From 20db01628a95643290e2dcd91501bdc0768e2e5a Mon Sep 17 00:00:00 2001
From: Till-JS <101404291+Till-JS@users.noreply.github.com>
Date: Mon, 16 Feb 2026 14:30:06 +0100
Subject: [PATCH] fix(auth): remove conflicting JSON body parser middleware

The manual bodyParser.json() middleware conflicts with NestJS rawBody mode.
When rawBody: true is enabled, NestJS consumes the body stream first, then
the manual parser tries to read it again causing "stream is not readable".

NestJS handles JSON parsing internally, so the manual middleware was redundant
and causing 500 errors on login requests.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 services/mana-core-auth/src/main.ts | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/services/mana-core-auth/src/main.ts b/services/mana-core-auth/src/main.ts
index 6092cc066..984121dcd 100644
--- a/services/mana-core-auth/src/main.ts
+++ b/services/mana-core-auth/src/main.ts
@@ -76,15 +76,10 @@ async function bootstrap() {
 	);
 	app.use(cookieParser());
 
-	// Explicit body parsers for form-urlencoded (needed for OAuth2 token endpoint)
-	// IMPORTANT: Skip JSON body parsing for Stripe webhooks to preserve rawBody for signature verification
-	app.use((req: Request, res: Response, next: NextFunction) => {
-		if (req.path === '/api/v1/webhooks/stripe') {
-			// Skip body parsing for Stripe webhooks - NestJS rawBody will be used instead
-			return next();
-		}
-		bodyParser.json()(req, res, next);
-	});
+	// Body parser for form-urlencoded (needed for OAuth2 token endpoint)
+	// Note: JSON body parsing is handled by NestJS internally (rawBody: true mode)
+	// DO NOT add bodyParser.json() here - it conflicts with NestJS rawBody mode
+	// and causes "stream is not readable" errors
 	app.use(bodyParser.urlencoded({ extended: true }));
 
 	// CORS configuration