fix(auth): prevent login page freeze on OAuth sign-in failure (#506)

Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>
2026-02-25 01:59:36 +00:00
parent 9a7673bea2
commit 5f6c520a98
3 changed files with 37 additions and 6 deletions
--- a/apps/api/src/auth/auth.config.ts
+++ b/apps/api/src/auth/auth.config.ts
@@ -254,6 +254,10 @@ export function createAuth(prisma: PrismaClient) {
      enabled: true,
    },
    plugins: [...getOidcPlugins()],
+    logger: {
+      disabled: false,
+      level: "error",
+    },
    session: {
      expiresIn: 60 * 60 * 24 * 7, // 7 days absolute max
      updateAge: 60 * 60 * 2, // 2 hours — minimum session age before BetterAuth refreshes the expiry on next request
--- a/apps/api/src/auth/auth.controller.ts
+++ b/apps/api/src/auth/auth.controller.ts
@@ -123,6 +123,14 @@ export class AuthController {

    try {
      await handler(req, res);
+
+      // BetterAuth writes responses directly — catch silent 500s that bypass NestJS error handling
+      if (res.statusCode >= 500) {
+        this.logger.error(
+          `BetterAuth returned ${String(res.statusCode)} for ${req.method} ${req.url} from ${clientIp}` +
+            ` — check container stdout for '# SERVER_ERROR' details`
+        );
+      }
    } catch (error: unknown) {
      const message = error instanceof Error ? error.message : String(error);
      const stack = error instanceof Error ? error.stack : undefined;
--- a/apps/web/src/app/(auth)/login/page.tsx
+++ b/apps/web/src/app/(auth)/login/page.tsx
@@ -128,7 +128,26 @@ function LoginPageContent(): ReactElement {
    setError(null);
    const callbackURL =
      typeof window !== "undefined" ? new URL("/", window.location.origin).toString() : "/";
-    signIn.oauth2({ providerId, callbackURL }).catch((err: unknown) => {
+    signIn
+      .oauth2({ providerId, callbackURL })
+      .then((result) => {
+        // BetterAuth returns Data | Error union — check for error or missing redirect URL
+        const hasError = "error" in result && result.error;
+        const hasUrl = "data" in result && result.data?.url;
+        if (hasError || !hasUrl) {
+          const errObj = hasError ? result.error : null;
+          const message =
+            errObj && typeof errObj === "object" && "message" in errObj
+              ? String(errObj.message)
+              : "no redirect URL";
+          console.error(`[Auth] OAuth sign-in failed for ${providerId}:`, message);
+          setError("Unable to connect to the sign-in provider. Please try again in a moment.");
+          setOauthLoading(null);
+        }
+        // If data.url exists, BetterAuth's client will redirect the browser automatically.
+        // No need to reset loading — the page is navigating away.
+      })
+      .catch((err: unknown) => {
        const message = err instanceof Error ? err.message : String(err);
        console.error(`[Auth] OAuth sign-in initiation failed for ${providerId}:`, message);
        setError("Unable to connect to the sign-in provider. Please try again in a moment.");