Index: app/lib/actions.ts
===================================================================
--- app/lib/actions.ts	(revision 1e532d034941986f20aff584766d61d3b60070ab)
+++ app/lib/actions.ts	(revision f3370b14dc3bf9da4e4c7f5936861973fad08013)
@@ -8,4 +8,5 @@
 import { AuthError } from 'next-auth';
 import { redirect } from 'next/navigation';
+import { requireAuth } from '@/app/lib/auth-utils';
 
 const sql = postgres(process.env.POSTGRES_URL!, { ssl: 'require' });
@@ -106,4 +107,7 @@
 
 export async function createInvoice(prevState: State, formData: FormData) {
+    const session = await requireAuth();
+    const userId = session.user?.id; // userId is now trusted & typed
+
     const validatedFields = CreateInvoice.safeParse({
         customerId: formData.get('customerId'),
Index: app/lib/auth-utils.ts
===================================================================
--- app/lib/auth-utils.ts	(revision f3370b14dc3bf9da4e4c7f5936861973fad08013)
+++ app/lib/auth-utils.ts	(revision f3370b14dc3bf9da4e4c7f5936861973fad08013)
@@ -0,0 +1,12 @@
+import { auth } from '@/auth';
+import { redirect } from 'next/navigation';
+
+export async function requireAuth() {
+    const session = await auth();
+
+    if (!session?.user) {
+        redirect('/login');
+    }
+
+    return session;
+}