From 89b8c8de1dfe9a36b8aef675852821c5ca61b71b Mon Sep 17 00:00:00 2001
From: KernelDeimos <eric.alex.dube@gmail.com>
Date: Thu, 24 Apr 2025 15:22:43 -0400
Subject: [PATCH] fix: add missing null check

---
 src/backend/src/services/auth/AntiCSRFService.js | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/backend/src/services/auth/AntiCSRFService.js b/src/backend/src/services/auth/AntiCSRFService.js
index c9e60bddf..3a8089eb0 100644
--- a/src/backend/src/services/auth/AntiCSRFService.js
+++ b/src/backend/src/services/auth/AntiCSRFService.js
@@ -94,6 +94,11 @@ class AntiCSRFService extends BaseService {
             if ( ! subdomain_check ) {
                 return res.status(404).send('Hey, stop that!');
             }
+            
+            if ( ! req.user ) {
+                res.status(403).send({});
+                return;
+            }
 
             // TODO: session uuid instead of user
             const token = this.create_token(req.user.uuid);