Skip to content

Sprint-1: me endpoint integration, token persistence, edge case hardening#674

Merged
zakkiyyat merged 2 commits into
MixMatch-Inc:devfrom
ibdevlawal:ibdevlawal/sprint-1-me-token-persistence
Jun 29, 2026
Merged

Sprint-1: me endpoint integration, token persistence, edge case hardening#674
zakkiyyat merged 2 commits into
MixMatch-Inc:devfrom
ibdevlawal:ibdevlawal/sprint-1-me-token-persistence

Conversation

@ibdevlawal

Copy link
Copy Markdown
Contributor

Summary

Combined PR closing the me endpoint and token persistence workstreams.

Issues Closed

Closes #601 — me endpoint: harden edge cases and failure modes (S1-088)

  • Added 404 NOT_FOUND test for valid JWT referencing a deleted/non-existent user
  • Fixed JWT_SECRET fallback mismatch in auth-errors.test.ts and auth-guard.test.ts
    (tests used old fallback 'dev-secret-change-me' while env.ts uses
    'dev-secret-change-me-abcdefghijklmnopqrstuvwxyz123' — caused all
    token-verification tests to silently fail)
  • Fixed error middleware crash: logger.error() was called without the required
    LogContext third argument, causing formatContext(undefined) to throw before
    res.json() could send the response. Unhandled errors now correctly return
    500 with INTERNAL_SERVER_ERROR code.

Closes #602 — me endpoint: integrate and document (S1-089)

  • Added getMe(accessToken) to apps/web/src/lib/api-client.ts
  • Added getJson helper for authenticated GET requests
  • Attaches error.code from API response for programmatic error handling
  • Updated apps/docs/me-endpoint.md to show web is wired (getMe() instead of 'Not yet exposed')

Closes #603 — token persistence: define scope and contracts (S1-084)

  • Created apps/docs/token-persistence.md covering:
    • Storage strategy (localStorage key, shape, serialization)
    • Full data lifecycle (register → setAuth → hydration → getMe → logout)
    • Me endpoint integration contract
    • Edge case table (corrupted storage, expired token, deleted user, multi-tab)

Closes #605 — token persistence: add regression coverage (S1-081)

  • Created auth-context.test.tsx with 5 regression tests:
    • Logged-out state when localStorage is empty
    • Hydration from localStorage on mount
    • Graceful handling of corrupted localStorage data
    • setAuth persists to localStorage and updates React context
    • logout removes from localStorage and clears context

Files Changed

File Change
apps/web/src/lib/api-client.ts Added getMe() + getJson() helper
apps/web/src/lib/tests/auth-context.test.tsx New — 5 token persistence tests
apps/docs/token-persistence.md New — scope, contracts, integration docs
apps/docs/me-endpoint.md Updated: web integration is now wired
apps/api/src/modules/auth/tests/me.test.ts Added 404 NOT_FOUND edge case test
apps/api/src/modules/auth/tests/auth-errors.test.ts Fixed JWT_SECRET fallback
apps/api/src/modules/auth/tests/auth-guard.test.ts Fixed JWT_SECRET fallback
apps/api/src/shared/middleware/error.middleware.ts Fixed missing LogContext crash

Verification

  • ✅ Web tests: 19/19 pass (3 files)
  • ✅ API tests: 57/57 pass (10 files)
  • ✅ Shared package tests: 5/5 pass (1 file)

ibdevlawal and others added 2 commits June 29, 2026 19:21
…ning

Closes MixMatch-Inc#601 — me endpoint: harden edge cases and failure modes (S1-088)
- Add 404 NOT_FOUND test for valid JWT referencing non-existent user
- Fix error middleware missing LogContext (caused silent crash on unhandled errors)
- Fix JWT_SECRET fallback mismatch in auth-errors.test.ts and auth-guard.test.ts
  (env.ts uses 'dev-secret-change-me-abcdefghijklmnopqrstuvwxyz123', tests used
  'dev-secret-change-me', causing all token-verification tests to fail)
- Error middleware now passes proper LogContext to logger.error

Closes MixMatch-Inc#602 — me endpoint: integrate and document (S1-089)
- Add getMe() to apps/web/src/lib/api-client.ts with Bearer token auth
- Add getJson helper function supporting GET requests with Authorization header
- getMe() attaches error.code from API response for programmatic handling
- Update apps/docs/me-endpoint.md to reflect web integration is now wired

Closes MixMatch-Inc#603 — token persistence: define scope and contracts (S1-084)
- Create apps/docs/token-persistence.md covering:
  - Storage strategy (localStorage, key, shape, serialization)
  - Data lifecycle (register/login -> setAuth -> hydration -> getMe -> logout)
  - Me endpoint integration point and contract
  - Edge case table (corrupted storage, expired token, deleted user, multi-tab)

Closes MixMatch-Inc#605 — token persistence: add regression coverage (S1-081)
- Create auth-context.test.tsx with 5 regression tests:
  - Logged-out state when localStorage is empty
  - Hydration from localStorage on mount
  - Graceful handling of corrupted localStorage data
  - setAuth persists to localStorage and updates React context
  - logout removes from localStorage and clears context
@zakkiyyat zakkiyyat merged commit 7c061f8 into MixMatch-Inc:dev Jun 29, 2026
0 of 2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

2 participants