fix: auth handler + circular imports — Phase 1 verification (P1-009) (#73)

Co-authored-by: Jason Woltje <jason@diversecanvas.com>
Co-committed-by: Jason Woltje <jason@diversecanvas.com>

apps/gateway/src/auth/auth.controller.ts

@@ -1,20 +1,46 @@
 import type { IncomingMessage, ServerResponse } from 'node:http';
-import { All, Controller, Inject, Req, Res } from '@nestjs/common';
-import type { FastifyReply, FastifyRequest } from 'fastify';
 import { toNodeHandler } from 'better-auth/node';
 import type { Auth } from '@mosaic/auth';
-import { AUTH } from './auth.module.js';
+import type { NestFastifyApplication } from '@nestjs/platform-fastify';
+import { AUTH } from './auth.tokens.js';
 
-@Controller('api/auth')
+export function mountAuthHandler(app: NestFastifyApplication): void {
-export class AuthController {
+  const auth = app.get<Auth>(AUTH);
-  private readonly handler: (req: IncomingMessage, res: ServerResponse) => Promise<void>;
+  const nodeHandler = toNodeHandler(auth);
 
-  constructor(@Inject(AUTH) auth: Auth) {
+  const fastify = app.getHttpAdapter().getInstance();
-    this.handler = toNodeHandler(auth);
+
+  // Use Fastify's addHook to intercept auth requests at the raw HTTP level,
+  // before Fastify's body parser runs. This avoids conflicts with NestJS's
+  // custom content-type parser.
+  fastify.addHook(
+    'onRequest',
+    (
+      req: { raw: IncomingMessage; url: string },
+      reply: { raw: ServerResponse; hijack: () => void },
+      done: () => void,
+    ) => {
+      if (!req.url.startsWith('/api/auth/')) {
+        done();
+        return;
       }
 
-  @All('*path')
+      reply.hijack();
-  async handleAuth(@Req() req: FastifyRequest, @Res() res: FastifyReply): Promise<void> {
+      nodeHandler(req.raw as IncomingMessage, reply.raw as ServerResponse)
-    await this.handler(req.raw, res.raw);
+        .then(() => {
+          if (!reply.raw.writableEnded) {
+            reply.raw.end();
           }
+        })
+        .catch((err: unknown) => {
+          if (!reply.raw.headersSent) {
+            reply.raw.writeHead(500, { 'Content-Type': 'application/json' });
+          }
+          if (!reply.raw.writableEnded) {
+            reply.raw.end(JSON.stringify({ error: 'Internal auth error' }));
+          }
+          console.error('[AUTH] Handler error:', err);
+        });
+    },
+  );
 }

apps/gateway/src/auth/auth.guard.ts

@@ -8,7 +8,7 @@ import {
 import { fromNodeHeaders } from 'better-auth/node';
 import type { Auth } from '@mosaic/auth';
 import type { FastifyRequest } from 'fastify';
-import { AUTH } from './auth.module.js';
+import { AUTH } from './auth.tokens.js';
 
 @Injectable()
 export class AuthGuard implements CanActivate {

apps/gateway/src/auth/auth.module.ts

@@ -2,9 +2,7 @@ import { Global, Module } from '@nestjs/common';
 import { createAuth, type Auth } from '@mosaic/auth';
 import type { Db } from '@mosaic/db';
 import { DB } from '../database/database.module.js';
-import { AuthController } from './auth.controller.js';
+import { AUTH } from './auth.tokens.js';
-
-export const AUTH = 'AUTH';
 
 @Global()
 @Module({
@@ -20,7 +18,6 @@ export const AUTH = 'AUTH';
       inject: [DB],
     },
   ],
-  controllers: [AuthController],
   exports: [AUTH],
 })
 export class AuthModule {}

apps/gateway/src/auth/auth.tokens.ts

@@ -0,0 +1 @@
+export const AUTH = 'AUTH';

apps/gateway/src/brain/brain.module.ts

@@ -2,8 +2,7 @@ import { Global, Module } from '@nestjs/common';
 import { createBrain, type Brain } from '@mosaic/brain';
 import type { Db } from '@mosaic/db';
 import { DB } from '../database/database.module.js';
-
+import { BRAIN } from './brain.tokens.js';
-export const BRAIN = 'BRAIN';
 
 @Global()
 @Module({

apps/gateway/src/brain/brain.tokens.ts

@@ -0,0 +1 @@
+export const BRAIN = 'BRAIN';

apps/gateway/src/conversations/conversations.controller.ts

@@ -13,7 +13,7 @@ import {
   UseGuards,
 } from '@nestjs/common';
 import type { Brain } from '@mosaic/brain';
-import { BRAIN } from '../brain/brain.module.js';
+import { BRAIN } from '../brain/brain.tokens.js';
 import { AuthGuard } from '../auth/auth.guard.js';
 import { CurrentUser } from '../auth/current-user.decorator.js';
 import type {

apps/gateway/src/main.ts

@@ -4,11 +4,14 @@ import { NestFactory } from '@nestjs/core';
 import { Logger } from '@nestjs/common';
 import { FastifyAdapter, type NestFastifyApplication } from '@nestjs/platform-fastify';
 import { AppModule } from './app.module.js';
+import { mountAuthHandler } from './auth/auth.controller.js';
 
 async function bootstrap(): Promise<void> {
   const logger = new Logger('Bootstrap');
   const app = await NestFactory.create<NestFastifyApplication>(AppModule, new FastifyAdapter());
 
+  mountAuthHandler(app);
+
   const port = process.env['GATEWAY_PORT'] ?? 4000;
   await app.listen(port as number, '0.0.0.0');
   logger.log(`Gateway listening on port ${port}`);

apps/gateway/src/missions/missions.controller.ts

@@ -13,7 +13,7 @@ import {
   UseGuards,
 } from '@nestjs/common';
 import type { Brain } from '@mosaic/brain';
-import { BRAIN } from '../brain/brain.module.js';
+import { BRAIN } from '../brain/brain.tokens.js';
 import { AuthGuard } from '../auth/auth.guard.js';
 import type { CreateMissionDto, UpdateMissionDto } from './missions.dto.js';
 

apps/gateway/src/projects/projects.controller.ts

@@ -13,7 +13,7 @@ import {
   UseGuards,
 } from '@nestjs/common';
 import type { Brain } from '@mosaic/brain';
-import { BRAIN } from '../brain/brain.module.js';
+import { BRAIN } from '../brain/brain.tokens.js';
 import { AuthGuard } from '../auth/auth.guard.js';
 import { CurrentUser } from '../auth/current-user.decorator.js';
 import type { CreateProjectDto, UpdateProjectDto } from './projects.dto.js';

apps/gateway/src/tasks/tasks.controller.ts

@@ -14,7 +14,7 @@ import {
   UseGuards,
 } from '@nestjs/common';
 import type { Brain } from '@mosaic/brain';
-import { BRAIN } from '../brain/brain.module.js';
+import { BRAIN } from '../brain/brain.tokens.js';
 import { AuthGuard } from '../auth/auth.guard.js';
 import type { CreateTaskDto, UpdateTaskDto } from './tasks.dto.js';