From 22aaed76f2965cdaf3d6e4573cec5c31dea578d5 Mon Sep 17 00:00:00 2001 From: Jean-Luc Makiola Date: Sat, 4 Apr 2026 12:43:29 +0200 Subject: [PATCH] feat(14-04): convert auth, OAuth, settings routes and auth middleware to async/await - Add await before all service calls in auth, OAuth routes - Convert settings.ts direct DB calls: remove .get()/.run(), use await + destructuring - Auth middleware: await getUserCount, getSession, refreshSession - Fix formatting in threads.ts for biome compliance - All files pass lint --- src/server/middleware/auth.ts | 6 +++--- src/server/routes/auth.ts | 31 +++++++++++++++---------------- src/server/routes/oauth.ts | 10 +++++----- src/server/routes/settings.ts | 17 +++++++---------- src/server/routes/threads.ts | 26 +++++++++++++++----------- 5 files changed, 45 insertions(+), 45 deletions(-) diff --git a/src/server/middleware/auth.ts b/src/server/middleware/auth.ts index b9e36de..8853d79 100644 --- a/src/server/middleware/auth.ts +++ b/src/server/middleware/auth.ts @@ -11,7 +11,7 @@ export async function requireAuth(c: Context, next: Next) { const db = c.get("db"); // Check if any users exist at all - if (getUserCount(db) === 0) { + if ((await getUserCount(db)) === 0) { return c.json({ error: "setup_required" }, 403); } @@ -26,10 +26,10 @@ export async function requireAuth(c: Context, next: Next) { // Check session cookie const sessionId = getCookie(c, "gearbox_session"); if (sessionId) { - const session = getSession(db, sessionId); + const session = await getSession(db, sessionId); if (session) { // Refresh session expiry on use - refreshSession(db, sessionId); + await refreshSession(db, sessionId); return next(); } } diff --git a/src/server/routes/auth.ts b/src/server/routes/auth.ts index 827e544..9e59c93 100644 --- a/src/server/routes/auth.ts +++ b/src/server/routes/auth.ts @@ -43,12 +43,12 @@ const app = new Hono(); // ── Public routes ─────────────────────────────────────────────────── -app.get("/me", (c) => { +app.get("/me", async (c) => { const db = c.get("db"); const sessionId = getCookie(c, COOKIE_NAME); if (sessionId) { - const session = getSession(db, sessionId); + const session = await getSession(db, sessionId); if (session) { return c.json({ user: { id: session.userId }, @@ -57,20 +57,20 @@ app.get("/me", (c) => { } } - const setupRequired = getUserCount(db) === 0; + const setupRequired = (await getUserCount(db)) === 0; return c.json({ user: null, setupRequired }); }); app.post("/setup", rateLimit, zValidator("json", setupSchema), async (c) => { const db = c.get("db"); - if (getUserCount(db) > 0) { + if ((await getUserCount(db)) > 0) { return c.json({ error: "Setup already completed" }, 403); } const { username, password } = c.req.valid("json"); const user = await createUser(db, username, password); - const session = createSession(db, user.id); + const session = await createSession(db, user.id); setCookie(c, COOKIE_NAME, session.id, { httpOnly: true, @@ -91,7 +91,7 @@ app.post("/login", rateLimit, zValidator("json", loginSchema), async (c) => { return c.json({ error: "Invalid credentials" }, 401); } - const session = createSession(db, user.id); + const session = await createSession(db, user.id); setCookie(c, COOKIE_NAME, session.id, { httpOnly: true, @@ -103,12 +103,12 @@ app.post("/login", rateLimit, zValidator("json", loginSchema), async (c) => { return c.json({ username: user.username }); }); -app.post("/logout", (c) => { +app.post("/logout", async (c) => { const db = c.get("db"); const sessionId = getCookie(c, COOKIE_NAME); if (sessionId) { - deleteSession(db, sessionId); + await deleteSession(db, sessionId); } deleteCookie(c, COOKIE_NAME, { path: "/" }); @@ -127,17 +127,16 @@ app.put( if (!sessionId) { return c.json({ error: "Session required for password change" }, 401); } - const session = getSession(db, sessionId); + const session = await getSession(db, sessionId); if (!session) { return c.json({ error: "Session required for password change" }, 401); } - const userRecord = db + const [userRecord] = await db .select() .from(users) - .where(eq(users.id, session.userId)) - .get(); + .where(eq(users.id, session.userId)); if (!userRecord) { return c.json({ error: "User not found" }, 404); @@ -159,9 +158,9 @@ app.put( }, ); -app.get("/keys", requireAuth, (c) => { +app.get("/keys", requireAuth, async (c) => { const db = c.get("db"); - const keys = listApiKeys(db); + const keys = await listApiKeys(db); return c.json(keys); }); @@ -186,11 +185,11 @@ app.post( }, ); -app.delete("/keys/:id", requireAuth, (c) => { +app.delete("/keys/:id", requireAuth, async (c) => { const db = c.get("db"); const id = parseId(c.req.param("id")); if (!id) return c.json({ error: "Invalid key ID" }, 400); - deleteApiKey(db, id); + await deleteApiKey(db, id); return c.json({ ok: true }); }); diff --git a/src/server/routes/oauth.ts b/src/server/routes/oauth.ts index d2b1927..bd00635 100644 --- a/src/server/routes/oauth.ts +++ b/src/server/routes/oauth.ts @@ -129,7 +129,7 @@ oauthRoutes.post("/register", async (c) => { } const clientName = body.client_name || "Unknown Client"; - const { clientId } = registerClient(db, clientName, body.redirect_uris); + const { clientId } = await registerClient(db, clientName, body.redirect_uris); return c.json( { @@ -159,7 +159,7 @@ oauthRoutes.get("/authorize", async (c) => { return c.json({ error: "Missing required parameters" }, 400); } - const client = getClient(db, clientId); + const client = await getClient(db, clientId); if (!client) { return c.json({ error: "Unknown client_id" }, 400); } @@ -196,7 +196,7 @@ oauthRoutes.post("/authorize", async (c) => { const user = await verifyPassword(db, username, password); if (!user) { - const client = getClient(db, clientId); + const client = await getClient(db, clientId); return c.html( renderLoginForm({ clientName: client?.clientName ?? "Unknown", @@ -210,7 +210,7 @@ oauthRoutes.post("/authorize", async (c) => { ); } - const { code } = createAuthorizationCode( + const { code } = await createAuthorizationCode( db, clientId, codeChallenge, @@ -233,7 +233,7 @@ oauthRoutes.post("/token", async (c) => { const grantType = body.grant_type as string; // Opportunistic cleanup - cleanExpiredOAuthData(db); + await cleanExpiredOAuthData(db); if (grantType === "authorization_code") { const code = body.code as string; diff --git a/src/server/routes/settings.ts b/src/server/routes/settings.ts index 422fd7b..83544fa 100644 --- a/src/server/routes/settings.ts +++ b/src/server/routes/settings.ts @@ -6,14 +6,13 @@ type Env = { Variables: { db?: any } }; const app = new Hono(); -app.get("/:key", (c) => { +app.get("/:key", async (c) => { const database = c.get("db"); const key = c.req.param("key"); - const row = database + const [row] = await database .select() .from(settings) - .where(eq(settings.key, key)) - .get(); + .where(eq(settings.key, key)); if (!row) return c.json({ error: "Setting not found" }, 404); return c.json(row); }); @@ -27,17 +26,15 @@ app.put("/:key", async (c) => { return c.json({ error: "value is required" }, 400); } - database + await database .insert(settings) .values({ key, value: body.value }) - .onConflictDoUpdate({ target: settings.key, set: { value: body.value } }) - .run(); + .onConflictDoUpdate({ target: settings.key, set: { value: body.value } }); - const row = database + const [row] = await database .select() .from(settings) - .where(eq(settings.key, key)) - .get(); + .where(eq(settings.key, key)); return c.json(row); }); diff --git a/src/server/routes/threads.ts b/src/server/routes/threads.ts index e667428..621c936 100644 --- a/src/server/routes/threads.ts +++ b/src/server/routes/threads.ts @@ -84,19 +84,23 @@ app.delete("/:id", async (c) => { // Candidate CRUD (nested under thread) -app.post("/:id/candidates", zValidator("json", createCandidateSchema), async (c) => { - const db = c.get("db"); - const threadId = parseId(c.req.param("id")); - if (!threadId) return c.json({ error: "Invalid thread ID" }, 400); +app.post( + "/:id/candidates", + zValidator("json", createCandidateSchema), + async (c) => { + const db = c.get("db"); + const threadId = parseId(c.req.param("id")); + if (!threadId) return c.json({ error: "Invalid thread ID" }, 400); - // Verify thread exists - const thread = await getThreadWithCandidates(db, threadId); - if (!thread) return c.json({ error: "Thread not found" }, 404); + // Verify thread exists + const thread = await getThreadWithCandidates(db, threadId); + if (!thread) return c.json({ error: "Thread not found" }, 404); - const data = c.req.valid("json"); - const candidate = await createCandidate(db, threadId, data); - return c.json(candidate, 201); -}); + const data = c.req.valid("json"); + const candidate = await createCandidate(db, threadId, data); + return c.json(candidate, 201); + }, +); app.put( "/:threadId/candidates/:candidateId",