Scott.Idem/OSIT-AE-App-Svelte
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(auth): guard passcode check against missing site_access_code_kv

Browse Source 
When the site domain resolves to ghost (not found or missing access key),
$ae_loc.site_access_code_kv is undefined, causing a TypeError on .super.length.

Add early return if kv is absent and use optional chaining on each access
level so the function gracefully returns "no match" on unregistered domains.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Scott Idem
2026-04-28 16:33:27 -04:00
parent de07fa0e0e
commit 51b7f267e9
1 changed files with 14 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
src/lib/app_components/e_app_access_type.svelte
View File

@@ -176,12 +176,15 @@ function handle_check_access_type_passcode() {
);
}
const kv = $ae_loc?.site_access_code_kv;
if (!kv) return false;
// Reminder: super > manager > administrator > trusted > public > authenticated > anonymous
if (entered_passcode && entered_passcode.length >= 5) {
if (
$ae_loc.site_access_code_kv.super.length >= 8 &&
$ae_loc.site_access_code_kv.super == entered_passcode
kv.super?.length >= 8 &&
kv.super == entered_passcode
) {
console.log('Super passcode matched');
@@ -189,8 +192,8 @@ function handle_check_access_type_passcode() {
$ae_loc.access_type = 'super';
} else if (
$ae_loc.site_access_code_kv.manager.length >= 5 &&
$ae_loc.site_access_code_kv.manager == entered_passcode
kv.manager?.length >= 5 &&
kv.manager == entered_passcode
) {
console.log('Manager passcode matched');
@@ -198,8 +201,8 @@ function handle_check_access_type_passcode() {
$ae_loc.access_type = 'manager';
} else if (
$ae_loc.site_access_code_kv.administrator.length >= 5 &&
$ae_loc.site_access_code_kv.administrator == entered_passcode
kv.administrator?.length >= 5 &&
kv.administrator == entered_passcode
) {
console.log('Administrator passcode matched');
@@ -207,8 +210,8 @@ function handle_check_access_type_passcode() {
$ae_loc.access_type = 'administrator';
} else if (
$ae_loc.site_access_code_kv.trusted.length >= 5 &&
$ae_loc.site_access_code_kv.trusted == entered_passcode
kv.trusted?.length >= 5 &&
kv.trusted == entered_passcode
) {
console.log('Trusted passcode matched');
@@ -216,8 +219,8 @@ function handle_check_access_type_passcode() {
$ae_loc.access_type = 'trusted';
} else if (
$ae_loc.site_access_code_kv.public.length >= 5 &&
$ae_loc.site_access_code_kv.public == entered_passcode
kv.public?.length >= 5 &&
kv.public == entered_passcode
) {
console.log('Public passcode matched');
@@ -225,7 +228,7 @@ function handle_check_access_type_passcode() {
$ae_loc.access_type = 'public';
} else if (
$ae_loc.site_access_code_kv.authenticated == entered_passcode
kv.authenticated == entered_passcode
) {
console.log('Authenticated passcode matched');