From 9a7afea7fe7076448cbd61448f69c18899af9461 Mon Sep 17 00:00:00 2001
From: Till-JS <101404291+Till-JS@users.noreply.github.com>
Date: Wed, 28 Jan 2026 16:52:27 +0100
Subject: [PATCH] fix(auth): use object syntax for global prefix excludes

Use { path, method } syntax for NestJS global prefix excludes to ensure
OIDC routes (.well-known/*, api/oidc/*) are properly excluded from the
/api/v1 prefix.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 services/mana-core-auth/src/main.ts | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/services/mana-core-auth/src/main.ts b/services/mana-core-auth/src/main.ts
index c58681f06..42ff4ad22 100644
--- a/services/mana-core-auth/src/main.ts
+++ b/services/mana-core-auth/src/main.ts
@@ -1,5 +1,5 @@
 import { NestFactory } from '@nestjs/core';
-import { ValidationPipe } from '@nestjs/common';
+import { ValidationPipe, RequestMethod } from '@nestjs/common';
 import { ConfigService } from '@nestjs/config';
 import { Request, Response, NextFunction } from 'express';
 import helmet from 'helmet';
@@ -83,7 +83,13 @@ async function bootstrap() {
 	// Better Auth generates verification URLs with /api/auth/* prefix
 	// OIDC Provider requires routes without prefix: /.well-known/*, /api/oidc/*
 	app.setGlobalPrefix('api/v1', {
-		exclude: ['metrics', 'health', 'api/auth/(.*)', '.well-known/(.*)', 'api/oidc/(.*)'],
+		exclude: [
+			{ path: 'metrics', method: RequestMethod.ALL },
+			{ path: 'health', method: RequestMethod.ALL },
+			{ path: 'api/auth/(.*)', method: RequestMethod.ALL },
+			{ path: '.well-known/(.*)', method: RequestMethod.ALL },
+			{ path: 'api/oidc/(.*)', method: RequestMethod.ALL },
+		],
 	});
 
 	const port = configService.get<number>('port') || 3001;