fix #12: bypass auth.api.getSession() Drizzle queryWithCache bug

Manually parse session token from cookie and query sessions/users tables via db.select() (regular query builder) instead of using auth.api.getSession() which triggers Drizzle 0.45.2 queryWithCache internal error when called from non-route-handler async context.
2026-04-27 12:27:25 -07:00
parent 26c7ad4d7b
commit fe5153c4e5
1 changed files with 34 additions and 6 deletions
--- a/src/app/api/compare/route.ts
+++ b/src/app/api/compare/route.ts
@@ -2,10 +2,9 @@ import { runResearch } from "@/lib/llm";
 import type { ComparisonRequest } from "@/lib/llm/types";
 import type { ComparisonData } from "@/lib/types";
 import { db } from "@/lib/db";
-import { comparisons, comparisonItems } from "@/lib/db/schema";
-import { eq } from "drizzle-orm";
+import { comparisons, comparisonItems, sessions, users } from "@/lib/db/schema";
+import { eq, and, gt } from "drizzle-orm";
 import { createId } from "@paralleldrive/cuid2";
-import { auth } from "@/lib/auth";

 function serializeSSE(event: string, data: unknown): string {
  return `event: ${event}\ndata: ${JSON.stringify(data)}\n\n`;
@@ -24,11 +23,40 @@ function slugify(text: string): string {
 // const ratelimit = new Ratelimit({ redis, limiter: slidingWindow(5, "1m") })

 export async function POST(request: Request) {
-  const session = await auth.api.getSession({ headers: request.headers });
-  if (!session?.user) {
+  // Bypass auth.api.getSession() — Drizzle queryWithCache bug (#12)
+  // Manually parse session token from cookie and query sessions table directly
+  const cookieHeader = request.headers.get("cookie") ?? "";
+  const tokenMatch = cookieHeader
+    .split(";")
+    .find((c) => c.trim().startsWith("better-auth.session_token="));
+  const token = tokenMatch?.split("=")?.[1]?.trim();
+
+  if (!token) {
    return Response.json({ error: "Authentication required" }, { status: 401 });
  }

+  const sessionRows = await db
+    .select()
+    .from(sessions)
+    .where(and(eq(sessions.token, token), gt(sessions.expiresAt, new Date())))
+    .limit(1);
+
+  if (!sessionRows.length) {
+    return Response.json({ error: "Authentication required" }, { status: 401 });
+  }
+
+  const userRows = await db
+    .select()
+    .from(users)
+    .where(eq(users.id, sessionRows[0].userId))
+    .limit(1);
+
+  if (!userRows.length) {
+    return Response.json({ error: "Authentication required" }, { status: 401 });
+  }
+
+  const userId = userRows[0].id;
+
  const body: { query?: string; items?: string[]; dimensions?: string[] } =
    await request.json();
  const { query, items, dimensions } = body;
@@ -60,7 +88,7 @@ export async function POST(request: Request) {

  await db.insert(comparisons).values({
    id,
-    userId: session.user.id,
+    userId: userId,
    title,
    query: query ?? title,
    slug,