Skip to content

refactor(auth): migrate plain-session batch A to shared plugin (#50)#59

Merged
pranavp10 merged 1 commit into
mainfrom
auth-refactor-50-migrate-batch-a
Jul 13, 2026
Merged

refactor(auth): migrate plain-session batch A to shared plugin (#50)#59
pranavp10 merged 1 commit into
mainfrom
auth-refactor-50-migrate-batch-a

Conversation

@pranavp10

@pranavp10 pranavp10 commented Jul 13, 2026

Copy link
Copy Markdown
Member

Summary

Batch A plain-session migrations onto @reloop/auth/middleware (after pilot #49):

Service Notes
webhook Straight plugin mount; auth fail-closed
inbox Straight plugin mount; auth fail-closed
domain Plugin + apiKeyOrInternalAuth for Kumo dkim-key; cookieAuthauth
mail Plugin + mail auth re-declare for internal secret; activeOrganizationIdorganizationId
upload Already migrated in #49

Also: fail-closed macros narrow organizationId to string; apiKeyId on API-key path for audit/inject.

Stacked on #58 (#49). Closes #50.

Test plan

  • Smoke tests: mail, domain, inbox, webhook (3 each)
  • tsc --noEmit green for all four services
  • Characterization tripwire still green
  • Package middleware tests still pass
  • CI green once stack base merges

Greptile Summary

This PR moves several backend services onto the shared auth middleware. The main changes are:

  • Domain, inbox, mail, and webhook now mount @reloop/auth/middleware.
  • Local API-key and cookie-session middleware files were removed.
  • Mail and domain keep service-specific internal-secret auth paths.
  • Auth smoke tests and package dependency updates were added.

Confidence Score: 4/5

The changed flow looks mergeable after preserving the mail internal-service identity.

  • Shared auth imports and macro shapes line up with the migrated routes.
  • API-key and session paths use the new organizationId shape consistently.
  • Mail internal-secret sends can be misclassified as user sessions in downstream rate-limit and audit logic.

apps/backend/mail/src/middleware/auth.ts

Important Files Changed

Filename Overview
packages/auth/src/middleware/plugin.ts Adds apiKeyId propagation and requires an organization for the standard shared auth macro.
apps/backend/mail/src/middleware/auth.ts Adds the shared plugin plus a mail-specific auth override for API-key, internal-secret, and session callers.
apps/backend/mail/src/routes/mail/send-email/send-email.route.ts Switches the send route to the canonical organizationId field and chooses inject credentials from authType.
apps/backend/domain/src/middleware/auth.ts Uses the shared auth plugin while keeping the domain internal-secret macro.
apps/backend/inbox/src/middleware/auth.ts Replaces local inbox auth macros with the shared auth plugin.
apps/backend/webhook/src/middleware/auth.ts Replaces local webhook auth macros with the shared auth plugin.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
  Req[Request] --> Shared[Shared auth plugin]
  Shared --> ApiKey[API key]
  Shared --> Session[Session]
  Req --> Mail[Mail auth override]
  Mail --> MailApiKey[API key]
  Mail --> Internal[Internal secret]
  Mail --> MailSession[Session]
  MailApiKey --> Send[send-email route]
  Internal --> Send
  MailSession --> Send
  Send --> RateLimit[Rate limit]
  Send --> Controller[Send email controller]
  Controller --> Audit[Audit log]
  Controller --> Kumo[KumoMTA inject]
Loading
%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
flowchart TD
  Req[Request] --> Shared[Shared auth plugin]
  Shared --> ApiKey[API key]
  Shared --> Session[Session]
  Req --> Mail[Mail auth override]
  Mail --> MailApiKey[API key]
  Mail --> Internal[Internal secret]
  Mail --> MailSession[Session]
  MailApiKey --> Send[send-email route]
  Internal --> Send
  MailSession --> Send
  Send --> RateLimit[Rate limit]
  Send --> Controller[Send email controller]
  Controller --> Audit[Audit log]
  Controller --> Kumo[KumoMTA inject]
Loading

Reviews (1): Last reviewed commit: "refactor(auth): migrate plain-session ba..." | Re-trigger Greptile

Greptile also left 1 inline comment on this PR.

Migrate mail, domain, inbox, and webhook onto createAuthPlugin following
the upload pilot recipe. Delete bespoke cookie-auth / api-key-auth files,
inject SESSION_CACHE_REDIS_PREFIX redis + baseUrl/ttl, and keep
service-specific internal-secret macros where needed (mail auth, domain
apiKeyOrInternalAuth).

Narrow fail-closed auth/apiKeyAuth organizationId to string for handler
types; optional apiKeyId for audit/inject paths. Smoke tests per service.
userId: "internal",
organizationId,
role: null as string | null,
authType: "session" as const,

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Internal Sends Look Like Sessions

When a caller authenticates with x-internal-secret, this branch now returns authType: "session" instead of the previous internal marker. The send-email path forwards that context into rate limiting and audit logging, so service-to-service sends are recorded and bucketed like user-session sends with the shared userId: "internal".

Suggested change
authType: "session" as const,
authType: "internal" as const,

Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!

Base automatically changed from auth-refactor-49-pilot-migration to main July 13, 2026 05:13
@pranavp10 pranavp10 merged commit 0ccc535 into main Jul 13, 2026
1 check passed
@pranavp10 pranavp10 deleted the auth-refactor-50-migrate-batch-a branch July 13, 2026 05:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Auth refactor 7/10 — Migrate plain-session services, batch A

1 participant