mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

fix(auth): generate UUID ids for BetterAuth Prisma writes #427

Merged
jason.woltje merged 2 commits from fix/authentik-betterauth-interop into develop 2026-02-19 01:07:33 +00:00
Conversation 2 Commits 2 Files Changed 6 +76 -73
jason.woltje commented 2026-02-19 00:50:17 +00:00
Owner
Copy Link

Root cause:
BetterAuth was generating opaque string IDs for DB creates, but auth tables (sessions/accounts/verifications) use UUID primary keys. This caused Prisma P2023 errors during OAuth state persistence in verifications.

Changes:

  • configure BetterAuth advanced.database.generateId = uuid
  • add regression test in auth.config.spec.ts
  • guard TelemetryInterceptor header write when response is already committed to avoid ERR_HTTP_HEADERS_SENT warning noise
  • add interceptor test coverage for committed responses

Verification:

  • pnpm --filter @mosaic/api exec vitest run src/auth/auth.config.spec.ts src/auth/auth.controller.spec.ts src/telemetry/telemetry.interceptor.spec.ts
  • pnpm --filter @mosaic/api typecheck
  • pnpm --filter @mosaic/api lint
Root cause: BetterAuth was generating opaque string IDs for DB creates, but auth tables (sessions/accounts/verifications) use UUID primary keys. This caused Prisma P2023 errors during OAuth state persistence in verifications. Changes: - configure BetterAuth advanced.database.generateId = uuid - add regression test in auth.config.spec.ts - guard TelemetryInterceptor header write when response is already committed to avoid ERR_HTTP_HEADERS_SENT warning noise - add interceptor test coverage for committed responses Verification: - pnpm --filter @mosaic/api exec vitest run src/auth/auth.config.spec.ts src/auth/auth.controller.spec.ts src/telemetry/telemetry.interceptor.spec.ts - pnpm --filter @mosaic/api typecheck - pnpm --filter @mosaic/api lint
jason.woltje added 1 commit 2026-02-19 00:50:18 +00:00
fix(auth): use UUID id generation for BetterAuth DB models
Some checks failed
ci/woodpecker/push/api Pipeline failed
Details
f219dd71a0
jason.woltje added 1 commit 2026-02-19 00:53:34 +00:00
chore(deps): override minimatch to 10.2.1 for audit fix
All checks were successful
ci/woodpecker/push/orchestrator Pipeline was successful
Details
ci/woodpecker/push/api Pipeline was successful
Details
ci/woodpecker/push/web Pipeline was successful
Details
aeac188d40
jason.woltje commented 2026-02-19 00:53:42 +00:00
Author
Owner
Copy Link

Audit update after dependency remediation:

  • Added pnpm override: minimatch >=10.2.1
  • Regenerated lockfile
  • Verified: pnpm audit --audit-level=high now exits cleanly (0 high / 0 critical)
  • Remaining: 2 moderate vulnerabilities (ajv) in transitive trees:

These are upstream dependency chains; no direct runtime code changes in this patch.

Audit update after dependency remediation: - Added pnpm override: minimatch >=10.2.1 - Regenerated lockfile - Verified: pnpm audit --audit-level=high now exits cleanly (0 high / 0 critical) - Remaining: 2 moderate vulnerabilities (ajv) in transitive trees: - eslint -> ajv@6.12.6 - @nestjs/cli -> @angular-devkit/core -> ajv@8.17.1 These are upstream dependency chains; no direct runtime code changes in this patch.
jason.woltje merged commit bd3625ae1b into develop 2026-02-19 01:07:33 +00:00
jason.woltje deleted branch fix/authentik-betterauth-interop 2026-02-19 01:07:33 +00:00
jason.woltje commented 2026-02-19 01:31:58 +00:00
Author
Owner
Copy Link

Web test fix: added a localStorage shim in web vitest setup so ThemeProvider tests have a full Storage API.\n\nVerification:\n- pnpm --filter @mosaic/web test (passes locally)

Web test fix: added a localStorage shim in web vitest setup so ThemeProvider tests have a full Storage API.\n\nVerification:\n- pnpm --filter @mosaic/web test (passes locally)
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
ai
AI/LLM integration
 api
Backend/API work
 api
auth
Authentication
 database
database
Database/schema work
 devops
Docker/deployment
 docs
Documentation
 frontend
graph
knowledge-module
migration
Data migration
 orchestrator
Orchestrator service (apps/orchestrator/)
 p0
Critical priority
 p1
High priority
 p2
Medium priority
 p3
Low priority
 performance
Performance work
 phase-1
phase-2
phase-3
phase-4
phase-5
plugin
MoltBot plugin work
 search
security
Security-related
 setup
Initial setup
 testing
Testing/QA
 web
Frontend work
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
jason.woltje
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: mosaic/stack#427
Delete Branch "fix/authentik-betterauth-interop"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?