Fix crash from unhandled AuthApiError on stale refresh tokens

getSession() throws AuthApiError when refresh token is invalid/expired
instead of returning null. This unhandled exception crashes the request
handler, causing 503s for all resources. Wrap getSession() and getUser()
in try-catch to handle gracefully and redirect to login.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

src/hooks.server.ts

@@ -48,21 +48,30 @@ const supabaseHandle: Handle = async ({ event, resolve }) => {
 	 * Returns session, user, and member data
 	 */
 	event.locals.safeGetSession = async () => {
-		const {
+		let session;
-			data: { session }
+		try {
-		} = await event.locals.supabase.auth.getSession();
+			const { data } = await event.locals.supabase.auth.getSession();
+			session = data.session;
+		} catch (e) {
+			// Invalid/expired refresh token throws AuthApiError - handle gracefully
+			console.warn('Session retrieval error:', e instanceof Error ? e.message : e);
+			return { session: null, user: null, member: null };
+		}
 
 		if (!session) {
 			return { session: null, user: null, member: null };
 		}
 
 		// Validate the session by getting the user
-		const {
+		let user;
-			data: { user },
+		try {
-			error: userError
+			const { data, error: userError } = await event.locals.supabase.auth.getUser();
-		} = await event.locals.supabase.auth.getUser();
+			if (userError || !data.user) {
-
+				return { session: null, user: null, member: null };
-		if (userError || !user) {
+			}
+			user = data.user;
+		} catch (e) {
+			console.warn('User validation error:', e instanceof Error ? e.message : e);
 			return { session: null, user: null, member: null };
 		}