Skip to content

[LOCKLITE-109] Create an Auth Guard in API#76

Merged
vbetsch merged 20 commits intodevelopfrom
api/feat/109-guard
Aug 7, 2025
Merged

[LOCKLITE-109] Create an Auth Guard in API#76
vbetsch merged 20 commits intodevelopfrom
api/feat/109-guard

Conversation

@vbetsch
Copy link
Owner

@vbetsch vbetsch commented Aug 6, 2025

No description provided.

@vbetsch vbetsch requested a review from Copilot August 6, 2025 23:51
@vbetsch vbetsch self-assigned this Aug 6, 2025
@vbetsch vbetsch added api About endpoints and services auth About register, login, logout, profile routes and pages labels Aug 6, 2025
@notion-workspace
Copy link

notion-workspace bot commented Aug 6, 2025

Mettre en place un guard API pour les routes qui nécessitent d’être authentifié

Copilot AI reviewed Aug 6, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR introduces authentication guard functionality to the API by modifying the handleApiRequest function to support optional authentication checks. The changes enable endpoints to specify whether they require authentication, automatically validating JWT tokens and sessions when needed.

  • Refactored handleApiRequest to accept an object with authentication requirements
  • Created a new UnauthorizedError class for consistent error handling
  • Updated API routes to specify their authentication requirements and include 401 response documentation

Reviewed Changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
src/modules/api/helpers/api/handle-api-request.ts Refactored to support authentication checks with JWT token and session validation
src/modules/api/errors/http/unauthorized.error.ts Added new error class for unauthorized access scenarios
src/app/api/vaults/route.ts Updated to require authentication and added 401 response documentation
src/app/api/vaults/[id]/route.ts Updated to require authentication and added 401 response documentation
src/app/api/auth/register/route.ts Updated to explicitly not require authentication

@vbetsch
Copy link
Owner Author

vbetsch commented Aug 7, 2025

TODO : improve coverage

@gitguardian
Copy link

gitguardian bot commented Aug 7, 2025
edited
Loading

⚠️ GitGuardian has uncovered 1 secret following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

🔎 Detected hardcoded secret in your pull request
GitGuardian id GitGuardian status Secret Commit Filename
19693650 Triggered Generic Password 79233dd tests/units/modules/api/usecases/auth/signin.usecase.test.ts View secret
🛠 Guidelines to remediate hardcoded secrets
  1. Understand the implications of revoking this secret by investigating where it is used in your code.
  2. Replace and store your secret safely. Learn here the best practices.
  3. Revoke and rotate this secret.
  4. If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider

🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.

@vbetsch vbetsch merged commit e47b5f6 into develop Aug 7, 2025
4 checks passed
@vbetsch vbetsch deleted the api/feat/109-guard branch August 7, 2025 21:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@vbetsch vbetsch

Labels

api About endpoints and services auth About register, login, logout, profile routes and pages

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vbetsch