mosaicstack/stack
1
0
Fork 0
Code Issues 13 Pull Requests Actions Packages Projects Releases 11 Wiki Activity

fix: auth handler + circular imports — Phase 1 verification (P1-009) #73

Merged
jason.woltje merged 1 commits from feat/p1-009-verify-phase1 into main 2026-03-13 03:02:03 +00:00
Conversation 0 Commits 1 Files Changed 11 +51 -24
jason.woltje commented 2026-03-13 03:01:43 +00:00
Owner
Copy Link

Summary

  • Refactored BetterAuth from NestJS controller to Fastify onRequest hook to avoid body parser conflicts
  • Extracted AUTH and BRAIN injection tokens to separate *.tokens.ts files to break circular imports
  • Verified all Phase 1 API endpoints: auth signup/signin/session, CRUD for projects/missions/tasks/conversations/messages

Test plan

  • Auth signup returns user + token
  • Auth signin returns session cookie
  • Session endpoint returns user data with valid cookie
  • Protected routes return 401 without auth
  • Project/Mission/Task/Conversation CRUD all functional
  • Message creation on conversation sub-route works
  • typecheck, lint, format:check all pass

Closes #18

## Summary - Refactored BetterAuth from NestJS controller to Fastify onRequest hook to avoid body parser conflicts - Extracted AUTH and BRAIN injection tokens to separate *.tokens.ts files to break circular imports - Verified all Phase 1 API endpoints: auth signup/signin/session, CRUD for projects/missions/tasks/conversations/messages ## Test plan - [x] Auth signup returns user + token - [x] Auth signin returns session cookie - [x] Session endpoint returns user data with valid cookie - [x] Protected routes return 401 without auth - [x] Project/Mission/Task/Conversation CRUD all functional - [x] Message creation on conversation sub-route works - [x] typecheck, lint, format:check all pass Closes #18
jason.woltje added 1 commit 2026-03-13 03:01:43 +00:00
fix: auth handler + circular imports — Phase 1 verification (P1-009) 366bb35956 
Refactor BetterAuth integration from NestJS controller to Fastify
onRequest hook to avoid body parser conflicts. Extract injection
tokens to separate files to break circular import cycles.

- Auth handler: use onRequest hook to intercept /api/auth/* before
  Fastify body parser runs, passing raw IncomingMessage to BetterAuth
- Extract AUTH and BRAIN injection tokens to *.tokens.ts files
- Update all controllers to import from tokens files
- Verified: signup, signin, session, CRUD for projects/missions/tasks/
  conversations/messages all functional

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
jason.woltje merged commit aa9ee75a2a into main 2026-03-13 03:02:03 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
jason.woltje
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: mosaicstack/stack#73
Delete Branch "feat/p1-009-verify-phase1"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?