fix(auth,common,mailer): schema cleanup and structural fixes#3
Open
KailasMahavarkar wants to merge 6 commits intomainfrom
Open
fix(auth,common,mailer): schema cleanup and structural fixes#3KailasMahavarkar wants to merge 6 commits intomainfrom
KailasMahavarkar wants to merge 6 commits intomainfrom
Conversation
- Add session methods to AuthRepository interface - Create session on login/signup/googleAuth - Revoke session on logout and logoutAll - Update session refreshTokenHash on token rotation - Embed session_id in JWT access tokens Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Use createSessionWithToken batch in createAuthResult (atomic) - Add rotateSessionToken batch method for atomic token rotation + session update - Add revokeTokenAndSession for atomic logout - Add test: session_id claim in JWT - Add test: googleAuth creates session - Fix vitest config to resolve @orkait/crypto subpath exports from source Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…verifyEmail - Catch duplicate email error in signup and return correct error message - Remove unsafe in-memory fallback in updateUserAndReload - Set lastLoginAt on signup (was null, now set to creation time) - Return distinct error for already-used vs expired verification tokens Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…mantics - Add `degraded?: boolean` to RateLimitResult; failOpen now returns `remaining: 0` and `degraded: true` so callers can distinguish Redis-down fail-open from a genuinely uncapped limit - Add comment in failOpen explaining why peek uses `count < limit` (pre-INCR) and check uses `count <= limit` (post-INCR) - both semantics are correct and consistent - Add 6 new tests: degraded flag on check/peek, remaining=0 in degraded mode, peek/check boundary agreement at limit-1 and at limit Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Remove stale legacy row types from auth/src/db/row-types.ts - Align common Session type with actual DB schema - Guard EmailService.removeProvider against removing last provider - Inject Clock into SessionRepository and AuthRepository Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
packages/auth/src/db/row-types.ts(ApiKeyRow,SubscriptionRow,TierRow,ProductRow,UsageRow,WebhookConfigRow,WebhookDeliveryRow,SubscriptionWithTierRow,ApiKeyWithSubscriptionRow) - these reflected an old schema and are now owned by their respective packagespackages/common/src/types.tsSessioninterface with the authoritative definition inpackages/auth/src/repositories/types.ts- removes phantomlastAccessedAtfield and adds the actual DB fields (refreshTokenHash,deviceInfo,ipAddress,updatedAt,revokedAt,tenantId: string | null)EmailService.removeProvideragainst leaving zero providers - throwsError('Cannot remove the last email provider')before applying the filterClockintoSessionRepository(second constructor param, defaults tosystemClock) - replaces 3Date.now()calls inrevoke,revokeByUser,revokeByUserAndServiceClockintoAuthRepository(optional second constructor param) - passes it through toSessionRepositoryand replacesDate.now()inrevokeTokenAndSessionandcreateTenantWithOwnerTest plan
bun vitest runinpackages/auth- 26 tests pass (4 test files)Sessionfrom@orkait/common- change is safeClockinjection is backward-compatible (optional param, defaults tosystemClock)🤖 Generated with Claude Code