Fix: Add missing await keyword in authentication dependency and make …

[OmShukla-07]

📝 Description

This PR fixes a critical authentication bug where the await keyword was missing from the Supabase async authentication call. When logged-in users attempted to access protected integration endpoints, the backend would crash with AttributeError: 'coroutine' object has no attribute 'user'.

The bug was introduced in commit cedaad3 (October 16, 2025) by CodeRabbit during an automated refactoring pass, where the await keyword was incorrectly removed.

🔧 Changes Made

• Fixed authentication dependency (backend/app/core/dependencies.py line 50): Added missing await keyword to supabase.auth.get_user(token) call
• Made Weaviate connection non-blocking (backend/main.py lines 68-72): Changed error handling from raise to warning to prevent backend crashes when Weaviate times out during startup

📷 Screenshots or Visual Changes (if applicable)

N/A - Backend bug fix with no visual changes

✅ Checklist

• I have read the contributing guidelines.
• I have tested that the backend starts successfully without crashes
• I have verified no syntax errors in the modified code
• The fix restores the original correct implementation that existed before CodeRabbit's automated changes

Summary by CodeRabbit

Release Notes

• Bug Fixes
  • Enhanced authentication token verification reliability.
  • Application now gracefully handles backend service unavailability during startup, preventing startup failures and enabling continued operation with degraded features.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Two bug fixes addressing async and error handling: token verification in dependencies now properly awaits the Supabase async call, and Weaviate connection failures during startup now log warnings and continue instead of fatally aborting, enabling degraded operation.

Changes

Cohort / File(s)	Summary
Async token verification backend/app/core/dependencies.py	Added await to supabase.auth.get_user(token) to properly handle asynchronous call
Weaviate startup resilience backend/main.py	Changed Weaviate connection test exception from fatal error (re-raise) to non-fatal warning (continue), allowing graceful degradation

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• The missing await is a straightforward async bug fix
• The Weaviate error handling change requires consideration of downstream implications—verify that systems relying on Weaviate gracefully handle its absence during startup

Possibly related issues

• BUG: Missing await keyword in authentication dependency causes crash for logged-in users #177: Directly addresses both bugs fixed in this PR—adding missing await in token verification and making Weaviate startup exception non-fatal.

Poem

🐰 A rabbit hops through async dreams,
Where await and connections gleam,
Weaviate stumbles? Onward we go,
Graceful degradation's glow,
Two bugs fixed, resilience reigns supreme! ✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main fix (adding missing await keyword in authentication dependency) but is truncated with ellipsis, making it incomplete and partially obscuring the secondary change to Weaviate error handling.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8eeacad and 7d465ba.

📒 Files selected for processing (2)

• backend/app/core/dependencies.py (1 hunks)
• backend/main.py (1 hunks)

🔇 Additional comments (2)

backend/app/core/dependencies.py (1)

50-50: Critical fix: Async call now properly awaited.

This correctly restores the await keyword for the asynchronous Supabase authentication call. Without it, user_response would be a coroutine object rather than the actual user response, causing AttributeError: 'coroutine' object has no attribute 'user' on line 52.

backend/main.py (1)

68-73: No action required — self.weaviate_client is never used in the codebase.

The review comment assumes self.weaviate_client needs None handling, but it is initialized to None at line 34 and never accessed anywhere. All Weaviate operations use the get_weaviate_client() context manager (which wraps a global _client variable), not self.weaviate_client. This context manager already includes error handling: exceptions during connect() are caught, logged, and re-raised, while all call sites in operations.py, health.py, and other files wrap the context manager in try/except blocks. The existing error handling is adequate.

Likely an incorrect or invalid review comment.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[smokeyScraper]

Thanks a lot for the await bug. Just revert the change in main.py and rest is good to go.

[smokeyScraper]

I don't think we should let the backend start without all the services running before using the bot.

[OmShukla-07]

done as requested sir

[Copilot]

Pull request overview

This PR addresses a critical authentication bug and improves service reliability by adding graceful degradation for the Weaviate service.

Key changes:

• Fixed missing await keyword on async Supabase authentication call that was causing backend crashes
• Modified Weaviate connection failure handling to allow backend startup even when Weaviate is unavailable

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File	Description
backend/app/core/dependencies.py	Added missing await keyword to supabase.auth.get_user() async call, fixing AttributeError crashes when authenticated users accessed protected endpoints
backend/main.py	Changed Weaviate connection test from failing fast (raise) to graceful degradation (warning), allowing the backend to start successfully even when Weaviate service is unavailable

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The change to allow startup without Weaviate is good for availability, but creates an inconsistency with the health check endpoints. Currently, if Weaviate fails to connect during startup, the backend continues running (as intended), but the /health endpoint will return 503 (unhealthy) whenever called because it doesn't handle the case where Weaviate is unavailable.

Consider updating the health check endpoints to gracefully handle Weaviate being unavailable, similar to how the startup now handles it. The /health endpoint could return 200 with weaviate: "unavailable" instead of raising a 503 exception. This would be more consistent with the graceful degradation approach.