fix: add typeof string guard for email/password/name in auth routes to prevent type confusion

[tmdeveloper007]

Summary

Fixes a type confusion vulnerability in app/api/auth/login/route.ts and app/api/auth/signup/route.ts. The routes call .toLowerCase() on email (and name in signup) without verifying the value is actually a string. A malicious client can send a JSON object or array, bypassing the truthiness check ({} is truthy) and causing a TypeError that results in a 500 Internal Server Error.

Fix

Added typeof email !== "string" (and typeof name !== "string" for signup) to the input validation guard, returning a 400 Bad Request for non-string values.

Impact

• Prevents DoS via malformed auth payloads
• Fixes security issue reported in Security: Type Confusion vulnerability in Auth APIs leads to unhandled exceptions and 500 errors #2413

[vercel]

Someone is attempting to deploy a commit to the Nisshchaya's projects Team on Vercel.

A member of the Team first needs to authorize it.

[coderabbitai]

Warning

Review limit reached

@tmdeveloper007, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 1 hour. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits.

🚦 How do rate limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan refill rate.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, the refill rate gradually slows as usage increases. The highest same-day bursts are limited more strictly.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: a4ed5697-ea80-47c2-9d74-458711d79c17

📥 Commits

Reviewing files that changed from the base of the PR and between d4e21a5 and 41e3480.

📒 Files selected for processing (5)

• app/api/auth/login/route.ts
• app/api/auth/signup/route.ts
• lib/rateLimiter.ts
• lib/services/geminiService.ts
• lib/services/gitService.ts

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

⚠️ GSSoC Quality Check Failed — PR #2432

Hi @tmdeveloper007! 👋 Your PR has been flagged by our automated GSSoC quality check.

Issues found:

• 🔗 No linked issue — Every PR must be linked to an open issue. Add closes #<issue-number> or fixes #<issue-number> in your description so maintainers know what this PR resolves.

---

✅ How to fix this

1. Read the issues listed above carefully
2. Edit your PR title and description to address them
3. Make sure your PR is linked to an open issue using closes #<issue-number>
4. Make sure your changes are meaningful and solve a real problem

Once you've fixed these, a maintainer will review and remove the flag. If you believe this is a mistake, please comment below. 🙏

GSSoC'26 automation · Maintainer: @nisshchayarathi

[tmdeveloper007]

CI Status

• Lint: PASS
• CodeQL: PASS
• Prisma Schema Check: PASS
• GSSoC — PR Spam Detection: PASS
• Test Platform: FAIL (pre-existing upstream TS errors in unrelated files)
• Worker Consistency: FAIL (pre-existing upstream issue)
• Playwright Tests: IN_PROGRESS

Note: The Test Platform and Worker Consistency failures are pre-existing in the upstream repository and are NOT caused by this fix. The upstream main branch passes all CI checks on its own commit. Lint, CodeQL, and Prisma checks pass cleanly.

Ready to merge pending maintainer review.

[tmdeveloper007]

Closing this PR. The branch is based on an older commit of upstream/main and has drifted from the current main. The upstream repository has received significant updates since this PR was opened, causing CI type-check and test failures due to merge conflicts with the base branch. Please re-open as a fresh PR against the current main if the fix is still needed.