From a0f67bbb4186988c91679f691a54f5e12b7bb252 Mon Sep 17 00:00:00 2001 From: kenneth Date: Wed, 11 Mar 2026 00:19:15 +0000 Subject: [PATCH] feat(backend): bypass auth in development Use mockAuthSessionMiddleware with a fully populated dev user when NODE_ENV is not production. Auth handlers are only registered in production. Co-authored-by: Ona --- .../src/auth/session-middleware.ts | 32 +++++++++++++++++-- apps/aelis-backend/src/server.ts | 12 +++++-- 2 files changed, 38 insertions(+), 6 deletions(-) diff --git a/apps/aelis-backend/src/auth/session-middleware.ts b/apps/aelis-backend/src/auth/session-middleware.ts index 752b1a7..a16e6c2 100644 --- a/apps/aelis-backend/src/auth/session-middleware.ts +++ b/apps/aelis-backend/src/auth/session-middleware.ts @@ -61,7 +61,7 @@ export async function getSessionFromHeaders( } /** - * Test-only middleware that injects a fake user and session. + * Dev/test middleware that injects a fake user and session. * Pass userId to simulate an authenticated request, or omit to get 401. */ export function mockAuthSessionMiddleware(userId?: string): AuthSessionMiddleware { @@ -69,8 +69,34 @@ export function mockAuthSessionMiddleware(userId?: string): AuthSessionMiddlewar if (!userId) { return c.json({ error: "Unauthorized" }, 401) } - c.set("user", { id: userId } as AuthUser) - c.set("session", { id: "mock-session" } as AuthSession) + + const now = new Date() + const expiresAt = new Date(now.getTime() + 7 * 24 * 60 * 60 * 1000) + + const user: AuthUser = { + id: "k7Gx2mPqRvNwYs9TdLfA4bHcJeUo1iZn", + name: "Dev User", + email: "dev@aelis.local", + emailVerified: true, + image: null, + createdAt: now, + updatedAt: now, + } + + const session: AuthSession = { + id: "Wt3FvBpXaQrMhD8sKjE6LcYn0gUz5iRo", + userId: "k7Gx2mPqRvNwYs9TdLfA4bHcJeUo1iZn", + token: "Vb9CxNfRm2KwQs7TjPeA5dLhYg0UoZi4", + expiresAt, + ipAddress: "127.0.0.1", + userAgent: "aelis-dev", + createdAt: now, + updatedAt: now, + } + + c.set("user", user) + c.set("session", session) + await next() } } diff --git a/apps/aelis-backend/src/server.ts b/apps/aelis-backend/src/server.ts index 15712a3..93409c1 100644 --- a/apps/aelis-backend/src/server.ts +++ b/apps/aelis-backend/src/server.ts @@ -2,7 +2,7 @@ import { LocationSource } from "@aelis/source-location" import { Hono } from "hono" import { registerAuthHandlers } from "./auth/http.ts" -import { requireSession } from "./auth/session-middleware.ts" +import { mockAuthSessionMiddleware, requireSession } from "./auth/session-middleware.ts" import { createFeedEnhancer } from "./enhancement/enhance-feed.ts" import { createLlmClient } from "./enhancement/llm-client.ts" import { registerFeedHttpHandlers } from "./feed/http.ts" @@ -43,10 +43,16 @@ function main() { app.get("/health", (c) => c.json({ status: "ok" })) - registerAuthHandlers(app) + const isDev = process.env.NODE_ENV !== "production" + const authSessionMiddleware = isDev ? mockAuthSessionMiddleware("dev-user") : requireSession + + if (!isDev) { + registerAuthHandlers(app) + } + registerFeedHttpHandlers(app, { sessionManager, - authSessionMiddleware: requireSession, + authSessionMiddleware, }) registerLocationHttpHandlers(app, { sessionManager })