Make subdomain passport lookup more defensive - try username and ID

cgen-15db8a51f310456fac0c747c9716b219
2025-11-15 04:54:35 +00:00 · 2025-11-15 04:54:35 +00:00 · e45479212e
commit e45479212e
parent 86bfa51ba9
1 changed files with 53 additions and 38 deletions
--- a/api/passport/subdomain/[username].ts
+++ b/api/passport/subdomain/[username].ts
@ -15,43 +15,57 @@ export default async function handler(req: VercelRequest, res: VercelResponse) {
  try {
    const admin = getAdminClient();
-    // Look up user by username
+    const userFields = `
-    const { data: user, error: userError } = await admin
+      id,
-      .from("user_profiles")
+      username,
-      .select(
+      full_name,
-        `
+      email,
-        id,
+      bio,
-        username,
+      avatar_url,
-        full_name,
+      banner_url,
-        email,
+      location,
-        bio,
+      website_url,
-        avatar_url,
+      github_url,
-        banner_url,
+      linkedin_url,
-        location,
+      twitter_url,
-        website_url,
+      role,
-        github_url,
+      level,
-        linkedin_url,
+      total_xp,
-        twitter_url,
+      user_type,
-        role,
+      experience_level,
-        level,
+      current_streak,
-        total_xp,
+      longest_streak,
-        user_type,
+      created_at,
-        experience_level,
+      updated_at
-        current_streak,
+    `;
        longest_streak,
        created_at,
        updated_at
      `,
      )
      .eq("username", username)
      .single();
-    if (userError) {
+    // Try to look up user by username first (case-insensitive)
-      if (userError.code === "PGRST116") {
+    let user: any = null;
-        // No rows found
+
-        return res.status(404).json({ error: "User not found" });
+    try {
      const result = await admin
        .from("user_profiles")
        .select(userFields)
        .ilike("username", `%${username}%`)
        .limit(1)
        .single();
      user = result.data;
    } catch (e) {
      // Continue to ID lookup
    }
    // If not found by username, try by exact ID match
    if (!user) {
      try {
        const result = await admin
          .from("user_profiles")
          .select(userFields)
          .eq("id", username)
          .single();
        user = result.data;
      } catch (e) {
        // Continue to error handling
      }
      throw userError;
    }
    if (!user) {
@ -94,8 +108,7 @@ export default async function handler(req: VercelRequest, res: VercelResponse) {
    const { data: linkedProviders = [] } = await admin
      .from("user_auth_identities")
      .select("provider, linked_at, last_sign_in_at")
-      .eq("user_id", user.id)
+      .eq("user_id", user.id);
      .not("deleted_at", "is", null);
    return res.status(200).json({
      type: "creator",
@ -104,7 +117,9 @@ export default async function handler(req: VercelRequest, res: VercelResponse) {
        achievements: achievements
          .map((a: any) => a.achievements)
          .filter(Boolean),
-        interests: userInterests.map((i: any) => i.interests).filter(Boolean),
+        interests: userInterests
          .map((i: any) => i.interests)
          .filter(Boolean),
        linkedProviders,
      },
      domain: req.headers.host || "",