Skip to content

refactor(upload): pilot migration onto @reloop/auth/middleware (#49)#58

Merged
pranavp10 merged 1 commit into
mainfrom
auth-refactor-49-pilot-migration
Jul 13, 2026
Merged

refactor(upload): pilot migration onto @reloop/auth/middleware (#49)#58
pranavp10 merged 1 commit into
mainfrom
auth-refactor-49-pilot-migration

Conversation

@pranavp10

@pranavp10 pranavp10 commented Jul 13, 2026

Copy link
Copy Markdown
Member

Summary

Pilotots the shared auth plugin on the upload service (low-risk, 2 protected routes).

  • Mounts createAuthPlugin({ baseUrl, redis, ttl }) with SESSION_CACHE_REDIS_PREFIX
  • Deletes cookie-auth.ts, api-key-auth.ts, and the bespoke macro middleware
  • Routes use canonical AuthContext (userId) with authNoOrg (user-scoped, not org-scoped)
  • Smoke tests: session cookie, API key, 401 without credentials

This PR is the migration recipe for later services.

Stacked on #57 (#48). Closes #49.

Test plan

  • bun test in apps/backend/upload — 3 smoke pass
  • bun run check-types for be-upload
  • Characterization tripwire still green
  • Manual smoke against running stack (login → upload → API key → logout) optional
  • CI green once stack base merges

Greptile Summary

This PR moves upload auth onto the shared auth middleware. The main changes are:

  • Shared createAuthPlugin mounted for upload routes.
  • Session Redis cache configured with the shared auth prefix.
  • Upload and delete routes switched to authNoOrg.
  • Bespoke cookie and API-key middleware removed.
  • Smoke tests added for session, API-key, and missing credentials.

Confidence Score: 5/5

This looks safe to merge after checking the short stale-session behavior.

  • The route context changes match the shared middleware shape.
  • The changed imports and package exports line up with the existing workspace packages.
  • Session caching can keep a revoked cookie valid briefly if a revocation path misses shared cache deletion.

apps/backend/upload/src/middleware/auth.ts

Security Review

A short stale-session window can remain if any revocation path misses shared cache eviction.

Important Files Changed

Filename Overview
apps/backend/upload/src/middleware/auth.ts Replaces bespoke auth macros with the shared auth plugin and shared-prefix Redis cache.
apps/backend/upload/src/routes/upload/upload-file/upload-file.route.ts Switches the upload route to authNoOrg and reads userId from the shared auth context.
apps/backend/upload/src/routes/upload/delete-file/delete-file.route.ts Switches the delete route guard to authNoOrg.
apps/backend/upload/test/auth-smoke.test.ts Adds smoke coverage for shared middleware session auth, API-key auth, and unauthenticated rejection.
apps/backend/upload/package.json Adds a test script and removes the no-longer-used direct @reloop/apikey dependency.

Reviews (1): Last reviewed commit: "refactor(upload): pilot migration onto @..." | Re-trigger Greptile

Greptile also left 1 inline comment on this PR.

First service adopts the shared auth plugin. Mount createAuthPlugin with
injected baseUrl/redis/ttl (SESSION_CACHE_REDIS_PREFIX), delete bespoke
cookie-auth / api-key-auth / macro middleware, and switch routes to
canonical AuthContext via authNoOrg (uploads are user-scoped).

Adds smoke tests for session cookie + API key + unauthenticated 401.
createAuthPlugin({
baseUrl: uploadConfig.BASE_URL,
redis: sessionRedis,
ttl: 5,

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 security Revoked Sessions Can Stay Cached

When a session is revoked by any path that does not delete the shared session:token key, upload now accepts the old cookie until this cache entry expires. The old middleware called get-session on every request, so those revocations were observed immediately instead of allowing a short stale-auth window.

Base automatically changed from auth-refactor-48-session-eviction to main July 13, 2026 05:13
@pranavp10 pranavp10 merged commit e0aa8eb into main Jul 13, 2026
1 check passed
@pranavp10 pranavp10 deleted the auth-refactor-49-pilot-migration branch July 13, 2026 05:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Auth refactor 6/10 — Pilot migration (one low-risk service)

1 participant