Fix signin SQL value handling

src/app/api/auth/signin/route.ts

@@ -3,14 +3,15 @@ import { sql } from "@/db";
 import { cookies } from "next/headers";
 
 export async function POST(request: Request) {
-  const { email } = await request.json();
+  const body = await request.json();
+  const email = body?.email;
 
   if (!email) {
     return NextResponse.json({ error: "Email required" }, { status: 400 });
   }
 
   try {
-    // Find user
+    // Find user - use parameterized query
     const users = await sql`
       SELECT u.id, u.email, fm.family_id as family_id
       FROM users u
@@ -19,51 +20,48 @@ export async function POST(request: Request) {
       LIMIT 1
     `;
 
-    if (!users || users.length === 0) {
+    const user = users?.[0];
+
+    if (!user) {
       return NextResponse.json({ error: "User not found" }, { status: 404 });
     }
 
-    const user = users[0];
-    const userId = user.id;
-    const familyId = user.family_id;
-
-    // Create session in database
+    // Create session token
     const sessionToken = crypto.randomUUID();
     const expires = new Date();
-    expires.setDate(expires.getDate() + 30); // 30 days
+    expires.setDate(expires.getDate() + 30);
 
+    // Insert session
     await sql`
       INSERT INTO sessions (session_token, user_id, expires)
-      VALUES ${sql(sessionToken, userId, expires)}
+      VALUES (${sessionToken}, ${user.id}, ${expires.toISOString()})
     `;
 
     // Get family info
     let family = null;
-    if (familyId) {
+    if (user.family_id) {
       const families = await sql`
         SELECT id, name, tier, max_children, max_members
-        FROM families WHERE id = ${familyId}
+        FROM families WHERE id = ${user.family_id}
       `;
-      if (families.length > 0) {
-        family = families[0];
-      }
+      family = families?.[0];
     }
 
-    // Create response with cookie
+    // Create response
     const response = NextResponse.json({
       success: true,
       userId: user.id,
       email: user.email,
-      familyId: familyId,
+      familyId: user.family_id,
       family: family,
     });
 
-    // Set session cookie (httpOnly, secure, sameSite)
-    response.cookies.set("session", sessionToken, {
+    // Set cookie
+    response.cookies.set("tia_session", sessionToken, {
       httpOnly: true,
       secure: process.env.NODE_ENV === "production",
       sameSite: "lax",
-      maxAge: 60 * 60 * 24 * 30, // 30 days
+      maxAge: 60 * 60 * 24 * 30,
       path: "/",
     });
 
@@ -74,17 +72,15 @@ export async function POST(request: Request) {
   }
 }
 
-// GET current session
 export async function GET() {
   try {
     const cookieStore = await cookies();
-    const sessionToken = cookieStore.get("session")?.value;
+    const sessionToken = cookieStore.get("tia_session")?.value;
 
     if (!sessionToken) {
       return NextResponse.json({ authenticated: false });
     }
 
-    // Look up session
     const sessions = await sql`
       SELECT s.user_id, s.expires, u.email
       FROM sessions s
@@ -93,13 +89,12 @@ export async function GET() {
         AND s.expires > NOW()
     `;
 
-    if (!sessions || sessions.length === 0) {
+    const session = sessions?.[0];
+
+    if (!session) {
       return NextResponse.json({ authenticated: false });
     }
 
-    const session = sessions[0];
-
-    // Get family via family_members
     const members = await sql`
       SELECT fm.family_id, f.name as family_name, f.tier
       FROM family_members fm
@@ -111,9 +106,9 @@ export async function GET() {
       authenticated: true,
       userId: session.user_id,
       email: session.email,
-      familyId: members[0]?.family_id,
-      familyName: members[0]?.family_name,
-      tier: members[0]?.tier,
+      familyId: members?.[0]?.family_id,
+      familyName: members?.[0]?.family_name,
+      tier: members?.[0]?.tier,
     });
   } catch (error) {
     return NextResponse.json({ authenticated: false });