packages Projects Releases 10 Wiki Activity

fix: address code review issues — MCP auth, error handling, password route

Browse Source 
- MCP auth middleware now rejects requests without API key when users exist
- Image /from-url route distinguishes validation errors (400) from server errors (500)
- Password change route returns 401 when no session cookie instead of crashing

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Jean-Luc Makiola
2026-04-03 13:42:34 +02:00
parent ba9662aeaf
commit 17d76761bb
3 changed files with 23 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/server/routes/images.ts
View File

@@ -19,7 +19,14 @@ app.post("/from-url", zValidator("json", fromUrlSchema), async (c) => {
const result = await fetchImageFromUrl(url);
return c.json(result, 201);
} catch (err) {
return c.json({ error: (err as Error).message }, 400);
const message = (err as Error).message;
// Known validation errors from the service
const isValidationError =
message.startsWith("Invalid") ||
message.startsWith("URL must") ||
message.startsWith("File too") ||
message.startsWith("HTTP ");
return c.json({ error: message }, isValidationError ? 400 : 500);
}
});