groombook/app
Archived
13
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(api): Better-Auth integration — sessions, auth middleware, staff resolution, RBAC tests (GRO-118) #136

Merged
groombook-engineer[bot] merged 24 commits from feature/gro-118-better-auth into main 2026-03-28 03:50:45 +00:00
Conversation 35 Commits 24 Files Changed 36
+3 -3
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit d3c88ea9fb - Show all commits
apps/api/src/__tests__/rbac.test.ts
+1 -1
View File
@@ -168,7 +168,7 @@ describe("resolveStaffMiddleware", () => {
});
const res = await app.request("/test", {
headers: { "X-Dev-User-Id": GROOMER.userId! },
headers: { "X-Dev-User-Id": GROOMER.id },
});
expect(res.status).toBe(200);
expect(capturedStaff!.role).toBe("groomer");
apps/api/src/middleware/rbac.ts
+2 -2
View File
@@ -40,11 +40,11 @@ export const resolveStaffMiddleware: MiddlewareHandler<AppEnv> = async (
await next();
return;
}
// Treat X-Dev-User-Id as the Better-Auth user ID
// Treat X-Dev-User-Id as the staff database id (the frontend stores staff.id)
const [row] = await db
.select()
.from(staff)
.where(eq(staff.userId, devUserId));
.where(eq(staff.id, devUserId));
if (!row) {
return c.json(
{ error: "Forbidden: no staff record found for X-Dev-User-Id" },