fix: auth handler + circular imports — Phase 1 verification (P1-009) (#73)

Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>
2026-03-13 03:02:02 +00:00
parent c54b69f7ce
commit aa9ee75a2a
11 changed files with 51 additions and 24 deletions
--- a/apps/gateway/src/auth/auth.controller.ts
+++ b/apps/gateway/src/auth/auth.controller.ts
@@ -1,20 +1,46 @@
 import type { IncomingMessage, ServerResponse } from 'node:http';
-import { All, Controller, Inject, Req, Res } from '@nestjs/common';
-import type { FastifyReply, FastifyRequest } from 'fastify';
 import { toNodeHandler } from 'better-auth/node';
 import type { Auth } from '@mosaic/auth';
-import { AUTH } from './auth.module.js';
+import type { NestFastifyApplication } from '@nestjs/platform-fastify';
+import { AUTH } from './auth.tokens.js';

-@Controller('api/auth')
-export class AuthController {
-  private readonly handler: (req: IncomingMessage, res: ServerResponse) => Promise<void>;
+export function mountAuthHandler(app: NestFastifyApplication): void {
+  const auth = app.get<Auth>(AUTH);
+  const nodeHandler = toNodeHandler(auth);

-  constructor(@Inject(AUTH) auth: Auth) {
-    this.handler = toNodeHandler(auth);
-  }
+  const fastify = app.getHttpAdapter().getInstance();

-  @All('*path')
-  async handleAuth(@Req() req: FastifyRequest, @Res() res: FastifyReply): Promise<void> {
-    await this.handler(req.raw, res.raw);
-  }
+  // Use Fastify's addHook to intercept auth requests at the raw HTTP level,
+  // before Fastify's body parser runs. This avoids conflicts with NestJS's
+  // custom content-type parser.
+  fastify.addHook(
+    'onRequest',
+    (
+      req: { raw: IncomingMessage; url: string },
+      reply: { raw: ServerResponse; hijack: () => void },
+      done: () => void,
+    ) => {
+      if (!req.url.startsWith('/api/auth/')) {
+        done();
+        return;
+      }
+
+      reply.hijack();
+      nodeHandler(req.raw as IncomingMessage, reply.raw as ServerResponse)
+        .then(() => {
+          if (!reply.raw.writableEnded) {
+            reply.raw.end();
+          }
+        })
+        .catch((err: unknown) => {
+          if (!reply.raw.headersSent) {
+            reply.raw.writeHead(500, { 'Content-Type': 'application/json' });
+          }
+          if (!reply.raw.writableEnded) {
+            reply.raw.end(JSON.stringify({ error: 'Internal auth error' }));
+          }
+          console.error('[AUTH] Handler error:', err);
+        });
+    },
+  );
 }