Harden user auth routes and standardize error handling

[Kvnbbg]

Motivation

• Improve robustness and clarity of the user authentication endpoints to prevent silent crashes during Demo Day and in production.
• Standardize error responses and HTTP status usage so clients receive consistent, non-leaking error payloads.
• Add input validation and defensive guards around external interactions (DB and token ops) to reduce runtime exceptions.

Description

• Introduced AUTH_HEADER_PREFIX, HTTP status constants, and a reusable error_response helper for consistent JSON error payloads.
• Strengthened require_auth by validating the Authorization header format, guarding empty tokens, and wrapping token verification in a try/except to avoid uncaught exceptions.
• Hardened login by validating request payload types, trimming string inputs, wrapping the user lookup and token creation in try/except, and providing clear failure responses with appropriate HTTP codes.
• Added safe role extraction and a defensive check in get_profile to ensure no invalid g.current_user leads to a crash.

Testing

• No automated tests were run on this change.

---

Codex Task

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
cfa	Ready	Preview, Comment	Jan 24, 2026 8:08pm

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, you can upgrade your account or add credits to your account and enable them for code reviews in your settings.