♻️ refactor: migrate manacore-web from Supabase to mana-core-auth

- Add password reset functionality to mana-core-auth using Better Auth - Add forgot-password and reset-password endpoints with DTOs - Update shared-auth package with resetPassword method and endpoint - Update manacore-web auth store with resetPassword method - Refactor reset-password pages to use mana-core-auth instead of Supabase - Remove Supabase dependencies from manacore-web package.json - Remove Supabase server code (hooks.server.ts, supabase.ts, API routes) - Update Dockerfile to remove shared-supabase dependency 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2026-05-27 17:57:42 +02:00 · 2025-12-08 17:04:35 +01:00 · 2025-12-08 17:04:35 +01:00 · ee091c4b10
commit ee091c4b10
parent 48c5cb48f7
23 changed files with 357 additions and 639 deletions
--- a/services/mana-core-auth/src/auth/auth.controller.ts
+++ b/services/mana-core-auth/src/auth/auth.controller.ts
@ -18,6 +18,8 @@ import { RegisterB2BDto } from './dto/register-b2b.dto';
 import { InviteEmployeeDto } from './dto/invite-employee.dto';
 import { AcceptInvitationDto } from './dto/accept-invitation.dto';
 import { SetActiveOrganizationDto } from './dto/set-active-organization.dto';
+import { ForgotPasswordDto } from './dto/forgot-password.dto';
+import { ResetPasswordDto } from './dto/reset-password.dto';
 import { JwtAuthGuard } from '../common/guards/jwt-auth.guard';

 /**
@ -137,6 +139,39 @@ export class AuthController {
 		return this.betterAuthService.getJwks();
 	}

+	// =========================================================================
+	// Password Reset Endpoints
+	// =========================================================================
+
+	/**
+	 * Request password reset
+	 *
+	 * Initiates the password reset flow by sending an email with a reset link.
+	 * Always returns success to prevent email enumeration attacks.
+	 */
+	@Post('forgot-password')
+	@HttpCode(HttpStatus.OK)
+	async forgotPassword(@Body() forgotPasswordDto: ForgotPasswordDto) {
+		return this.betterAuthService.requestPasswordReset(
+			forgotPasswordDto.email,
+			forgotPasswordDto.redirectTo
+		);
+	}
+
+	/**
+	 * Reset password with token
+	 *
+	 * Completes the password reset using the token from the email link.
+	 */
+	@Post('reset-password')
+	@HttpCode(HttpStatus.OK)
+	async resetPassword(@Body() resetPasswordDto: ResetPasswordDto) {
+		return this.betterAuthService.resetPassword(
+			resetPasswordDto.token,
+			resetPasswordDto.newPassword
+		);
+	}
+
 	// =========================================================================
 	// B2B Registration
 	// =========================================================================