From 737c7484865121f4b3726ead6152db481f523535 Mon Sep 17 00:00:00 2001
From: Hammer <hammer7839283@gmail.com>
Date: Wed, 28 Jan 2026 23:22:53 +0000
Subject: [PATCH] fix: improve error handling for session auth check

---
 backend/src/index.ts        | 6 ++++--
 backend/src/routes/tasks.ts | 9 +++++++--
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/backend/src/index.ts b/backend/src/index.ts
index dbab6e0..7c0ecc2 100644
--- a/backend/src/index.ts
+++ b/backend/src/index.ts
@@ -71,14 +71,16 @@ const app = new Elysia()
   .use(taskRoutes)
   .get("/health", () => ({ status: "ok", service: "hammer-queue" }))
   .onError(({ error, set }) => {
-    if (error.message === "Unauthorized") {
+    const msg = error?.message || String(error);
+    if (msg === "Unauthorized") {
       set.status = 401;
       return { error: "Unauthorized" };
     }
-    if (error.message === "Task not found") {
+    if (msg === "Task not found") {
       set.status = 404;
       return { error: "Task not found" };
     }
+    console.error("Unhandled error:", msg);
     set.status = 500;
     return { error: "Internal server error" };
   })
diff --git a/backend/src/routes/tasks.ts b/backend/src/routes/tasks.ts
index b1f3caa..e0e40af 100644
--- a/backend/src/routes/tasks.ts
+++ b/backend/src/routes/tasks.ts
@@ -28,8 +28,13 @@ async function requireSessionOrBearer(request: Request, headers: Record<string,
   if (authHeader === `Bearer ${BEARER_TOKEN}`) return;
 
   // Check session
-  const session = await auth.api.getSession({ headers: request.headers });
-  if (!session) throw new Error("Unauthorized");
+  try {
+    const session = await auth.api.getSession({ headers: request.headers });
+    if (session) return;
+  } catch {
+    // Session check failed
+  }
+  throw new Error("Unauthorized");
 }
 
 export const taskRoutes = new Elysia({ prefix: "/api/tasks" })