Login: remove temporary debug logging

Root cause for "invalid credentials" on correct password was a
corrupt btree index (idx_users_email) causing user lookups to miss
existing rows. Fixed by REINDEX DATABASE. Keeping a typed catch
around passwords.verify() so any future verify throw is logged
cleanly instead of bubbling as 500.
This commit is contained in:
Daniel 2026-04-14 03:48:56 +02:00
parent a8a3ade069
commit 9da529e593

View file

@ -309,7 +309,13 @@ router.post('/login', async (req, res) => {
return res.status(401).json({ error: 'Invalid credentials' });
}
var valid = await passwords.verify(password, user.password);
var valid;
try {
valid = await passwords.verify(password, user.password);
} catch (verifyErr) {
console.error('[Auth] passwords.verify threw:', verifyErr.message);
return res.status(500).json({ error: 'Request failed' });
}
if (!valid) {
await db.run('INSERT INTO audit_log (user_id, action, ip_address) VALUES (?, ?, ?)', [user.id, 'login_failed', req.ip]).catch(function(){});
return res.status(401).json({ error: 'Invalid credentials' });