fix architecture and write new tests

This commit is contained in:
root
2026-06-10 00:40:19 -04:00
parent 560da1cadf
commit 80a597bc10
377 changed files with 84020 additions and 1337 deletions
+9 -14
View File
@@ -1,7 +1,9 @@
import { Request, Response, NextFunction } from 'express'
import jwt from 'jsonwebtoken'
import { prisma } from '../lib/prisma'
import { getCookie, sendUnauthorized } from './authHelpers'
import { getAuthToken, sendUnauthorized } from './authHelpers'
import { verifyActorToken } from '../security/tokens'
import { getSessionCookieName } from '../security/sessionCookies'
import { actorLimiter } from './rateLimiter'
/**
* Validates a company-scoped Bearer token and loads the employee + company onto `req`.
@@ -11,25 +13,18 @@ import { getCookie, sendUnauthorized } from './authHelpers'
* req.company — the employee's company
* req.companyId — string shorthand for req.company.id
*/
async function authenticateCompanyRequest(req: Request, res: Response, next: NextFunction, allowCookie = false) {
const authHeader = req.headers.authorization
const bearerToken = authHeader?.startsWith('Bearer ') ? authHeader.slice(7) : null
const cookieToken = allowCookie ? getCookie(req, 'employee_token') : null
const token = bearerToken ?? cookieToken
async function authenticateCompanyRequest(req: Request, res: Response, next: NextFunction) {
const token = getAuthToken(req, getSessionCookieName('employee'))
if (!token) return sendUnauthorized(res, 'unauthenticated', 'Authentication required')
let payload: { sub: string; type: string }
try {
payload = jwt.verify(token, process.env.JWT_SECRET!) as { sub: string; type: string }
payload = verifyActorToken(token, 'employee')
} catch {
return sendUnauthorized(res, 'invalid_token', 'Invalid or expired session token')
}
if (payload.type !== 'employee') {
return sendUnauthorized(res, 'invalid_token', 'Invalid token type for this endpoint')
}
const employee = await prisma.employee.findUnique({
where: { id: payload.sub },
include: { company: true },
@@ -42,7 +37,7 @@ async function authenticateCompanyRequest(req: Request, res: Response, next: Nex
req.employee = employee
req.company = employee.company
req.companyId = employee.companyId
next()
return actorLimiter(req, res, next)
}
export async function requireCompanyAuth(req: Request, res: Response, next: NextFunction) {
@@ -50,5 +45,5 @@ export async function requireCompanyAuth(req: Request, res: Response, next: Next
}
export async function requireCompanyDocumentAuth(req: Request, res: Response, next: NextFunction) {
return authenticateCompanyRequest(req, res, next, true)
return authenticateCompanyRequest(req, res, next)
}