cartsnitch/app

Fork 1

Commit Graph

Author	SHA1	Message	Date
Coupon Carl	cfda1b544d	feat: migrate authentication to Better-Auth (Phase 1) Replace hand-rolled JWT auth with Better-Auth session-based authentication. - Scaffold auth/ Node.js service with Better-Auth, bcrypt password compat, Postgres adapter mapped to existing users table - Add Alembic migration (002) creating sessions, accounts, verifications tables and migrating password hashes to accounts table - Update FastAPI auth dependency to validate sessions via shared DB (supports both cookie and Bearer token) - Remove registration/login/refresh endpoints from API gateway (now handled by Better-Auth service) - Update frontend to use better-auth/react client with httpOnly cookies (no tokens in localStorage or memory) - Rewrite auth store, Login, Register, Dashboard, Settings, ProtectedRoute to use session-based auth - Update all tests to create sessions directly in DB instead of JWT tokens Resolves CAR-27 See plan: CAR-26#document-plan Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-03-28 04:46:10 +00:00
Frankie	034f12d0aa	fix: address critical and major PR review issues - Lazy-load Recharts via SparklineChart component with React.lazy + Suspense - Gate mock auth fallback behind VITE_MOCK_AUTH env var in Login and Register - Add ProtectedRoute component to guard authenticated routes - Fix touch target size on New Alert button (min-h-10 -> min-h-12) - Replace invalid safe-area-pb class with pb-[env(safe-area-inset-bottom)] - Fix theme toggle button touch targets (min-h-10 -> min-h-12) Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-03-17 16:36:12 +00:00

Author

SHA1

Message

Date

Coupon Carl

cfda1b544d

feat: migrate authentication to Better-Auth (Phase 1)

Replace hand-rolled JWT auth with Better-Auth session-based authentication.

- Scaffold auth/ Node.js service with Better-Auth, bcrypt password compat,
  Postgres adapter mapped to existing users table
- Add Alembic migration (002) creating sessions, accounts, verifications
  tables and migrating password hashes to accounts table
- Update FastAPI auth dependency to validate sessions via shared DB
  (supports both cookie and Bearer token)
- Remove registration/login/refresh endpoints from API gateway (now
  handled by Better-Auth service)
- Update frontend to use better-auth/react client with httpOnly cookies
  (no tokens in localStorage or memory)
- Rewrite auth store, Login, Register, Dashboard, Settings, ProtectedRoute
  to use session-based auth
- Update all tests to create sessions directly in DB instead of JWT tokens

Resolves CAR-27
See plan: CAR-26#document-plan

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-03-28 04:46:10 +00:00

Frankie

034f12d0aa

fix: address critical and major PR review issues

- Lazy-load Recharts via SparklineChart component with React.lazy + Suspense
- Gate mock auth fallback behind VITE_MOCK_AUTH env var in Login and Register
- Add ProtectedRoute component to guard authenticated routes
- Fix touch target size on New Alert button (min-h-10 -> min-h-12)
- Replace invalid safe-area-pb class with pb-[env(safe-area-inset-bottom)]
- Fix theme toggle button touch targets (min-h-10 -> min-h-12)

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-03-17 16:36:12 +00:00

2 Commits