POST /api/compare missing auth gate -- returns 500 instead of 401 #11

New Issue

Closed

opened 2026-04-27 17:28:12 +00:00 by TopherMayor · 0 comments

TopherMayor commented 2026-04-27 17:28:12 +00:00

Owner

Copy Link

Description

Unauthenticated POST requests to /api/compare return HTTP 500 instead of 401 Unauthorized.

Expected

POST /api/compare (no session) -> 401 Unauthorized

Actual

POST /api/compare (no session) -> 500 Internal Server Error

Fix

Add auth check at the top of the compare handler before attempting DB operations.

Severity: High - security + error handling.

## Description Unauthenticated POST requests to `/api/compare` return HTTP 500 instead of 401 Unauthorized. ## Expected ``` POST /api/compare (no session) -> 401 Unauthorized ``` ## Actual ``` POST /api/compare (no session) -> 500 Internal Server Error ``` ## Fix Add auth check at the top of the compare handler before attempting DB operations. ## Severity: High - security + error handling.

TopherMayor added the bug label 2026-04-27 17:28:12 +00:00

TopherMayor referenced this issue from a commit 2026-04-27 17:33:50 +00:00

fix #9 #10 #11: fix email_verified schema, add auth gate to compare, use real user id

TopherMayor closed this issue 2026-04-27 17:55:54 +00:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

fix/e2e-bugs-9-10-11

feat/frontend

feat/backend

feat/llm-engine

No results found.

Labels

Clear labels

backend

Server-side, API, database

bug

Bugs and logic errors

documentation

Docs, comments

feature

New feature or enhancement

frontend

UI/UX frontend work

improvement

Code quality, refactoring

testing

Test gaps, new tests

No Label bug

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

TopherMayor

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: TopherMayor/comparaison#11