fix: add OIDC startup diagnostic and fix HTTPException handling

The @hono/oidc-auth middleware catches all errors and rethrows as "Invalid session", hiding the real cause. This adds a startup probe to OIDC discovery endpoint so the actual error appears in logs. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-08 21:33:59 +02:00
parent e63b3876c1
commit 9dca657ab1
1 changed files with 32 additions and 0 deletions
--- a/src/server/index.ts
+++ b/src/server/index.ts
@@ -26,11 +26,43 @@ import { totalRoutes } from "./routes/totals.ts";
 // Seed default data on startup
 await seedDefaults();

+// OIDC connectivity pre-check: verify Logto discovery is reachable at startup
+// This surfaces network/config errors early in logs rather than hiding them as "Invalid session"
+const oidcIssuer = process.env.OIDC_ISSUER;
+if (oidcIssuer) {
+	const discoveryUrl = `${oidcIssuer}/.well-known/openid-configuration`;
+	fetch(discoveryUrl)
+		.then(async (res) => {
+			if (!res.ok) {
+				console.error(
+					`[OIDC] Discovery endpoint returned HTTP ${res.status}: ${discoveryUrl}`,
+				);
+			} else {
+				console.log(`[OIDC] Discovery endpoint reachable: ${discoveryUrl}`);
+			}
+		})
+		.catch((err) => {
+			console.error(
+				`[OIDC] Discovery endpoint unreachable: ${discoveryUrl}`,
+				err,
+			);
+			console.error(
+				"[OIDC] This will cause 'Invalid session' errors on /login — check network connectivity to Logto",
+			);
+		});
+} else {
+	console.warn("[OIDC] OIDC_ISSUER is not set — OIDC authentication will fail");
+}
+
 const app = new Hono();

 // Centralized error handler
 app.onError((err, c) => {
 	console.error(`[${c.req.method}] ${c.req.path}:`, err);
+	// HTTPException has a getResponse() method — use it to preserve the original status/message
+	if ("getResponse" in err && typeof (err as any).getResponse === "function") {
+		return (err as any).getResponse();
+	}
 	const message =
 		process.env.NODE_ENV === "production"
 			? "Internal server error"