Skip to content

Fix auth middleware bypass and missing async awaits #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
Copilot wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

Fix auth middleware bypass and missing async awaits #1

Copilot wants to merge 2 commits into from

Conversation

Copy link

Copilot AI commented Nov 30, 2025
edited
Loading

Repository scan identified a critical auth middleware bug and several code quality issues.

Security Fixes

  • Auth middleware missing return — Unauthenticated routes (/, /docs, /auth/*, /nic/update) continued executing auth checks after next(), potentially returning 401 on public endpoints:
// Before: falls through to auth header check
if (c.req.path.startsWith("/docs")) {
    await next();
}
const authHeader = c.req.header("Authorization"); // still runs

// After: properly exits
if (c.req.path.startsWith("/docs")) {
    await next();
    return;
}
  • Missing await on session invalidationSessionHandler.inValidateAllSessionsForUser() calls in password change and account deletion were not awaited, risking race conditions

Code Quality

  • Remove unused de import from zod/v4/locales
  • Replace console.log with Logger for consistent logging
  • Remove debug console.log(record) in records endpoint
  • Fix syntax error client..$getclient.$get in test file
Original prompt

scan the whole repository for any bad code, bad security or bugs and resolve thoes issues. create a pull request with your chnages when you are done

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

@LeiCraft
Fix security bugs and code quality issues
68abe67 
- Fix critical auth middleware missing return statement
- Add missing await for async session invalidation calls
- Remove unused import from specHelpers.ts
- Remove debug console.log and use Logger consistently
- Fix syntax error in test file

Co-authored-by: LeiCraft <88381277+LeiCraft@users.noreply.github.com>
Copilot AI changed the title [WIP] Scan repository for bad code and security issues Fix auth middleware bypass and missing async awaits Nov 30, 2025
Copilot AI requested a review from LeiCraft November 30, 2025 11:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@LeiCraft LeiCraft Awaiting requested review from LeiCraft

Assignees

@LeiCraft LeiCraft

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@LeiCraft