groombook/api
13
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity
253 Commits 136 Branches 0 Tags
14d7889ec00ffca5e4baeb93a70ee8b562cbdaba
Commit Graph

5 Commits

Author SHA1 Message Date
Flea Flicker 14d7889ec0 fix(portal): drop writable photoKey from PATCH /portal/pets — S3 key-hijack (GRO-2187/GRO-2198) (#172)
CI / Test (push) Successful in 24s
Details
CI / Lint & Typecheck (push) Successful in 26s
Details
CI / Build & Push Docker Images (push) Successful in 29s
Details
CI / Lint & Typecheck (pull_request) Successful in 24s
Details
CI / Test (pull_request) Successful in 30s
Details
CI / Build & Push Docker Images (pull_request) Successful in 44s
Details
2026-06-08 12:39:02 +00:00
Flea Flicker 6be78cae35 fix(portal): implement PATCH /portal/pets/:petId + enrich GET (GRO-2187) (#165)
CI / Test (push) Failing after 3s
Details
CI / Lint & Typecheck (push) Successful in 16s
Details
CI / Build & Push Docker Images (push) Has been skipped
Details
CI / Test (pull_request) Successful in 12s
Details
CI / Lint & Typecheck (pull_request) Successful in 15s
Details
CI / Build & Push Docker Images (pull_request) Successful in 41s
Details
2026-06-08 08:18:13 +00:00
Flea Flicker 2e0d63f7f6 fix(gro-1866): address QA review failures — portalSession null-guard,
CI / Test (push) Successful in 32s
Details
CI / Lint & Typecheck (push) Successful in 34s
Details
CI / Build & Push Docker Images (push) Successful in 2m34s
Details 
email null-dereference guard, externalize DEMO_STAFF_ID

1. portal.ts:138 — add null guard for portalSession before accessing .id
   (TS18048: 'portalSession' is possibly 'undefined')
2. rbac.ts:130 — guard jwt.email before split() to prevent runtime throw
3. portal.ts:39,105 — externalize DEMO_STAFF_ID as env var
   (process.env.DEMO_STAFF_ID ?? "00000000-...")

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-28 19:50:14 +00:00
Flea Flicker 7e329ff72f fix(gro-1866): add session-from-auth portal endpoint and role scope 
Adds POST /api/portal/session-from-auth which bridges a valid Better Auth
customer session (from SSO login) to a portal impersonation session, so
real SSO customers can access the client portal.

The endpoint is registered before the validatePortalSession catch-all so it
is not subject to that middleware. It validates the Better Auth session
from request cookies, looks up the client by email, creates an active
impersonation session, and returns { sessionId, clientId, clientName }.

Also adds "role" to the genericOAuth scopes so Authentik propagates the
role claim into Better Auth user objects (GRO-1862 root cause fix).

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-05-28 15:00:15 +00:00
Chris Farhood abac9dfe6c Extract groombook/api from monorepo with CI workflow 
- Add source code from apps/api
- Add packages/db and packages/types workspace dependencies
- Add GitHub Actions CI workflow (lint, typecheck, test, docker)
- Generate pnpm-lock.yaml
- Add .gitignore

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-05-11 01:26:56 +00:00