fix(api,web): separate workspace context from auth session #551

Merged

jason.woltje merged 2 commits from feat/workspace-context-api into main

2026-02-28 15:14:30 +00:00

Author	SHA1	Message	Date
Jason Woltje	a829271b66	fix: override serialize-javascript to >=7.0.3 for audit compliance All checks were successful ci/woodpecker/push/orchestrator Pipeline was successful Details ci/woodpecker/push/web Pipeline was successful Details ci/woodpecker/push/api Pipeline was successful Details Newly disclosed RCE vulnerability (GHSA-5c6j-r48x-rmvq) in serialize-javascript <=7.0.2, pulled in as a transitive devDependency via @nestjs/cli > webpack > terser-webpack-plugin. pnpm override bumps it to the patched version. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-28 09:10:25 -06:00
Jason Woltje	023949f1e0	fix(api,web): separate workspace context from auth session (#534 ) Some checks failed ci/woodpecker/push/api Pipeline failed Details ci/woodpecker/push/orchestrator Pipeline failed Details ci/woodpecker/push/web Pipeline failed Details BetterAuth session responses contain only identity fields — workspace context (workspaceId, currentWorkspaceId) was never returned, causing "Workspace ID is required" on every guarded endpoint after login. Add GET /api/workspaces endpoint (AuthGuard only, no WorkspaceGuard) that returns user workspace memberships with auto-provisioning for new users. Frontend auth-context now fetches workspaces after session check and persists the default to localStorage. Race condition in auto-provisioning is guarded by re-querying inside the transaction. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-28 09:04:15 -06:00

Author

SHA1

Message

Date

Jason Woltje

a829271b66

fix: override serialize-javascript to >=7.0.3 for audit compliance

ci/woodpecker/push/orchestrator Pipeline was successful

Details

ci/woodpecker/push/web Pipeline was successful

Details

ci/woodpecker/push/api Pipeline was successful

Details

Newly disclosed RCE vulnerability (GHSA-5c6j-r48x-rmvq) in
serialize-javascript <=7.0.2, pulled in as a transitive devDependency
via @nestjs/cli > webpack > terser-webpack-plugin. pnpm override bumps
it to the patched version.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-28 09:10:25 -06:00

Jason Woltje

023949f1e0

fix(api,web): separate workspace context from auth session (#534 )

ci/woodpecker/push/api Pipeline failed

Details

ci/woodpecker/push/orchestrator Pipeline failed

Details

ci/woodpecker/push/web Pipeline failed

Details

BetterAuth session responses contain only identity fields — workspace
context (workspaceId, currentWorkspaceId) was never returned, causing
"Workspace ID is required" on every guarded endpoint after login.

Add GET /api/workspaces endpoint (AuthGuard only, no WorkspaceGuard)
that returns user workspace memberships with auto-provisioning for
new users. Frontend auth-context now fetches workspaces after session
check and persists the default to localStorage. Race condition in
auto-provisioning is guarded by re-querying inside the transaction.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-28 09:04:15 -06:00

fix(api,web): separate workspace context from auth session #551

2 Commits