Sprint-1: me endpoint integration, token persistence, edge case hardening#674
Merged
zakkiyyat merged 2 commits intoJun 29, 2026
Conversation
…ning Closes MixMatch-Inc#601 — me endpoint: harden edge cases and failure modes (S1-088) - Add 404 NOT_FOUND test for valid JWT referencing non-existent user - Fix error middleware missing LogContext (caused silent crash on unhandled errors) - Fix JWT_SECRET fallback mismatch in auth-errors.test.ts and auth-guard.test.ts (env.ts uses 'dev-secret-change-me-abcdefghijklmnopqrstuvwxyz123', tests used 'dev-secret-change-me', causing all token-verification tests to fail) - Error middleware now passes proper LogContext to logger.error Closes MixMatch-Inc#602 — me endpoint: integrate and document (S1-089) - Add getMe() to apps/web/src/lib/api-client.ts with Bearer token auth - Add getJson helper function supporting GET requests with Authorization header - getMe() attaches error.code from API response for programmatic handling - Update apps/docs/me-endpoint.md to reflect web integration is now wired Closes MixMatch-Inc#603 — token persistence: define scope and contracts (S1-084) - Create apps/docs/token-persistence.md covering: - Storage strategy (localStorage, key, shape, serialization) - Data lifecycle (register/login -> setAuth -> hydration -> getMe -> logout) - Me endpoint integration point and contract - Edge case table (corrupted storage, expired token, deleted user, multi-tab) Closes MixMatch-Inc#605 — token persistence: add regression coverage (S1-081) - Create auth-context.test.tsx with 5 regression tests: - Logged-out state when localStorage is empty - Hydration from localStorage on mount - Graceful handling of corrupted localStorage data - setAuth persists to localStorage and updates React context - logout removes from localStorage and clears context
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Combined PR closing the me endpoint and token persistence workstreams.
Issues Closed
Closes #601 — me endpoint: harden edge cases and failure modes (S1-088)
(tests used old fallback 'dev-secret-change-me' while env.ts uses
'dev-secret-change-me-abcdefghijklmnopqrstuvwxyz123' — caused all
token-verification tests to silently fail)
LogContext third argument, causing formatContext(undefined) to throw before
res.json() could send the response. Unhandled errors now correctly return
500 with INTERNAL_SERVER_ERROR code.
Closes #602 — me endpoint: integrate and document (S1-089)
Closes #603 — token persistence: define scope and contracts (S1-084)
Closes #605 — token persistence: add regression coverage (S1-081)
Files Changed
Verification