fix(backend): Fixes typecheck issues #623
Closed
Harxhit wants to merge 46 commits into
Closed
Conversation
* feat(mobile-new): add Metro React Native app with demo mode * feat(mobile-new): refine demo app screens and theme support * refactor(mobile): move updated app into mobile folder * fix(mobile): correct monorepo package paths * docs(mobile): add Android build notes * fix(mobile): rename native app to DevCard * docs(mobile): clean up Android README
…structure and page routing (Dev-Card#474)
* docs: add SECURITY.md with vulnerability reporting policy * docs: update SECURITY.md to fix reporting channel
* feat(backend): log method and url for each request * test(backend): set env before app build, fix import order * fix(backend): resolve eslint errors in app.ts * fix(backend): generate prisma client on install
…ad of groupBy composite key (Dev-Card#449)
) (Dev-Card#385) * fix(cards): prevent concurrent default card race condition (Dev-Card#344) * fix(cards): address review feedback * fix(cards): address lint feedback * chore: remove accidental file from PR * fix: throw not found error instead of returning * fix: throw last card error instead of returning --------- Signed-off-by: SOMAPURAM UDAY <udaysomapuram@gmail.com>
Signed-off-by: Harshit <harsxit04@gmail.com>
* fix: resolve typecheck errors across the repository * fix: Lint issues in card.ts
* feat(auth): add JWT token revocation with Redis blocklist
Adds secure logout that revokes the current JWT by storing a hash of its
signature in Redis with a TTL equal to the token's remaining lifetime.
The entry self-cleans when the JWT naturally expires, keeping Redis lean.
Changes:
- utils/jwt.ts: extractRawJwt() and blocklistKey(SHA-256(sig)) utilities
- app.ts: authenticate decorator checks Redis blocklist before jwtVerify;
registers @fastify/cookie before @fastify/jwt so cookie-based
auth works for web browser clients (was silently broken before)
- routes/auth.ts: DELETE /auth/logout endpoint (requires valid JWT);
POST /auth/logout simplified to cookie-clear only (backward compat)
- logout.test.ts: 36 tests covering revocation flow, cookie auth, Redis failures,
edge cases, and end-to-end invariants
- app.test.ts: set JWT_SECRET/ENCRYPTION_KEY fallbacks so CI can call buildApp()
- package.json: add typecheck script consumed by CI workflow
- ciScript.js: fix path generation — test files in __tests__/ were being
double-suffixed (logout.test.ts -> logout.test.test.ts)
Security decisions documented inline:
- Fail-open on Redis outage (acceptable for a portfolio app; JWT expiry is backup)
- SHA-256 hash of signature as blocklist key (claims never stored in Redis)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(lint): add explicit return types
* extract OAuth helpers and improve logout logging
---------
Signed-off-by: J.ANTHARYA <antharyajalligampala@gmail.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
…#481) * refactor(auth): restructure user schema for enhanced authentication * fix: Added inline comment * fix: add role to schema Signed-off-by: Harshit <harsxit04@gmail.com> * feat(auth): implement OAuth authentication flow * fix(auth): add account linking logic and resolve lint issues * test(auth): update logout tests for access token cookies * fix: Updated test file * fix: Lint issues --------- Signed-off-by: Harshit <harsxit04@gmail.com>
…ard#506) * feat: add GitHub platform autodiscovery * fix: resolve lint and type issues in autodiscovery * fix: restore reply parameter in github autodiscovery route * fix: resolve unused reply lint issue
…#555) * feat(shared): add isSupportedPlatform helper and unit tests - Add exported isSupportedPlatform helper to platforms.ts - Add tests in __tests__/platforms.test.ts for existing and unknown platform IDs Closes Dev-Card#9 * fix(shared): address Copilot review feedback on isSupportedPlatform - Use Object.prototype.hasOwnProperty.call for safer own-property check - Remove redundant per-platform assertions covered by the loop test - Rename misleading test description to reflect casing check intent * fix(shared): add vitest types to tsconfig for IDE type resolution
* fix: improve feature card readability and contrast (Dev-Card#319) * feat(web): add smooth theme transition animation
… (Dev-Card#560) * add AuthenticatedUser type for the jwt user payload * refactor(types): declare authenticate decorator on FastifyInstance * refactor(app): type the authenticate decorator instead of any * refactor(auth): drop any cast on request.user in /me route * refactor(auth): drop remaining any cast in secure logout route
…ma where clause (Dev-Card#546) (Dev-Card#563) * refactor(backend): type authenticate decorator and jwt user payload * refactor(backend): use typed authenticate prehandler and jwt user in analytics routes * refactor(backend): type analytics where clause with prisma cardviewwhereinput
…ard#550) (Dev-Card#575) * fix: remove any usages in follow.ts, reuse Fastify/JWT types (Dev-Card#550) * fix: type jwtVerify payload with AuthenticatedUser * fix: add explicit return type and rename unused catch variable for ESLint
…#593) * feat(auth): add Zod validation for OAuth callback endpoints Validates code and state query params in /auth/github/callback and /auth/google/callback before any token exchange or DB work happens. Adds oauthCallbackSchema to validators.ts and tests covering missing/ empty code, missing/empty state, and state cookie mismatch scenarios. * fix(auth): address review feedback on OAuth callback validation - rename oauthCallbackSchema to oAuthCallbackSchema to match naming convention - add .trim() to code and state fields to reject whitespace-only values - export OAuthCallbackQuery type from auth.validation.ts and remove duplicate local interface * fix(auth): clear oauth_state cookie on validation failure and add trailing newline * fix(auth): clear oauth_state cookie on all failure paths and drop details from 400 response
…ndlers (Dev-Card#294) * fix(public): prevent owner self-views from inflating analytics when unauthenticated * fix(public): revert unintended changes, keep only isSelfView fix * fixed * fix(public): add missing return types to publicService functions --------- Signed-off-by: hariom888 <hariom880088@gmail.com> Co-authored-by: Hari Om <hariom888@users.noreply.github.com>
* feat: apply card sharing backend changes with auth fix * chore: update npm cleanup references * fix: restore oauth callback validation type * fix: restore oauth callback zod validation --------- Signed-off-by: Pushkar Kulkarni <omplayz4456@gmail.com>
…response (Dev-Card#596) Collapses the 4 boilerplate preauth blocks (GET /status, GET /github, GET /github/autodiscover, DELETE /:platform) down to preHandler: [app.authenticate], matching the pattern already used in auth.ts's /me and DELETE /logout routes. The FastifyJWT augmentation in types/fastify.d.ts already types request.user as AuthenticatedUser, so the (request.user as any).id casts are no longer needed. Also types the GitHub token-exchange response in github/callback using GitHubTokenResponse/GitHubTokenErrorResponse and isGitHubTokenError from utils/error.util.ts, reusing the same types auth.ts already defines for the equivalent login-flow exchange instead of �s any. Co-authored-by: Hari Om <hariom888@users.noreply.github.com>
|
@Harxhit is attempting to deploy a commit to the Prashantkumar Khatri's projects Team on Vercel. A member of the Team first needs to authorize it. |
github-actions
Bot
added
backend
devops
gssoc:approved
|
Hi @Harxhit, Thanks for opening this pull request. This PR has been automatically classified based on the files modified. Applied Labels
Primary Review Area
Reviewer@Harxhit has been identified as the primary reviewer for this pull request. If you have any questions regarding the affected area or implementation details, feel free to reach out to the assigned reviewer. Thank you for your contribution! |
Harxhit
removed
backend
mobile
web
devops
gssoc:approved
CI — Checks FailedBackend — FAIL
Mobile — FAIL
Web — PASS
Last updated: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
18 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes typecheck issues.
Closes #
Type of Change
Screenshots / Recordings