Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 9 additions & 1 deletion src/app/bills/[id]/page.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,15 @@
export default async function BillDetail({ params }: Params) {
const { id } = await params;

const session = await getServerSession(authOptions);
// The session only gates the admin "Edit" link — a misconfigured auth setup
// (e.g. missing NEXTAUTH_SECRET, which throws in production) must not take
// down the public bill page.
let session = null;
try {
session = await getServerSession(authOptions);
} catch (error) {
console.error("Failed to resolve session for bill page:", error);
}
const headerList = await headers();
const host =
headerList.get("x-forwarded-host") || headerList.get("host") || "";
Expand Down Expand Up @@ -161,7 +169,7 @@
params: Promise<{ id: string }>;
searchParams: Promise<{ q?: string }>;
},
_parent: ResolvingMetadata,

Check warning on line 172 in src/app/bills/[id]/page.tsx

View workflow job for this annotation

GitHub Actions / lint

'_parent' is defined but never used
): Promise<Metadata> {
const { id } = await params;
const sp = await searchParams;
Expand Down
10 changes: 9 additions & 1 deletion src/app/bills/lib/auth-guards.ts
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,15 @@ export async function requireAuthenticatedUser() {
return { session: null, dbUser: null };
}

const session = await getServerSession(authOptions);
// Fail closed: if the session can't be resolved (e.g. missing
// NEXTAUTH_SECRET throws in production), treat the user as signed out
// instead of surfacing a 500.
let session = null;
try {
session = await getServerSession(authOptions);
} catch (error) {
console.error("Failed to resolve session in auth guard:", error);
}

if (!session?.user?.email) {
redirect(`${BASE_PATH}/unauthorized`);
Expand Down
Loading