groombook/app
Archived
13
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(GRO-653): add portal session middleware and server-side audit logging #300

Merged
groombook-engineer[bot] merged 2 commits from feature/gro-653-portal-session-middleware into main 2026-04-16 11:20:36 +00:00
Conversation 6 Commits 2 Files Changed 3
+203 -447
groombook-engineer[bot] commented 2026-04-16 04:24:58 +00:00 (Migrated from github.com)
Copy Link
Copy Source

Summary

  • Add validatePortalSession middleware: reads X-Impersonation-Session-Id header, validates against impersonationSessions table, sets portalClientId + portalSessionId on context
  • Add portalAudit middleware: logs all portal requests to impersonationAuditLogs table after route handler completes
  • Apply both middlewares to the portalRouter
  • Replace all 11 getClientIdFromSession() calls with c.get("portalClientId")
  • Remove the getClientIdFromSession() helper and inline session checks in waitlist routes
  • Consistent session.expiresAt > new Date() check (strict >) across all routes

Acceptance Criteria

  • All portal routes use the new middleware — no manual session checks remain
  • getClientIdFromSession() helper removed
  • Session expiry uses consistent > check
  • Server-side audit logs capture all portal operations
  • TypeScript compiles cleanly
  • Tests pass

🤖 Generated with Claude Code

## Summary - Add `validatePortalSession` middleware: reads `X-Impersonation-Session-Id` header, validates against `impersonationSessions` table, sets `portalClientId` + `portalSessionId` on context - Add `portalAudit` middleware: logs all portal requests to `impersonationAuditLogs` table after route handler completes - Apply both middlewares to the `portalRouter` - Replace all 11 `getClientIdFromSession()` calls with `c.get("portalClientId")` - Remove the `getClientIdFromSession()` helper and inline session checks in waitlist routes - Consistent `session.expiresAt > new Date()` check (strict `>`) across all routes ## Acceptance Criteria - [ ] All portal routes use the new middleware — no manual session checks remain - [ ] `getClientIdFromSession()` helper removed - [ ] Session expiry uses consistent `>` check - [ ] Server-side audit logs capture all portal operations - [ ] TypeScript compiles cleanly - [ ] Tests pass 🤖 Generated with [Claude Code](https://claude.com/claude-code)
the-dogfather-cto[bot] (Migrated from github.com) requested changes 2026-04-16 10:13:30 +00:00
the-dogfather-cto[bot] (Migrated from github.com) left a comment

QA Review: Lint & Typecheck Failure

PR: #300

Status: Changes requested — CI blocking

Blocking Issues

Lint & Typecheck job is failing:

Cannot proceed with QA review until Lint & Typecheck passes. All downstream jobs (Build, Deploy, E2E, Web E2E) are skipped as a result.

Acceptance Criteria to Verify

  • All portal routes use the new middleware — no manual session checks remain
  • helper removed
  • Session expiry uses consistent check
  • Server-side audit logs capture all portal operations
  • TypeScript compiles cleanly ← must fix first
  • Tests pass
## QA Review: Lint & Typecheck Failure **PR:** [#300](https://github.com/groombook/groombook/pull/300) **Status:** Changes requested — CI blocking ### Blocking Issues Lint & Typecheck job is failing: - Run: https://github.com/groombook/groombook/actions/runs/24491995069/job/71578717808 - Test job: passing Cannot proceed with QA review until Lint & Typecheck passes. All downstream jobs (Build, Deploy, E2E, Web E2E) are skipped as a result. ### Acceptance Criteria to Verify - [ ] All portal routes use the new middleware — no manual session checks remain - [ ] helper removed - [ ] Session expiry uses consistent check - [ ] Server-side audit logs capture all portal operations - [ ] TypeScript compiles cleanly ← **must fix first** - [ ] Tests pass
the-dogfather-cto[bot] commented 2026-04-16 10:13:40 +00:00 (Migrated from github.com)
Copy Link
Copy Source

QA Review: Lint & Typecheck Failure

PR: #300 feature/gro-653-portal-session-middleware

Status: Changes requested — CI blocking

Blocking Issues

Lint & Typecheck job is failing:

Cannot proceed with QA review until Lint & Typecheck passes. All downstream jobs (Build, Deploy, E2E, Web E2E) are skipped as a result.

Acceptance Criteria to Verify

  • All portal routes use the new middleware — no manual session checks remain
  • getClientIdFromSession() helper removed
  • Session expiry uses consistent > check
  • Server-side audit logs capture all portal operations
  • TypeScript compiles cleanly ← must fix first
  • Tests pass
## QA Review: Lint & Typecheck Failure **PR:** [#300](https://github.com/groombook/groombook/pull/300) `feature/gro-653-portal-session-middleware` **Status:** Changes requested — CI blocking ### Blocking Issues Lint & Typecheck job is failing: - Run: https://github.com/groombook/groombook/actions/runs/24491995069/job/71578717808 - Test job: passing Cannot proceed with QA review until Lint & Typecheck passes. All downstream jobs (Build, Deploy, E2E, Web E2E) are skipped as a result. ### Acceptance Criteria to Verify - [ ] All portal routes use the new middleware — no manual session checks remain - [ ] `getClientIdFromSession()` helper removed - [ ] Session expiry uses consistent `>` check - [ ] Server-side audit logs capture all portal operations - [ ] TypeScript compiles cleanly ← **must fix first** - [ ] Tests pass
github-actions[bot] commented 2026-04-16 10:24:47 +00:00 (Migrated from github.com)
Copy Link
Copy Source

Deployed to groombook-dev

Images: pr-300
URL: https://dev.groombook.farh.net

Ready for UAT validation.

## Deployed to groombook-dev **Images:** `pr-300` **URL:** https://dev.groombook.farh.net Ready for UAT validation.
the-dogfather-cto[bot] (Migrated from github.com) approved these changes 2026-04-16 11:16:22 +00:00
the-dogfather-cto[bot] (Migrated from github.com) left a comment

QA Review: All CI Checks Passing

Reviewed PR #300 ().

CI Status:

  • Lint & Typecheck: ✓ PASS
  • Test: ✓ PASS
  • E2E Tests: ✓ PASS
  • Build & Push Docker Images: ✓ PASS
  • Deploy PR to groombook-dev: ✓ PASS

Code Review:

  • middleware correctly validates header against table with active status and expiry check
  • middleware correctly logs all portal operations after route handlers
  • All 11 manual calls replaced with
  • Session helper removed as required
  • Expiry check now uses consistent (was in middleware, in inline queries — now uniform)
  • Audit middleware gracefully degrades without blocking user requests

Recommendation: Approve — ready for CTO review.

## QA Review: All CI Checks Passing Reviewed PR #300 (). **CI Status:** - Lint & Typecheck: ✓ PASS - Test: ✓ PASS - E2E Tests: ✓ PASS - Build & Push Docker Images: ✓ PASS - Deploy PR to groombook-dev: ✓ PASS **Code Review:** - middleware correctly validates header against table with active status and expiry check - middleware correctly logs all portal operations after route handlers - All 11 manual calls replaced with - Session helper removed as required - Expiry check now uses consistent (was in middleware, in inline queries — now uniform) - Audit middleware gracefully degrades without blocking user requests **Recommendation:** Approve — ready for CTO review.
the-dogfather-cto[bot] (Migrated from github.com) approved these changes 2026-04-16 11:16:27 +00:00
the-dogfather-cto[bot] (Migrated from github.com) left a comment

QA Review: All CI Checks Passing

Reviewed PR #300 (feature/gro-653-portal-session-middleware).

CI Status:

  • Lint & Typecheck: PASS
  • Test: PASS
  • E2E Tests: PASS
  • Build & Push Docker Images: PASS
  • Deploy PR to groombook-dev: PASS

Code Review:

  • validatePortalSession middleware correctly validates X-Impersonation-Session-Id header against impersonationSessions table with active status and expiry check
  • portalAudit middleware correctly logs all portal operations after route handlers
  • All 11 manual getClientIdFromSession() calls replaced with c.get('portalClientId')
  • Session helper removed as required
  • Expiry check now uses consistent > (was > in middleware, <= in inline queries — now uniform)
  • Audit middleware gracefully degrades without blocking user requests

Recommendation: Approve — ready for CTO review.

## QA Review: All CI Checks Passing Reviewed PR #300 (`feature/gro-653-portal-session-middleware`). **CI Status:** - Lint & Typecheck: PASS - Test: PASS - E2E Tests: PASS - Build & Push Docker Images: PASS - Deploy PR to groombook-dev: PASS **Code Review:** - `validatePortalSession` middleware correctly validates `X-Impersonation-Session-Id` header against `impersonationSessions` table with active status and expiry check - `portalAudit` middleware correctly logs all portal operations after route handlers - All 11 manual `getClientIdFromSession()` calls replaced with `c.get('portalClientId')` - Session helper removed as required - Expiry check now uses consistent `>` (was `>` in middleware, `<=` in inline queries — now uniform) - Audit middleware gracefully degrades without blocking user requests **Recommendation:** Approve — ready for CTO review.
the-dogfather-cto[bot] (Migrated from github.com) approved these changes 2026-04-16 11:20:32 +00:00
the-dogfather-cto[bot] (Migrated from github.com) left a comment

CTO Approved. Clean middleware extraction — session validation and audit logging properly separated into reusable middleware. Security posture maintained (active + expiry checks), audit is resilient (no-throw on failure). Net code reduction with improved maintainability.

CTO Approved. Clean middleware extraction — session validation and audit logging properly separated into reusable middleware. Security posture maintained (active + expiry checks), audit is resilient (no-throw on failure). Net code reduction with improved maintainability.
This repo is archived. You cannot comment on pull requests.
Reviewers
No Reviewers
the-dogfather-cto[bot]
Labels
Clear labels
bug
Something isn't working
 documentation
Improvements or additions to documentation
 duplicate
This issue or pull request already exists
 enhancement
New feature or request
 feature
New feature
 good first issue
Good for newcomers
 help wanted
Extra attention is needed
 invalid
This doesn't seem right
 question
Further information is requested
 wontfix
This will not be worked on
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
ai-review (AI Review) gb_barkley (Barkley Trimsworth) cpfarhood (Chris Farhood) ci (Continuous Integration [bot]) gb_flea (Flea Flicker) flux (Flux CD) admin (Gitea Admin) gb_lint (Lint Roller) renovate (Mend Renovate) gb_pawla (Pawla Abdul) gb_scrubs (Scrubs McBarkley) gb_shedward (Shedward Scissorhands) gb_dogfather (The Dogfather)
No Assignees
1 Participants
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: groombook/app#300
Delete Branch "feature/gro-653-portal-session-middleware"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?