till/managarten
1
0
Fork 0
mirror of https://github.com/Memo-2023/mana-monorepo.git synced 2026-05-17 18:49:39 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

fix(shared-auth): proxy passkey/2FA/session methods through ManaAuthStore

Browse source 
The settings page in mana/web (and any future consumer that wants to
manage passkeys, 2FA, or sessions from the UI) was calling 11
methods on `authStore` that the wrapper had never exposed:
listPasskeys, registerPasskey, deletePasskey, renamePasskey,
listSessions, revokeSession, getSecurityEvents, enableTwoFactor,
disableTwoFactor, generateBackupCodes — all of which DO exist on
the underlying AuthServiceInterface but were silently dropped by
createManaAuthStore. Result: 17 type errors on settings/+page.svelte
and a complete dead-end for anyone trying to wire up the UI.

Fix: add thin passthrough wrappers in createManaAuthStore that
delegate to authService. Each handles the SSR/no-service case the
same way the existing methods do (return empty array or
{success:false} with a stable error message). enableTwoFactor and
disableTwoFactor additionally refresh the local user snapshot
after success because the JWT issued post-enrollment carries the
new flag and downstream UI gates on it.

Type fixes that fell out of touching settings/+page.svelte:
  - UserData.twoFactorEnabled?: boolean — optional flag on the
    public user shape. The TwoFactorSetup component reads it via
    `authStore.user?.twoFactorEnabled` to gate the enable/disable
    button; without the type the call site coerced through `any`.
  - CreditBalance.{freeCreditsRemaining,dailyFreeCredits}?: number
    — daily-free accounting fields the backend already returns but
    the local type was missing. Optional because not every backend
    deployment turns them on.
  - settings/+page.svelte: `authStore.user?.sub` → `?.id`. The
    public UserData shape uses `id`; `sub` is the raw JWT claim
    name and never made it onto the consumer type.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Till JS 2026-04-09 18:48:00 +02:00
parent 7ba381fde8
commit 05d9d1962c
4 changed files with 81 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

7
packages/shared-auth/src/types/index.ts
View file

@ -52,6 +52,13 @@ export interface UserData {
email: string;
role: string;
tier: string;
/**
* Whether 2FA is enrolled. Optional because the field is only present
* when the JWT was minted with the `twofa` claim guest tokens and
* legacy sessions omit it. Settings UIs that gate the "enable 2FA"
* button on this should default to `false` when undefined.
*/
twoFactorEnabled?: boolean;
}
/**