mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 2 Wiki Activity
Files
25d2958fe44ec151a7ade9c5b32939a62e0ce0f4
stack/apps/api/src
History
Jason Woltje c38271da3b
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
fix(SEC-API-12): Throw error when CurrentUser decorator has no user 
The CurrentUser decorator previously returned undefined when no user was
found on the request object. This silently propagated undefined to
downstream code, risking null reference errors or authorization bypasses.

Now throws UnauthorizedException when user is missing, providing
defense-in-depth beyond the AuthGuard. All controllers using
@CurrentUser() already have AuthGuard applied, so this is a safety net.

Added comprehensive test suite for the decorator covering:
- User present on request (happy path)
- User with optional fields
- Missing user throws UnauthorizedException
- Request without user property throws UnauthorizedException
- Data parameter is ignored

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-06 13:39:13 -06:00
..
activity
fix(tests): Correct pipeline test failures (#239)
2026-02-06 11:57:47 -06:00
agent-tasks
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
auth
fix(SEC-API-12): Throw error when CurrentUser decorator has no user
2026-02-06 13:39:13 -06:00
brain
fix(SEC-API-19+20): Validate brain search length and limit params
2026-02-06 13:29:03 -06:00
bridge
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
bullmq
feat(#165): Implement BullMQ module setup
2026-02-01 21:01:25 -06:00
common
fix(#338): Log ERROR on rate limiter fallback and track degraded mode
2026-02-05 16:39:55 -06:00
completion-verification
feat(#136): build Completion Verification Engine
2026-01-31 13:44:23 -06:00
continuation-prompts
feat(#137): create Forced Continuation Prompt System
2026-01-31 13:51:46 -06:00
coordinator-integration
fix(tests): Resolve pipeline #243 test failures
2026-02-06 12:15:21 -06:00
cron
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
database
chore: Clear technical debt across API and web packages
2026-01-30 18:26:41 -06:00
domains
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
events
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
federation
fix: Resolve unhandled promise rejection in retry.spec.ts
2026-02-06 12:51:37 -06:00
filters
fix(SEC-API-24): Sanitize error messages in global exception filter
2026-02-05 19:24:07 -06:00
herald
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
ideas
fix(#196): fix race condition in job status updates
2026-02-02 12:51:17 -06:00
job-events
fix(tests): Resolve pipeline #243 test failures
2026-02-06 12:15:21 -06:00
job-steps
fix(#182): fix Prisma enum import in job-steps tests
2026-02-02 11:41:11 -06:00
knowledge
fix(SEC-API-21): Add DTO validation for semantic/hybrid search body
2026-02-06 13:35:06 -06:00
layouts
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
lib
fix(#195): Implement RLS context helpers consistently across all services
2026-02-03 22:44:54 -06:00
llm
feat(#309): Add LLM usage tracking and analytics
2026-02-04 13:41:45 -06:00
llm-usage
feat(#309): Add LLM usage tracking and analytics
2026-02-04 13:41:45 -06:00
mcp
feat(#132): port MCP (Model Context Protocol) infrastructure
2026-01-31 13:07:58 -06:00
ollama
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
personalities
feat(#130): add Personality Prisma schema and backend
2026-01-31 12:44:50 -06:00
prisma
fix(tests): Resolve pipeline #243 test failures
2026-02-06 12:15:21 -06:00
projects
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
quality-gate-config
feat(#135): implement Quality Gate Configuration System
2026-01-31 13:33:04 -06:00
quality-orchestrator
docs: Add overlap analysis for non-AI coordinator patterns
2026-01-31 14:47:59 -06:00
rejection-handler
feat(#139): build Gate Rejection Response Handler
2026-01-31 14:01:42 -06:00
runner-jobs
fix(tests): Correct pipeline test failures (#239)
2026-02-06 11:57:47 -06:00
stitcher
fix(tests): Resolve pipeline #243 test failures
2026-02-06 12:15:21 -06:00
tasks
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
telemetry
feat(#312): Implement core OpenTelemetry infrastructure
2026-02-04 12:52:20 -06:00
token-budget
fix: address code review issues and cleanup QA reports
2026-01-31 15:01:18 -06:00
users
chore: Clear technical debt across API and web packages
2026-01-30 18:26:41 -06:00
valkey
fix(CQ-API-4): Remove Redis event listeners in onModuleDestroy
2026-02-05 19:16:37 -06:00
websocket
fix(#338): Add tests verifying WebSocket timer cleanup on error
2026-02-05 18:50:19 -06:00
widgets
feat(#52): implement Active Projects & Agent Chains widget
2026-02-03 19:17:13 -06:00
workspace-settings
fix(api): Add AuthModule import to modules using AuthGuard
2026-02-01 01:48:09 -06:00
app.controller.test.ts
feat(#3): Add comprehensive tests and improve Prisma seed script
2026-01-28 16:24:25 -06:00
app.controller.ts
chore: Clear technical debt across API and web packages
2026-01-30 18:26:41 -06:00
app.module.ts
fix(#338): Bind CSRF token to user session with HMAC
2026-02-05 16:33:22 -06:00
app.service.ts
feat(#1): Set up monorepo scaffold with pnpm workspaces + TurboRepo
2026-01-28 13:31:33 -06:00
cors.spec.ts
fix(#192): fix CORS configuration for cookie-based authentication
2026-02-02 12:13:17 -06:00
main.ts
fix: Complete CSRF protection implementation
2026-02-04 07:12:42 -06:00