Context
Raised by Copilot review on #3134.
Problem
checkOAuthUserProfile() in modules/auth/controllers/auth.controller.js writes directly to res on validation failure and returns the response object:
if (error) return responses.error(res, 422, 'Schema validation error', error)(result.error);
The caller oauthCallback() then treats the returned value as a user and proceeds to sign a JWT and set cookies — leading to a potential double response (ERR_HTTP_HEADERS_SENT) and an incorrect auth flow.
Fix
checkOAuthUserProfile should throw an error (e.g. AppError) on validation failure instead of writing to res. oauthCallback already wraps the call in a try/catch, so the thrown error would be caught and handled cleanly by the existing responses.error(res, 422, ...) path.
// Instead of writing to res:
if (error) throw new AppError('Schema validation error', { code: 'VALIDATION_ERROR', details: error });
Context
Raised by Copilot review on #3134.
Problem
checkOAuthUserProfile()inmodules/auth/controllers/auth.controller.jswrites directly toreson validation failure and returns the response object:The caller
oauthCallback()then treats the returned value as auserand proceeds to sign a JWT and set cookies — leading to a potential double response (ERR_HTTP_HEADERS_SENT) and an incorrect auth flow.Fix
checkOAuthUserProfileshould throw an error (e.g.AppError) on validation failure instead of writing tores.oauthCallbackalready wraps the call in a try/catch, so the thrown error would be caught and handled cleanly by the existingresponses.error(res, 422, ...)path.