[CRITICAL] Information disclosure — exception details leaked in auth responses (Fixes #2893)

[namann5]

Description

The get_current_user dependency in backend/routers/auth.py:68 was leaking the raw exception message to clients:

detail=f"Invalid session: {exc}"

This exposed internal Supabase/JWT error details (expiry times, parsing errors, internal paths) to attackers, enabling token crafting probes and backend fingerprinting.

Fix

Replaced with a generic message:

detail="Invalid session"

Closes #2893

[vercel]

@namann5 is attempting to deploy a commit to the ritesh Team on Vercel.

A member of the Team first needs to authorize it.

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, you can upgrade your account or add credits to your account and enable them for code reviews in your settings.

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 2bb42bed-b97b-43e7-bb71-7480dc74d189

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}