fix: OIDC auth flow, Vite proxy, and PostgreSQL query compat

- Add auth redirect in root layout for unauthenticated users - Proxy OIDC routes (/login, /callback, /logout) through Vite dev server - Strip Secure flag from OIDC cookies in dev mode (HTTP localhost) - Disable retry on auth query to prevent stale cookie loops - Fix SQLite .get()/.all()/.run() calls in category and global-item services for PostgreSQL compatibility - Add userId scoping to category service functions - Add OIDC error logging in auth middleware - Apply linter auto-formatting across affected files Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-05 18:25:31 +02:00
parent f7588827b1
commit 574a12e6fa
32 changed files with 315 additions and 253 deletions
--- a/tests/services/image.service.test.ts
+++ b/tests/services/image.service.test.ts
@@ -21,12 +21,12 @@ const { fetchImageFromUrl } = await import(

 // 1x1 transparent PNG (smallest valid PNG)
 const TINY_PNG = new Uint8Array([
-	0x89, 0x50, 0x4e, 0x47, 0x0d, 0x0a, 0x1a, 0x0a, 0x00, 0x00, 0x00, 0x0d,
-	0x49, 0x48, 0x44, 0x52, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01,
-	0x08, 0x06, 0x00, 0x00, 0x00, 0x1f, 0x15, 0xc4, 0x89, 0x00, 0x00, 0x00,
-	0x0a, 0x49, 0x44, 0x41, 0x54, 0x78, 0x9c, 0x62, 0x00, 0x00, 0x00, 0x02,
-	0x00, 0x01, 0xe2, 0x21, 0xbc, 0x33, 0x00, 0x00, 0x00, 0x00, 0x49, 0x45,
-	0x4e, 0x44, 0xae, 0x42, 0x60, 0x82,
+	0x89, 0x50, 0x4e, 0x47, 0x0d, 0x0a, 0x1a, 0x0a, 0x00, 0x00, 0x00, 0x0d, 0x49,
+	0x48, 0x44, 0x52, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x08, 0x06,
+	0x00, 0x00, 0x00, 0x1f, 0x15, 0xc4, 0x89, 0x00, 0x00, 0x00, 0x0a, 0x49, 0x44,
+	0x41, 0x54, 0x78, 0x9c, 0x62, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0xe2, 0x21,
+	0xbc, 0x33, 0x00, 0x00, 0x00, 0x00, 0x49, 0x45, 0x4e, 0x44, 0xae, 0x42, 0x60,
+	0x82,
 ]);

 let server: Server;
@@ -72,17 +72,17 @@ describe("Image Service", () => {

 			// Verify uploadImage was called with correct args
 			expect(mockUploadImage).toHaveBeenCalledTimes(1);
-			const [buffer, filename, contentType] =
-				mockUploadImage.mock.calls[0] as unknown[];
+			const [buffer, filename, contentType] = mockUploadImage.mock
+				.calls[0] as unknown[];
 			expect(buffer).toBeInstanceOf(Buffer);
 			expect(filename).toBe(result.filename);
 			expect(contentType).toBe("image/png");
 		});

 		it("rejects non-image content type", async () => {
-			await expect(
-				fetchImageFromUrl(`${baseUrl}/page.html`),
-			).rejects.toThrow("Invalid content type");
+			await expect(fetchImageFromUrl(`${baseUrl}/page.html`)).rejects.toThrow(
+				"Invalid content type",
+			);
 		});

 		it("rejects invalid URL format", async () => {
@@ -98,9 +98,9 @@ describe("Image Service", () => {
 		});

 		it("rejects 404 responses", async () => {
-			await expect(
-				fetchImageFromUrl(`${baseUrl}/missing.jpg`),
-			).rejects.toThrow("HTTP 404");
+			await expect(fetchImageFromUrl(`${baseUrl}/missing.jpg`)).rejects.toThrow(
+				"HTTP 404",
+			);
 		});
 	});
 });