Chris Farhood
821ea0046d
Fixes GRO-1118 - uat-tester receives HTTP 403 post-login When a user authenticates via OAuth but has no corresponding staff record, the RBAC middleware now auto-creates a staff record with a default "receptionist" role instead of returning 403. This allows new OAuth users to access the app immediately. The middleware now checks for staff records in this order: 1. By userId (Better-Auth user ID) 2. By oidcSub (legacy OIDC subject) 3. By email (auto-link existing staff) 4. Create new staff record if authenticated user has email and name Co-Authored-By: Paperclip <noreply@paperclip.ing>
GroomBook API
GroomBook API service — extracted from the groombook/app monorepo.
Overview
This repository contains the GroomBook API service, including:
- REST API endpoints
- Database schema and migrations (via Drizzle ORM)
- Authentication (via Better Auth)
- Background job handlers
Structure
apps/api/ # API service source
packages/db/ # Database schema, migrations, and utilities
packages/types/ # Shared TypeScript types
Setup
pnpm install
cp .env.example .env # Fill in required environment variables
pnpm --filter @groombook/api dev
Docker
docker build -t ghcr.io/groombook/api:latest .
docker run -p 3000:3000 ghcr.io/groombook/api:latest
License
AGPL-3.0-only