Make subdomain passport lookup more defensive - try username and ID

cgen-15db8a51f310456fac0c747c9716b219

api/passport/subdomain/[username].ts

@@ -15,43 +15,57 @@ export default async function handler(req: VercelRequest, res: VercelResponse) {
   try {
     const admin = getAdminClient();
 
-    // Look up user by username
+    const userFields = `
-    const { data: user, error: userError } = await admin
+      id,
-      .from("user_profiles")
+      username,
-      .select(
+      full_name,
-        `
+      email,
-        id,
+      bio,
-        username,
+      avatar_url,
-        full_name,
+      banner_url,
-        email,
+      location,
-        bio,
+      website_url,
-        avatar_url,
+      github_url,
-        banner_url,
+      linkedin_url,
-        location,
+      twitter_url,
-        website_url,
+      role,
-        github_url,
+      level,
-        linkedin_url,
+      total_xp,
-        twitter_url,
+      user_type,
-        role,
+      experience_level,
-        level,
+      current_streak,
-        total_xp,
+      longest_streak,
-        user_type,
+      created_at,
-        experience_level,
+      updated_at
-        current_streak,
+    `;
-        longest_streak,
-        created_at,
-        updated_at
-      `,
-      )
-      .eq("username", username)
-      .single();
 
-    if (userError) {
+    // Try to look up user by username first (case-insensitive)
-      if (userError.code === "PGRST116") {
+    let user: any = null;
-        // No rows found
+
-        return res.status(404).json({ error: "User not found" });
+    try {
+      const result = await admin
+        .from("user_profiles")
+        .select(userFields)
+        .ilike("username", `%${username}%`)
+        .limit(1)
+        .single();
+      user = result.data;
+    } catch (e) {
+      // Continue to ID lookup
+    }
+
+    // If not found by username, try by exact ID match
+    if (!user) {
+      try {
+        const result = await admin
+          .from("user_profiles")
+          .select(userFields)
+          .eq("id", username)
+          .single();
+        user = result.data;
+      } catch (e) {
+        // Continue to error handling
       }
-      throw userError;
     }
 
     if (!user) {
@@ -94,8 +108,7 @@ export default async function handler(req: VercelRequest, res: VercelResponse) {
     const { data: linkedProviders = [] } = await admin
       .from("user_auth_identities")
       .select("provider, linked_at, last_sign_in_at")
-      .eq("user_id", user.id)
+      .eq("user_id", user.id);
-      .not("deleted_at", "is", null);
 
     return res.status(200).json({
       type: "creator",
@@ -104,7 +117,9 @@ export default async function handler(req: VercelRequest, res: VercelResponse) {
         achievements: achievements
           .map((a: any) => a.achievements)
           .filter(Boolean),
-        interests: userInterests.map((i: any) => i.interests).filter(Boolean),
+        interests: userInterests
+          .map((i: any) => i.interests)
+          .filter(Boolean),
         linkedProviders,
       },
       domain: req.headers.host || "",