From 51b7f267e9686da33c27557ffc53c286abed4fc1 Mon Sep 17 00:00:00 2001
From: Scott Idem <stidem@gmail.com>
Date: Tue, 28 Apr 2026 16:33:27 -0400
Subject: [PATCH] fix(auth): guard passcode check against missing
 site_access_code_kv

When the site domain resolves to ghost (not found or missing access key),
$ae_loc.site_access_code_kv is undefined, causing a TypeError on .super.length.

Add early return if kv is absent and use optional chaining on each access
level so the function gracefully returns "no match" on unregistered domains.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .../app_components/e_app_access_type.svelte   | 25 +++++++++++--------
 1 file changed, 14 insertions(+), 11 deletions(-)

diff --git a/src/lib/app_components/e_app_access_type.svelte b/src/lib/app_components/e_app_access_type.svelte
index 70e7b199..c69f1e88 100644
--- a/src/lib/app_components/e_app_access_type.svelte
+++ b/src/lib/app_components/e_app_access_type.svelte
@@ -176,12 +176,15 @@ function handle_check_access_type_passcode() {
         );
     }
 
+    const kv = $ae_loc?.site_access_code_kv;
+    if (!kv) return false;
+
     // Reminder: super > manager > administrator > trusted > public > authenticated > anonymous
 
     if (entered_passcode && entered_passcode.length >= 5) {
         if (
-            $ae_loc.site_access_code_kv.super.length >= 8 &&
-            $ae_loc.site_access_code_kv.super == entered_passcode
+            kv.super?.length >= 8 &&
+            kv.super == entered_passcode
         ) {
             console.log('Super passcode matched');
 
@@ -189,8 +192,8 @@ function handle_check_access_type_passcode() {
 
             $ae_loc.access_type = 'super';
         } else if (
-            $ae_loc.site_access_code_kv.manager.length >= 5 &&
-            $ae_loc.site_access_code_kv.manager == entered_passcode
+            kv.manager?.length >= 5 &&
+            kv.manager == entered_passcode
         ) {
             console.log('Manager passcode matched');
 
@@ -198,8 +201,8 @@ function handle_check_access_type_passcode() {
 
             $ae_loc.access_type = 'manager';
         } else if (
-            $ae_loc.site_access_code_kv.administrator.length >= 5 &&
-            $ae_loc.site_access_code_kv.administrator == entered_passcode
+            kv.administrator?.length >= 5 &&
+            kv.administrator == entered_passcode
         ) {
             console.log('Administrator passcode matched');
 
@@ -207,8 +210,8 @@ function handle_check_access_type_passcode() {
 
             $ae_loc.access_type = 'administrator';
         } else if (
-            $ae_loc.site_access_code_kv.trusted.length >= 5 &&
-            $ae_loc.site_access_code_kv.trusted == entered_passcode
+            kv.trusted?.length >= 5 &&
+            kv.trusted == entered_passcode
         ) {
             console.log('Trusted passcode matched');
 
@@ -216,8 +219,8 @@ function handle_check_access_type_passcode() {
 
             $ae_loc.access_type = 'trusted';
         } else if (
-            $ae_loc.site_access_code_kv.public.length >= 5 &&
-            $ae_loc.site_access_code_kv.public == entered_passcode
+            kv.public?.length >= 5 &&
+            kv.public == entered_passcode
         ) {
             console.log('Public passcode matched');
 
@@ -225,7 +228,7 @@ function handle_check_access_type_passcode() {
 
             $ae_loc.access_type = 'public';
         } else if (
-            $ae_loc.site_access_code_kv.authenticated == entered_passcode
+            kv.authenticated == entered_passcode
         ) {
             console.log('Authenticated passcode matched');