Skip to content

refactor(auth): replace any-cast authenticate fallback with typed appauthenticate decorator in cards, event, and nfc routes #626

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Harxhit merged 7 commits into from
Jun 23, 2026
+19 −41
Merged

refactor(auth): replace any-cast authenticate fallback with typed appauthenticate decorator in cards, event, and nfc routes #626

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
589eb3e
refactor(auth): replace any-cast authenticate fallback with typed app…
yachikadev Jun 21, 2026
4a8a170
Merge branch 'main' into fix/auth-cleanup-554
yachikadev Jun 21, 2026
6e19d22
Update cards.ts
yachikadev Jun 21, 2026
7bd6783
Update event.ts
yachikadev Jun 21, 2026
851def8
Update nfc.ts
yachikadev Jun 21, 2026
e29efc4
Update cards.ts
yachikadev Jun 22, 2026
ed9a232
Merge branch 'main' into fix/auth-cleanup-554
yachikadev Jun 23, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 7 additions & 13 deletions apps/backend/src/routes/cards.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ import { handleDbError } from '../utils/error.util.js';
import { hashIp } from '../utils/refreshToken';
import { createCardSchema ,updateCardSchema, addPlatformLinkSchema} from '../validations/card.validation';

import type { CardResponse, UpdateCardBody, UpdatedCardResponse } from '../services/cardService';
import type { CardResponse, UpdateCardBody,UpdatedCardResponse } from '../services/cardService';
import type { Card } from '@devcard/shared/src/types.js';
import type { CardVisibility } from '@prisma/client';
import type { FastifyInstance, FastifyRequest, FastifyReply } from 'fastify';
Expand Down Expand Up @@ -62,15 +62,9 @@ function hasErrorCode(
}

export async function cardRoutes(app: FastifyInstance): Promise<void> {
app.addHook('preHandler', async (request, reply) => {
const server = request.server;
if (typeof server?.authenticate === 'function') { await server.authenticate(request, reply); return }
if (typeof app.authenticate === 'function') { await app.authenticate(request, reply); return }
try { await request.jwtVerify() } catch (_e) { reply.status(401).send({ error: 'Unauthorized' }) }
});


// ─── List Cards ───
app.get('/', async (request: FastifyRequest, reply: FastifyReply): Promise<CardResponse[] | void> => {
app.get('/', {preHandler: [(req, reply) => app.authenticate(req, reply)] },async (request: FastifyRequest, reply: FastifyReply): Promise<CardResponse[] | void> => {
const userId = request.user.id;
try {
return await cardService.listCards(app, userId)
Expand All @@ -80,7 +74,7 @@ export async function cardRoutes(app: FastifyInstance): Promise<void> {
});

// ─── Creates Card ───
app.post('/', async (request: FastifyRequest<{ Body: CreateCardBody }>, reply: FastifyReply): Promise<Card | void> => {
app.post<{ Body: CreateCardBody }>('/', { preHandler: [(req, reply) => app.authenticate(req, reply)]}, async (request, reply): Promise<Card | void> => {
const userId = request.user.id;
const parsed = createCardSchema.safeParse(request.body);

Expand All @@ -99,7 +93,7 @@ export async function cardRoutes(app: FastifyInstance): Promise<void> {

// ─── Update Card ───

app.put('/:id', async (request: FastifyRequest<{ Params: CardParams; Body: UpdateCardBody }>, reply: FastifyReply): Promise<UpdatedCardResponse> => {
app.put<{ Params: CardParams; Body: UpdateCardBody }>('/:id', {preHandler: [(req, reply) => app.authenticate(req, reply)] }, async (request, reply): Promise<UpdatedCardResponse> => {
const userId = request.user.id;
const { id } = request.params;

Expand All @@ -117,7 +111,7 @@ export async function cardRoutes(app: FastifyInstance): Promise<void> {

// ─── Delete Card ───

app.delete('/:id', async (request: FastifyRequest<{ Params: CardParams }>, reply: FastifyReply): Promise<void> => {
app.delete<{ Params: CardParams }>('/:id', { preHandler: [(req, reply) => app.authenticate(req, reply)]}, async (request, reply): Promise<void> => {
const userId = request.user.id;
const { id } = request.params;

Expand All @@ -139,7 +133,7 @@ export async function cardRoutes(app: FastifyInstance): Promise<void> {
});

// ─── Set Default Card ───
app.put('/:id/default', async (request: FastifyRequest<{ Params: CardParams }>, reply: FastifyReply): Promise<object | void> => {
app.put<{ Params: CardParams }>('/:id/default', {preHandler: [(req, reply) => app.authenticate(req, reply)]}, async (request, reply): Promise<object | void> => {
const userId = request.user.id;
const { id } = request.params;

Expand Down
4 changes: 2 additions & 2 deletions apps/backend/src/routes/event.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ type EventWithAttendees = {
}[];
}

export async function eventRoutes(app:FastifyInstance): Promise<void> {
export async function eventRoutes(app:FastifyInstance): Promise<void> {
app.post<{Body: { name: string; description?: string; startDate: string; location: string; endDate: string; isPublic?: boolean; }}>('/', { preHandler: [(req, reply) => app.authenticate(req, reply)] }, async (request, reply) => {
const userId = request.user.id;
const parsed = createEventSchema.safeParse(request.body);
Expand Down Expand Up @@ -271,4 +271,4 @@ export async function eventRoutes(app:FastifyInstance): Promise<void> {

return response;
})
}
}
36 changes: 10 additions & 26 deletions apps/backend/src/routes/nfc.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
import type { FastifyInstance, FastifyRequest, FastifyReply } from 'fastify';
import { z } from 'zod';

import type { FastifyInstance} from 'fastify';

type NfcPayloadResponse = {
type: 'URI';
payload: string;
Expand All @@ -10,33 +11,16 @@ const nfcQuerySchema = z.object({
card: z.string().uuid('Invalid card ID format').optional(),
});

export async function nfcRoutes(app: FastifyInstance) {
app.addHook('preHandler', async (request, reply) => {
const server = request.server as any;
if (typeof server?.authenticate === 'function') {
await server.authenticate(request, reply);
return;
}
if (typeof (app as any).authenticate === 'function') {
await (app as any).authenticate(request, reply);
return;
}
try {
await request.jwtVerify();
} catch (e) {
reply.status(401).send({ error: 'Unauthorized' });
}
});
export async function nfcRoutes(app: FastifyInstance): Promise<void> {


// GET /api/nfc/payload — returns NDEF URI payload for user's default DevCard URL
// GET /api/nfc/payload?card=<cardId> — returns payload for a specific card
app.get(
'/payload',
async (
request: FastifyRequest<{ Querystring: { card?: string } }>,
reply: FastifyReply
) => {
const userId = (request.user as any).id;
app.get<{ Querystring: { card?: string } }>(
'/payload',
{ preHandler: [(req, reply) => app.authenticate(req, reply)] },
async (request, reply) => {
const userId = request.user.id;

// Validate query params with Zod
const parseResult = nfcQuerySchema.safeParse(request.query);
Expand Down Expand Up @@ -111,4 +95,4 @@ const payloadUrl = `${process.env.PUBLIC_APP_URL}/${safeUsername}${
return reply.send(response);
}
);
}
}