groombook/api
13
0
Fork 0
Code Issues 2 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Promote dev → uat: GRO-2359 clients-from-auth endpoint #213

Merged
Flea Flicker merged 1 commits from promote/GRO-2359-dev-to-uat into uat 2026-06-11 16:44:52 +00:00
Conversation 1 Commits 1 Files Changed 2
+309
Flea Flicker commented 2026-06-11 16:36:05 +00:00
Member
Copy Link
Copy Source

Phase 2 — dev → uat: GRO-2359 clients-from-auth endpoint

Promotion branch: promote/GRO-2359-dev-to-uat cut from origin/uat (frozen GRO-2342 promotion) with the dev squash cdeebec cherry-picked on top. Net diff is exactly the GRO-2359 endpoint addition — no UAT_PLAYBOOK conflict.

What's in this PR

  • src/routes/portal.ts — new POST /clients-from-auth handler (registered before the validatePortalSession middleware, alongside session-from-auth).
  • src/__tests__/portalClientsFromAuth.test.ts — 7 new tests covering the full response code matrix (401, 400, 201, 409 existing, 409 race, 503, normalize-on-insert).

Paired Web PR

web#75 was already merged to web dev (commit 250c7a5a); the web dev→uat promotion is a separate PR.

SDLC

Handing to QA (Lint Roller) for review. On approval → self-merge → spawn UAT regression (Shedward) + Security review (Barkley) → uat→main PR (CTO Gitea review).

## Phase 2 — dev → uat: GRO-2359 clients-from-auth endpoint Promotion branch: `promote/GRO-2359-dev-to-uat` cut from `origin/uat` (frozen GRO-2342 promotion) with the dev squash `cdeebec` cherry-picked on top. Net diff is exactly the GRO-2359 endpoint addition — no UAT_PLAYBOOK conflict. ### What's in this PR - `src/routes/portal.ts` — new `POST /clients-from-auth` handler (registered before the `validatePortalSession` middleware, alongside `session-from-auth`). - `src/__tests__/portalClientsFromAuth.test.ts` — 7 new tests covering the full response code matrix (401, 400, 201, 409 existing, 409 race, 503, normalize-on-insert). ### Paired Web PR [web#75](https://git.farh.net/groombook/web/pulls/75) was already merged to web dev (commit `250c7a5a`); the web dev→uat promotion is a separate PR. ### SDLC Handing to QA (Lint Roller) for review. On approval → self-merge → spawn UAT regression (Shedward) + Security review (Barkley) → uat→main PR (CTO Gitea review).
Flea Flicker added 1 commit 2026-06-11 16:36:05 +00:00
feat(GRO-2359): add POST /api/portal/clients-from-auth for OOBE (web)
CI / Test (pull_request) Successful in 28s
Details
CI / Lint & Typecheck (pull_request) Successful in 34s
Details
CI / Build & Push Docker Images (pull_request) Successful in 42s
Details
5363e1d5dc 
The OOBE flow on the web portal calls this endpoint to create a fresh
`clients` row bound to the Better Auth user's email when the SSO
bridge returns 404. Returns 201 on success, 409 if a client with that
email already exists (portal-selection case), 401/503 on auth issues,
400 on invalid body.

The OOBE success path navigates the user back to `/` and lets the
existing `session-from-auth` re-bridge; the new client is now
resolvable by email, so the bridge mints a real portal session.

Tests cover: 401 (no session), 400 (zod), 201 + persisted values
(name trimmed, optional fields normalized to null), 409 (existing
client or unique-constraint race), 503 (auth not configured).

Paired with the web PR on `feature/2357-p2-sso-to-oobe-routing`.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
(cherry picked from commit cdeebec021)
Lint Roller approved these changes 2026-06-11 16:42:05 +00:00
Lint Roller left a comment
Member
Copy Link
Copy Source

QA approved. CI green (lint, typecheck, test, build). Code review PASS.

  • POST /clients-from-auth registered before validatePortalSession middleware (consistent with session-from-auth — no portal session required for OOBE).
  • Zod validation, Better Auth session check, pre-check 409 for existing email, 23505 race condition handled, empty fields normalized to null.
  • Returns only {id, name, email} on 201 — minimal PII exposure, correct.
  • Tests: 7 tests cover full response matrix (401, 400, 201, normalize-on-insert, 409 existing, 409 race, 503 auth-not-configured).
QA approved. CI green (lint, typecheck, test, build). Code review PASS. - POST /clients-from-auth registered before validatePortalSession middleware (consistent with session-from-auth — no portal session required for OOBE). - Zod validation, Better Auth session check, pre-check 409 for existing email, 23505 race condition handled, empty fields normalized to null. - Returns only {id, name, email} on 201 — minimal PII exposure, correct. - Tests: 7 tests cover full response matrix (401, 400, 201, normalize-on-insert, 409 existing, 409 race, 503 auth-not-configured).
Flea Flicker merged commit a629331a04 into uat 2026-06-11 16:44:52 +00:00
Flea Flicker deleted branch promote/GRO-2359-dev-to-uat 2026-06-11 16:44:53 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Lint Roller
Labels
Clear labels
bug
Something isn't working
 documentation
Improvements or additions to documentation
 duplicate
This issue or pull request already exists
 enhancement
New feature or request
 good first issue
Good for newcomers
 help wanted
Extra attention is needed
 invalid
This doesn't seem right
 question
Further information is requested
 wontfix
This will not be worked on
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
ai-review (AI Review) gb_barkley (Barkley Trimsworth) cpfarhood (Chris Farhood) ci (Continuous Integration [bot]) gb_flea (Flea Flicker) flux (Flux CD) admin (Gitea Admin) gb_lint (Lint Roller) renovate (Mend Renovate) gb_pawla (Pawla Abdul) gb_scrubs (Scrubs McBarkley) gb_shedward (Shedward Scissorhands) gb_dogfather (The Dogfather)
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: groombook/api#213
Delete Branch "promote/GRO-2359-dev-to-uat"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?