From 3826b9a60a37f21543695e1701fca1ce12737bf1 Mon Sep 17 00:00:00 2001
From: ba2slk <0730bss@gmail.com>
Date: Sat, 30 Aug 2025 23:15:59 +0900
Subject: [PATCH] Fix: Safely handle missing session data on redirect

Added a guard clause to the `handleRedirect` method to prevent a `TypeError` that occurred when the session data was lost.
The previous code would crash the server when it attempted to access `req.session.pkceCodes.verifier` after the redirect, leading to a 'net::ERR_CONNECTION_RESET' error in the browser.
The new code checks if the necessary session data is available. If it's missing, it gracefully redirects the user to the home page, allowing them to restart the login flow without causing a server crash.
---
 App/auth/AuthProvider.js | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/App/auth/AuthProvider.js b/App/auth/AuthProvider.js
index a43fefc..611f5ce 100644
--- a/App/auth/AuthProvider.js
+++ b/App/auth/AuthProvider.js
@@ -126,6 +126,12 @@ class AuthProvider {
                 return next(new Error('Error: response not found'));
             }
 
+            // Safely handle missing session data and prevent a TypeError by redirecting.
+            if (!req.session || !req.session.pkceCodes) {
+                console.error('Session data is missing. PKCE codes could not be retrieved.');
+                return res.redirect('/');
+            }
+
             const authCodeRequest = {
                 ...req.session.authCodeRequest,
                 code: req.body.code,