refactor(#411): QA-011 — unify request-with-user types into AuthenticatedRequest

Replace 4 redundant request interfaces (RequestWithSession, AuthRequest, BetterAuthRequest, RequestWithUser) with AuthenticatedRequest and MaybeAuthenticatedRequest in apps/api/src/auth/types/. - AuthenticatedRequest: extends Express Request with non-optional user/session (used in controllers behind AuthGuard) - MaybeAuthenticatedRequest: extends Express Request with optional user/session (used in AuthGuard and CurrentUser decorator before auth is confirmed) - Removed dead-code null checks in getSession (AuthGuard guarantees presence) - Fixed cookies type safety in AuthGuard (cast from any to Record) - Updated test expectations to match new type contract Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-16 14:00:14 -06:00
parent df495c67b5
commit 0a2eaaa5e4
5 changed files with 44 additions and 91 deletions
--- a/apps/api/src/auth/auth.controller.ts
+++ b/apps/api/src/auth/auth.controller.ts
@@ -18,16 +18,7 @@ import { AuthService } from "./auth.service";
 import { AuthGuard } from "./guards/auth.guard";
 import { CurrentUser } from "./decorators/current-user.decorator";
 import { SkipCsrf } from "../common/decorators/skip-csrf.decorator";
-
-interface RequestWithSession {
-  user?: AuthUser;
-  session?: {
-    id: string;
-    token: string;
-    expiresAt: Date;
-    [key: string]: unknown;
-  };
-}
+import type { AuthenticatedRequest } from "./types/better-auth-request.interface";

@Controller("auth")
 export class AuthController {
@@ -41,12 +32,9 @@ export class AuthController {
   */
  @Get("session")
  @UseGuards(AuthGuard)
-  getSession(@Request() req: RequestWithSession): AuthSession {
-    if (!req.user || !req.session) {
-      // This should never happen after AuthGuard, but TypeScript needs the check
-      throw new HttpException("User session not found", HttpStatus.UNAUTHORIZED);
-    }
-
+  getSession(@Request() req: AuthenticatedRequest): AuthSession {
+    // AuthGuard guarantees user and session are present — NestJS returns 401
+    // before this method is reached if the guard rejects.
    return {
      user: req.user,
      session: {
@@ -140,12 +128,12 @@ export class AuthController {
      if (!res.headersSent) {
        throw new HttpException(
          "Unable to complete authentication. Please try again in a moment.",
-          HttpStatus.INTERNAL_SERVER_ERROR,
+          HttpStatus.INTERNAL_SERVER_ERROR
        );
      }

      this.logger.error(
-        `Headers already sent for failed auth request ${req.method} ${req.url} — client may have received partial response`,
+        `Headers already sent for failed auth request ${req.method} ${req.url} — client may have received partial response`
      );
    }
  }