Skip to content

refactor(auth): replace any-cast authenticate fallback with typed pre… #608

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
yachikadev wants to merge 2 commits into from
Closed

refactor(auth): replace any-cast authenticate fallback with typed pre… #608

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
6155007
refactor(auth): replace any-cast authenticate fallback with typed pre…
yachikadev Jun 19, 2026
052ec89
Merge branch 'main' into fix/auth-fallback-cleanup
yachikadev Jun 19, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 5 additions & 12 deletions apps/backend/src/routes/cards.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,16 +49,9 @@
}

export async function cardRoutes(app: FastifyInstance): Promise<void> {
app.addHook('preHandler', async (request, reply) => {
const server = request.server as any;
if (typeof server?.authenticate === 'function') { await server.authenticate(request, reply); return }
if (typeof (app as any).authenticate === 'function') { await (app as any).authenticate(request, reply); return }
try { await request.jwtVerify() } catch (_e) { reply.status(401).send({ error: 'Unauthorized' }) }
});

// ─── List Cards ───

app.get('/', async (request: FastifyRequest, reply: FastifyReply): Promise<CardResponse[] | void> => {
app.get('/',{preHandler: [(req, reply) => app.authenticate(req, reply)] }, async (request: FastifyRequest, reply: FastifyReply): Promise<CardResponse[] | void> => {
const userId = (request.user as { id: string }).id;
try {
return await cardService.listCards(app, userId)
Expand All @@ -69,7 +62,7 @@

// ─── Create Card ───

app.post('/', async (request: FastifyRequest<{ Body: CreateCardBody }>, reply: FastifyReply): Promise<Card | void> => {
app.post<{ Body: CreateCardBody }>('/', { preHandler: [(req, reply) => app.authenticate(req, reply)]}, async (request, reply): Promise<Card | void> => {

Check warning on line 65 in apps/backend/src/routes/cards.ts

View workflow job for this annotation

GitHub Actions / backend-ci 

'Card' is an 'error' type that acts as 'any' and overrides all other types in this union type
const userId = (request.user as { id: string }).id;
const parsed = createCardSchema.safeParse(request.body);

Expand All @@ -88,7 +81,7 @@

// ─── Update Card ───

app.put('/:id', async (request: FastifyRequest<{ Params: CardParams; Body: UpdateCardBody }>, reply: FastifyReply): Promise<CardResponse> => {
app.put<{ Params: CardParams; Body: UpdateCardBody }>('/:id', {preHandler: [(req, reply) => app.authenticate(req, reply)] }, async (request, reply): Promise<CardResponse> => {
const userId = (request.user as { id: string }).id;
const { id } = request.params;

Expand All @@ -106,7 +99,7 @@

// ─── Delete Card ───

app.delete('/:id', async (request: FastifyRequest<{ Params: CardParams }>, reply: FastifyReply): Promise<void> => {
app.delete<{ Params: CardParams }>('/:id', { preHandler: [(req, reply) => app.authenticate(req, reply)]}, async (request, reply): Promise<void> => {
const userId = (request.user as { id: string }).id;
const { id } = request.params;

Expand All @@ -129,7 +122,7 @@

// ─── Set Default Card ───

app.put('/:id/default', async (request: FastifyRequest<{ Params: CardParams }>, reply: FastifyReply): Promise<object | void> => {
app.put<{ Params: CardParams }>('/:id/default', {preHandler: [(req, reply) => app.authenticate(req, reply)]}, async (request, reply): Promise<object | void> => {
const userId = (request.user as { id: string }).id;
const { id } = request.params;

Expand Down
36 changes: 4 additions & 32 deletions apps/backend/src/routes/connect.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,14 +29,7 @@ interface ParsedOAuthState {
export async function connectRoutes(app: FastifyInstance): Promise<void> {
// ─── Status ───

app.get('/status', {
preHandler: [async (request, reply) => {
const server = request.server as any;
if (typeof server?.authenticate === 'function') { await server.authenticate(request, reply); return }
if (typeof (app as any).authenticate === 'function') { await (app as any).authenticate(request, reply); return }
try { await request.jwtVerify() } catch { reply.status(401).send({ error: 'Unauthorized' }) }
}],
}, async (request: FastifyRequest, _reply: FastifyReply) => {
app.get('/status',{preHandler: [(req, reply) => app.authenticate(req, reply)]}, async (request: FastifyRequest, _reply: FastifyReply) => {
const userId = (request.user as any).id;

const tokens = await app.prisma.oAuthToken.findMany({
Expand All @@ -49,14 +42,7 @@ export async function connectRoutes(app: FastifyInstance): Promise<void> {

// ─── GitHub Connect ───

app.get('/github', {
preHandler: [async (request, reply) => {
const server = request.server as any;
if (typeof server?.authenticate === 'function') { await server.authenticate(request, reply); return }
if (typeof (app as any).authenticate === 'function') { await (app as any).authenticate(request, reply); return }
try { await request.jwtVerify() } catch { reply.status(401).send({ error: 'Unauthorized' }) }
}],
}, async (request: FastifyRequest, reply: FastifyReply) => {
app.get('/github',{preHandler: [(req, reply) => app.authenticate(req, reply)]}, async (request: FastifyRequest, reply: FastifyReply) => {
const userId = (request.user as any).id;
const nonce = generateState();

Expand Down Expand Up @@ -173,14 +159,7 @@ export async function connectRoutes(app: FastifyInstance): Promise<void> {
}
});

app.get('/github/autodiscover', {
preHandler: [async (request, reply) => {
const server = request.server as any;
if (typeof server?.authenticate === 'function') { await server.authenticate(request, reply); return }
if (typeof (app as any).authenticate === 'function') { await (app as any).authenticate(request, reply); return }
try { await request.jwtVerify() } catch { reply.status(401).send({ error: 'Unauthorized' }) }
}],
}, async (request: FastifyRequest, reply: FastifyReply) => {
app.get('/github/autodiscover',{preHandler: [(req, reply) => app.authenticate(req, reply)]}, async (request: FastifyRequest, reply: FastifyReply) => {
const userId = (request.user as any).id;
const cacheKey = `github:autodiscover:${userId}`;

Expand Down Expand Up @@ -262,14 +241,7 @@ export async function connectRoutes(app: FastifyInstance): Promise<void> {

// ─── Disconnect ───

app.delete('/:platform', {
preHandler: [async (request, reply) => {
const server = request.server as any;
if (typeof server?.authenticate === 'function') { await server.authenticate(request, reply); return }
if (typeof (app as any).authenticate === 'function') { await (app as any).authenticate(request, reply); return }
try { await request.jwtVerify() } catch { reply.status(401).send({ error: 'Unauthorized' }) }
}],
}, async (request: FastifyRequest<{ Params: { platform: string } }>, reply: FastifyReply) => {
app.delete<{ Params: { platform: string } }>('/:platform', {preHandler: [(req, reply) => app.authenticate(req, reply)]}, async (request, reply) => {
const userId = (request.user as any).id;
const { platform } = request.params;

Expand Down
40 changes: 13 additions & 27 deletions apps/backend/src/routes/event.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,7 @@
import type { FastifyInstance, FastifyRequest, FastifyReply } from 'fastify';
import { createEventSchema, joinEventSchema} from '../validations/event.validation.js';

import {generateUniqueSlug} from '../utils/slug.js'
import {generateUniqueSlug} from '../utils/slug'
import { createEventSchema} from '../validations/event.validation';

import type { FastifyInstance, FastifyRequest, FastifyReply } from 'fastify';

type EventDetails = {
id: string;
Expand Down Expand Up @@ -57,21 +56,8 @@ type EventWithAttendees = {
}[];
}

export async function eventRoutes(app:FastifyInstance) {
app.post('/', { preHandler: [async (request, reply) => {
const server = request.server as any;
if (typeof server?.authenticate === 'function') { await server.authenticate(request, reply); return }
if (typeof (app as any).authenticate === 'function') { await (app as any).authenticate(request, reply); return }
try { await request.jwtVerify() } catch (e) { reply.status(401).send({ error: 'Unauthorized' }) }
}] }, async (request: FastifyRequest<{
Body: {
name: string,
description?: string,
startDate: string,
location: string,
endDate: string,
isPublic?: boolean
}}>, reply: FastifyReply) => {
export async function eventRoutes(app:FastifyInstance): Promise<void> {
app.post<{Body: { name: string; description?: string; startDate: string; location: string; endDate: string; isPublic?: boolean; }; }>('/', {preHandler: [(req, reply) => app.authenticate(req, reply)]}, async (request, reply) => {
const userId = (request.user as any).id;
const parsed = createEventSchema.safeParse(request.body);
if(!parsed.success){
Expand All @@ -80,8 +66,8 @@ export async function eventRoutes(app:FastifyInstance) {

const {name, description, startDate, endDate, isPublic ,location} = parsed.data

let finalSlug = await generateUniqueSlug(name, async(slug) => {
const existing = await app.prisma.event.findUnique({where: {slug : slug}})
const finalSlug = await generateUniqueSlug(name, async(slug) => {
const existing = await app.prisma.event.findUnique({where: {slug}})

return !!existing
})
Expand All @@ -95,7 +81,7 @@ export async function eventRoutes(app:FastifyInstance) {
name,
description,
slug: finalSlug,
location: location,
location,
startDate: startDateObj,
endDate: endDateObj,
isPublic: isPublic ?? true,
Expand All @@ -104,7 +90,7 @@ export async function eventRoutes(app:FastifyInstance) {
})

return reply.status(201).send(newEvent);
} catch (error) {
} catch (_error) {
app.log.error('Failed to create event');
return reply.status(500).send({error: 'Failed to create event'})
}
Expand Down Expand Up @@ -153,7 +139,7 @@ export async function eventRoutes(app:FastifyInstance) {
return response;
})

app.post('/:slug/join', { preHandler: [async (request, reply) => { const server = request.server as any; if (typeof server?.authenticate === 'function') { await server.authenticate(request, reply); return } if (typeof (app as any).authenticate === 'function') { await (app as any).authenticate(request, reply); return } try { await request.jwtVerify() } catch (e) { reply.status(401).send({ error: 'Unauthorized' }) } }] }, async(request: FastifyRequest<{Params: {slug: string}}>, reply: FastifyReply) => {
app.post<{ Params: { slug: string } }>('/:slug/join', {preHandler: [(req, reply) => app.authenticate(req, reply)]}, async(request, reply) => {
const userId = (request.user as any).id;
const paramsSlug = request.params.slug;

Expand All @@ -171,7 +157,7 @@ export async function eventRoutes(app:FastifyInstance) {
await app.prisma.eventAttendee.create({
data: {
eventId: event.id,
userId: userId,
userId,
joinedAt: new Date()
}
})
Expand All @@ -187,7 +173,7 @@ export async function eventRoutes(app:FastifyInstance) {

})

app.delete('/:slug/leave', { preHandler: [async (request, reply) => { const server = request.server as any; if (typeof server?.authenticate === 'function') { await server.authenticate(request, reply); return } if (typeof (app as any).authenticate === 'function') { await (app as any).authenticate(request, reply); return } try { await request.jwtVerify() } catch (e) { reply.status(401).send({ error: 'Unauthorized' }) } }] }, async(request: FastifyRequest<{Params: {slug: string}}>, reply: FastifyReply) => {
app.delete<{Params: {slug: string}}>('/:slug/leave',{preHandler: [(req, reply) => app.authenticate(req, reply)]}, async(request, reply) => {
const userId = (request.user as any).id;
const paramsSlug = request.params.slug;

Expand All @@ -205,7 +191,7 @@ export async function eventRoutes(app:FastifyInstance) {
await app.prisma.eventAttendee.delete({
where: {
userId_eventId: {
userId: userId,
userId,
eventId: event.id
}
}
Expand Down
32 changes: 6 additions & 26 deletions apps/backend/src/routes/nfc.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
import type { FastifyInstance, FastifyRequest, FastifyReply } from 'fastify';
import { z } from 'zod';

import type { FastifyInstance } from 'fastify';

type NfcPayloadResponse = {
type: 'URI';
payload: string;
Expand All @@ -10,33 +11,12 @@ const nfcQuerySchema = z.object({
card: z.string().uuid('Invalid card ID format').optional(),
});

export async function nfcRoutes(app: FastifyInstance) {
app.addHook('preHandler', async (request, reply) => {
const server = request.server as any;
if (typeof server?.authenticate === 'function') {
await server.authenticate(request, reply);
return;
}
if (typeof (app as any).authenticate === 'function') {
await (app as any).authenticate(request, reply);
return;
}
try {
await request.jwtVerify();
} catch (e) {
reply.status(401).send({ error: 'Unauthorized' });
}
});

export async function nfcRoutes(app: FastifyInstance) : Promise<void> {
// GET /api/nfc/payload — returns NDEF URI payload for user's default DevCard URL
// GET /api/nfc/payload?card=<cardId> — returns payload for a specific card
app.get(
'/payload',
async (
request: FastifyRequest<{ Querystring: { card?: string } }>,
reply: FastifyReply
) => {
const userId = (request.user as any).id;
app.get<{ Querystring: { card?: string } }>(
'/payload',{preHandler: [(req, reply) => app.authenticate(req, reply)]},
async (request,reply ) => { const userId = (request.user as any).id;

// Validate query params with Zod
const parseResult = nfcQuerySchema.safeParse(request.query);
Expand Down
Loading