better logging for auth/account fetch failures

2026-06-21 13:30:43 +00:00 · 2025-12-12 10:25:26 -08:00
parent b832da308a
commit 2e52c0aa41
2 changed files with 34 additions and 17 deletions
@@ -341,7 +341,10 @@ export async function startWorker() {
          log.warn(`Invalid token: ${result.message}`, {
            clientID: clientMsg.clientID,
          });
-          ws.close(1002, "Unauthorized");
+          ws.close(
+            1002,
+            `Unauthorized: invalid token for client ${clientMsg.clientID}`,
+          );
          return;
        }
        const { persistentId, claims } = result;
@@ -376,13 +379,18 @@ export async function startWorker() {
        } else {
          // Verify token and get player permissions
          const result = await getUserMe(clientMsg.token, config);
-          if (result === false) {
-            log.warn("Unauthorized: Invalid session");
-            ws.close(1002, "Unauthorized");
+          if (result.type === "error") {
+            log.warn(`Unauthorized: ${result.message}`, {
+              clientID: clientMsg.clientID,
+            });
+            ws.close(
+              1002,
+              `Unauthorized: user me fetch failed for client ${clientMsg.clientID}`,
+            );
            return;
          }
-          roles = result.player.roles;
-          flares = result.player.flares;
+          roles = result.response.player.roles;
+          flares = result.response.player.flares;

          if (allowedFlares !== undefined) {
            const allowed =
@@ -424,7 +432,7 @@ export async function startWorker() {
                clientID: clientMsg.clientID,
                reason: turnstileResult.reason,
              });
-              ws.close(1002, "Unauthorized");
+              ws.close(1002, "Unauthorized: Turnstile token rejected");
              return;
            case "error":
              // Fail open, allow the client to join.
@@ -58,7 +58,10 @@ export async function verifyClientToken(
 export async function getUserMe(
  token: string,
  config: ServerConfig,
-): Promise<UserMeResponse | false> {
+): Promise<
+  | { type: "success"; response: UserMeResponse }
+  | { type: "error"; message: string }
+> {
  try {
    // Get the user object
    const response = await fetch(config.jwtIssuer() + "/users/@me", {
@@ -66,19 +69,25 @@ export async function getUserMe(
        authorization: `Bearer ${token}`,
      },
    });
-    if (response.status !== 200) return false;
+    if (response.status !== 200) {
+      return {
+        type: "error",
+        message: `Failed to fetch user me: ${response.statusText}`,
+      };
+    }
    const body = await response.json();
    const result = UserMeResponseSchema.safeParse(body);
    if (!result.success) {
-      console.error(
-        "Invalid response",
-        JSON.stringify(body),
-        JSON.stringify(result.error),
-      );
-      return false;
+      return {
+        type: "error",
+        message: `Invalid response: ${z.prettifyError(result.error)}`,
+      };
    }
-    return result.data;
+    return { type: "success", response: result.data };
  } catch (e) {
-    return false;
+    return {
+      type: "error",
+      message: `Failed to fetch user me: ${e}`,
+    };
  }
 }