mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases 2 Wiki Activity

refactor(#411): QA-011 — unify request-with-user types into AuthenticatedRequest

Browse Source 
Replace 4 redundant request interfaces (RequestWithSession, AuthRequest,
BetterAuthRequest, RequestWithUser) with AuthenticatedRequest and
MaybeAuthenticatedRequest in apps/api/src/auth/types/.

- AuthenticatedRequest: extends Express Request with non-optional user/session
  (used in controllers behind AuthGuard)
- MaybeAuthenticatedRequest: extends Express Request with optional user/session
  (used in AuthGuard and CurrentUser decorator before auth is confirmed)
- Removed dead-code null checks in getSession (AuthGuard guarantees presence)
- Fixed cookies type safety in AuthGuard (cast from any to Record)
- Updated test expectations to match new type contract

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Jason Woltje
2026-02-16 14:00:14 -06:00
parent df495c67b5
commit 0a2eaaa5e4
5 changed files with 44 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
apps/api/src/auth/decorators/current-user.decorator.ts
View File

@@ -1,14 +1,13 @@
import type { ExecutionContext } from "@nestjs/common";
import { createParamDecorator, UnauthorizedException } from "@nestjs/common";
import type { AuthUser } from "@mosaic/shared";
interface RequestWithUser {
user?: AuthUser;
}
import type { MaybeAuthenticatedRequest } from "../types/better-auth-request.interface";
export const CurrentUser = createParamDecorator(
(_data: unknown, ctx: ExecutionContext): AuthUser => {
const request = ctx.switchToHttp().getRequest<RequestWithUser>();
// Use MaybeAuthenticatedRequest because the decorator doesn't know
// whether AuthGuard ran — the null check provides defense-in-depth.
const request = ctx.switchToHttp().getRequest<MaybeAuthenticatedRequest>();
if (!request.user) {
throw new UnauthorizedException("No authenticated user found on request");
}