Merge branch 'master' into cli-improvements-1

2026-01-09 17:59:33 +08:00
parent 6b9b04d1d0 cee700f063
commit 77e6754427
21 changed files with 667 additions and 178 deletions
--- a/apps/api-server/src/middleware/auth.ts
+++ b/apps/api-server/src/middleware/auth.ts
@@ -112,36 +112,43 @@ export const createAuthMiddleware = () => {
      isSuperuser: user.is_superuser,
    };

-    const sessionInfo: Session = session
-      ? {
-          id: session.id,
-          trustedMode: session.trusted_mode,
-          createdAt: session.created_at,
-        }
-      : {
-          // For API token auth, create a synthetic session object
-          // We know apiToken exists because userId came from it
-          id: "0",
-          trustedMode: true,
-          createdAt: apiToken?.created_at ?? new Date(),
-        };
+    // Build session and auth info based on authentication method
+    let sessionInfo: Session;
+    let authInfo: AuthInfo;

-    // Build auth info based on authentication method
-    const authInfo: AuthInfo = session
-      ? {
-          method: "session",
-          sessionId: session.id,
-          expiresAt: session.expires_at,
-          createdAt: session.created_at,
-        }
-      : {
-          method: "api_token",
-          tokenId: apiToken?.id,
-          tokenName: apiToken?.name,
-          expiresAt: apiToken?.expires_at,
-          lastUsedAt: apiToken?.last_used_at,
-          createdAt: apiToken?.created_at,
-        };
+    if (session) {
+      sessionInfo = {
+        id: session.id,
+        trustedMode: session.trusted_mode,
+        createdAt: session.created_at,
+      };
+      authInfo = {
+        method: "session",
+        sessionId: session.id,
+        expiresAt: session.expires_at,
+        createdAt: session.created_at,
+      };
+    } else if (apiToken) {
+      sessionInfo = {
+        // For API token auth, create a synthetic session object
+        id: "0",
+        trustedMode: true,
+        createdAt: apiToken.created_at,
+      };
+      authInfo = {
+        method: "api_token",
+        tokenId: apiToken.id,
+        tokenName: apiToken.name,
+        expiresAt: apiToken.expires_at,
+        lastUsedAt: apiToken.last_used_at,
+        createdAt: apiToken.created_at,
+      };
+    } else {
+      // This should never happen since we checked userId above
+      throw new ORPCError("UNAUTHORIZED", {
+        message: "Invalid authentication state",
+      });
+    }

    return next({
      context: {