Feat/orgs #79
Feat/orgs #79
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![vercel[bot]](https://avatars.githubusercontent.com/in/8329?s=60&v=4){kind=small}
There was a problem hiding this comment.
Additional Comments:
packages/app/src/middleware.ts (lines 16-48):
The middleware makes an unprotected API call that will crash the entire application if the API is unavailable or returns an error status. When apiClient.user.getCurrentUser() throws an error (which it does on non-2xx HTTP responses), there's no try-catch to handle it, causing the middleware to fail on every protected route request.
View Details
📝 Patch Details
diff --git a/packages/app/src/middleware.ts b/packages/app/src/middleware.ts
index 81bb37ad..d074a35f 100644
--- a/packages/app/src/middleware.ts
+++ b/packages/app/src/middleware.ts
@@ -21,7 +21,7 @@ export default clerkMiddleware(async (auth, req: NextRequest) => {
const token = await session.getToken();
return {
"Content-Type": "application/json",
- Authorization: `Bearer ${token}`,
+ Authorization: token ? `Bearer ${token}` : "",
};
},
});
@@ -29,22 +29,28 @@ export default clerkMiddleware(async (auth, req: NextRequest) => {
if (isProtectedRoute(req)) {
console.log("isProtectedRoute", req.url);
console.log("calling apiClient.user.getCurrentUser");
- const user = await apiClient.user.getCurrentUser();
- if (!user.success) {
- return NextResponse.redirect(new URL("/login", req.url));
- }
+
+ try {
+ const user = await apiClient.user.getCurrentUser();
+ if (!user.success) {
+ return NextResponse.redirect(new URL("/login", req.url));
+ }
- if (user && user.success) {
- const requestHeaders = new Headers(req.headers);
- requestHeaders.set("x-user-data", JSON.stringify(user.data));
- return NextResponse.next({
- request: {
- headers: requestHeaders,
- },
- });
- }
+ if (user && user.success) {
+ const requestHeaders = new Headers(req.headers);
+ requestHeaders.set("x-user-data", JSON.stringify(user.data));
+ return NextResponse.next({
+ request: {
+ headers: requestHeaders,
+ },
+ });
+ }
- return NextResponse.next();
+ return NextResponse.next();
+ } catch (error) {
+ console.error("Auth middleware error:", error);
+ return NextResponse.redirect(new URL("/login", req.url));
+ }
}
});
Analysis
Unhandled API exception in middleware crashes protected routes
What fails: apiClient.user.getCurrentUser() in middleware.ts:32 throws unhandled exceptions when API returns non-2xx responses, causing middleware to fail on all protected routes (/orgs., /projects.)
How to reproduce:
# Start app with API server down or returning errors
# Navigate to /orgs/anything or /projects/anything
# Middleware throws: "API request failed: 500 Internal Server Error"Result: Unhandled exception propagates through middleware, preventing access to protected routes. Additionally, session.getToken() can return null, sending "Bearer null" to API.
Expected: Middleware should handle API errors gracefully and redirect to login page per Next.js middleware patterns
No description provided.