From 89f8133da41a01913f102cc64bc87f44b04675d4 Mon Sep 17 00:00:00 2001
From: DataHearth <antoine.l@antoine-langlois.net>
Date: Wed, 9 Aug 2023 16:22:52 +0200
Subject: [PATCH] fix infinite loop on invalid origin

---
 frontend/src/app.d.ts        | 6 +++++-
 frontend/src/hooks.server.ts | 6 +++---
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/frontend/src/app.d.ts b/frontend/src/app.d.ts
index 97f71a0..8b6c350 100644
--- a/frontend/src/app.d.ts
+++ b/frontend/src/app.d.ts
@@ -2,7 +2,11 @@
 // for information about these interfaces
 declare global {
 	namespace App {
-		// interface Error {}
+		// interface Error {
+		// 	status: number;
+		// 	message: string;
+		// }
+
 		interface Locals {
 			session: boolean;
 		}
diff --git a/frontend/src/hooks.server.ts b/frontend/src/hooks.server.ts
index f0a94a2..dcd815b 100644
--- a/frontend/src/hooks.server.ts
+++ b/frontend/src/hooks.server.ts
@@ -1,6 +1,6 @@
 import { env } from '$env/dynamic/private';
 import type { OAuth2Response } from '$lib/types';
-import { redirect, type Handle } from '@sveltejs/kit';
+import { error, redirect, type Handle } from '@sveltejs/kit';
 import { sequence } from '@sveltejs/kit/hooks';
 
 const protectedRoutes = ['/'];
@@ -55,8 +55,8 @@ const handleAuth: Handle = async ({ resolve, event }) => {
 	} else if (event.locals.session) return await resolve(event);
 
 	if (event.url.origin !== env.ORIGIN) {
-		console.error(`invalid origin: ${event.url.origin}`);
-		throw redirect(303, '/login');
+		console.error(`invalid origin. ${event.url.origin}`);
+		throw error(403, 'invalid origin');
 	}
 
 	if (event.url.pathname === '/auth/discord') {