mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases 2 Wiki Activity

refactor(#411): QA-011 — unify request-with-user types into AuthenticatedRequest

Browse Source 
Replace 4 redundant request interfaces (RequestWithSession, AuthRequest,
BetterAuthRequest, RequestWithUser) with AuthenticatedRequest and
MaybeAuthenticatedRequest in apps/api/src/auth/types/.

- AuthenticatedRequest: extends Express Request with non-optional user/session
  (used in controllers behind AuthGuard)
- MaybeAuthenticatedRequest: extends Express Request with optional user/session
  (used in AuthGuard and CurrentUser decorator before auth is confirmed)
- Removed dead-code null checks in getSession (AuthGuard guarantees presence)
- Fixed cookies type safety in AuthGuard (cast from any to Record)
- Updated test expectations to match new type contract

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Jason Woltje
2026-02-16 14:00:14 -06:00
parent df495c67b5
commit 0a2eaaa5e4
5 changed files with 44 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
apps/api/src/auth/guards/auth.guard.ts
View File

@@ -1,23 +1,14 @@
import { Injectable, CanActivate, ExecutionContext, UnauthorizedException } from "@nestjs/common";
import { AuthService } from "../auth.service";
import type { AuthUser } from "@mosaic/shared";
/**
* Request type with authentication context
*/
interface AuthRequest {
user?: AuthUser;
session?: Record<string, unknown>;
headers: Record<string, string | string[] | undefined>;
cookies?: Record<string, string>;
}
import type { MaybeAuthenticatedRequest } from "../types/better-auth-request.interface";
@Injectable()
export class AuthGuard implements CanActivate {
constructor(private readonly authService: AuthService) {}
async canActivate(context: ExecutionContext): Promise<boolean> {
const request = context.switchToHttp().getRequest<AuthRequest>();
const request = context.switchToHttp().getRequest<MaybeAuthenticatedRequest>();
// Try to get token from either cookie (preferred) or Authorization header
const token = this.extractToken(request);
@@ -56,7 +47,7 @@ export class AuthGuard implements CanActivate {
/**
* Extract token from cookie (preferred) or Authorization header
*/
private extractToken(request: AuthRequest): string | undefined {
private extractToken(request: MaybeAuthenticatedRequest): string | undefined {
// Try cookie first (BetterAuth default)
const cookieToken = this.extractTokenFromCookie(request);
if (cookieToken) {
@@ -70,19 +61,21 @@ export class AuthGuard implements CanActivate {
/**
* Extract token from cookie (BetterAuth stores session token in better-auth.session_token cookie)
*/
private extractTokenFromCookie(request: AuthRequest): string | undefined {
if (!request.cookies) {
private extractTokenFromCookie(request: MaybeAuthenticatedRequest): string | undefined {
// Express types `cookies` as `any`; cast to a known shape for type safety.
const cookies = request.cookies as Record<string, string> | undefined;
if (!cookies) {
return undefined;
}
// BetterAuth uses 'better-auth.session_token' as the cookie name by default
return request.cookies["better-auth.session_token"];
return cookies["better-auth.session_token"];
}
/**
* Extract token from Authorization header (Bearer token)
*/
private extractTokenFromHeader(request: AuthRequest): string | undefined {
private extractTokenFromHeader(request: MaybeAuthenticatedRequest): string | undefined {
const authHeader = request.headers.authorization;
if (typeof authHeader !== "string") {
return undefined;