From 0e04d016da426b8d56c08e2442fb1e46ef091778 Mon Sep 17 00:00:00 2001 From: Matt Date: Tue, 10 Feb 2026 19:24:24 +0100 Subject: [PATCH] Fix crash from unhandled AuthApiError on stale refresh tokens getSession() throws AuthApiError when refresh token is invalid/expired instead of returning null. This unhandled exception crashes the request handler, causing 503s for all resources. Wrap getSession() and getUser() in try-catch to handle gracefully and redirect to login. Co-Authored-By: Claude Opus 4.6 --- src/hooks.server.ts | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) diff --git a/src/hooks.server.ts b/src/hooks.server.ts index e4189d4..7555e85 100644 --- a/src/hooks.server.ts +++ b/src/hooks.server.ts @@ -48,21 +48,30 @@ const supabaseHandle: Handle = async ({ event, resolve }) => { * Returns session, user, and member data */ event.locals.safeGetSession = async () => { - const { - data: { session } - } = await event.locals.supabase.auth.getSession(); + let session; + try { + const { data } = await event.locals.supabase.auth.getSession(); + session = data.session; + } catch (e) { + // Invalid/expired refresh token throws AuthApiError - handle gracefully + console.warn('Session retrieval error:', e instanceof Error ? e.message : e); + return { session: null, user: null, member: null }; + } if (!session) { return { session: null, user: null, member: null }; } // Validate the session by getting the user - const { - data: { user }, - error: userError - } = await event.locals.supabase.auth.getUser(); - - if (userError || !user) { + let user; + try { + const { data, error: userError } = await event.locals.supabase.auth.getUser(); + if (userError || !data.user) { + return { session: null, user: null, member: null }; + } + user = data.user; + } catch (e) { + console.warn('User validation error:', e instanceof Error ? e.message : e); return { session: null, user: null, member: null }; }