groombook/api

T

Chris Farhood 30268c9df7 fix(GRO-1272): auto-provision staff record on first OIDC login

When a user authenticates via OIDC but has no staff record (userId NULL,
oidcSub mismatch, email mismatch), resolveStaffMiddleware now checks for
a Better-Auth user record by jwt.sub and auto-creates a minimal groomer
staff record on first login.

This fixes the UAT regression where all API routes returned 403 for all
authenticated users after GRO-1207, because seedKnownUsers() sets
oidcSub to Authentik integer PKs or emails rather than the actual Authentik
OIDC sub (a UUID). The auto-provision path bridges the gap for all UAT
personas without requiring seed/Terraform changes.

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-05-14 18:59:48 +00:00

.github/workflows

Extract groombook/api from monorepo with CI workflow

2026-05-11 01:26:56 +00:00

Extract groombook/api from monorepo with CI workflow

2026-05-11 01:26:56 +00:00

fix(GRO-1272): auto-provision staff record on first OIDC login

2026-05-14 18:59:48 +00:00

.gitignore

Extract groombook/api from monorepo with CI workflow

2026-05-11 01:26:56 +00:00

Dockerfile

fix: update Dockerfile for standalone repo structure

2026-05-11 01:36:48 +00:00

eslint.config.js

Extract groombook/api from monorepo with CI workflow

2026-05-11 01:26:56 +00:00

package.json

Extract groombook/api from monorepo with CI workflow

2026-05-11 01:26:56 +00:00

pnpm-lock.yaml

Extract groombook/api from monorepo with CI workflow

2026-05-11 01:26:56 +00:00

pnpm-workspace.yaml

Extract groombook/api from monorepo with CI workflow

2026-05-11 01:26:56 +00:00

README.md

Initial commit

2026-05-02 17:01:36 +00:00

tsconfig.json

Extract groombook/api from monorepo with CI workflow

2026-05-11 01:26:56 +00:00

vitest.config.ts

fix: correct vitest alias paths for workspace packages

2026-05-11 01:34:12 +00:00

README.md

api

GroomBook API service (extracted from groombook/app monorepo)