The JWT guards were using RS256 algorithm with jsonwebtoken library,
but Better Auth generates EdDSA tokens. This caused all authenticated
requests to fail with "Invalid token".
Changes:
- Replace jsonwebtoken with jose library
- Use JWKS endpoint for key fetching instead of static publicKey
- Support EdDSA algorithm used by Better Auth
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add settings module to mana-core-auth with REST API endpoints
- Create user_settings table with globalSettings and appOverrides (JSONB)
- Add createUserSettingsStore() factory in shared-theme package
- Integrate user settings in all app layouts (calendar, chat, contacts, etc.)
- Support for nav position, theme, locale settings with per-app overrides
- Optimistic updates with localStorage caching for offline support
- Add comprehensive documentation in docs/USER_SETTINGS.md
API Endpoints:
- GET /api/v1/settings - Get all user settings
- PATCH /api/v1/settings/global - Update global settings
- PATCH /api/v1/settings/app/:appId - Set app override
- DELETE /api/v1/settings/app/:appId - Remove app override
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Skip automatic migrations in Docker - tables are managed via 'pnpm db:push' locally
- Simplifies startup and avoids migration conflicts
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add build:packages step to all test.yml jobs (fixes @manacore/shared-nestjs-auth not found)
- Handle missing coverage artifacts gracefully in test-coverage.yml
- Update .prettierignore to exclude apps-archived/ and problematic files
- Format all source files to pass CI checks
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Merged auth/complete into main with resolved conflicts:
- Kept Better Auth system (EdDSA JWT via JWKS)
- Removed all Coolify references
- Added dev:auth and dev:chat:full scripts for auth development
- Combined zitare scripts from main with auth scripts
- Exported both feedback.schema and organizations.schema
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Update auth.controller.spec.ts to expect accessToken/refreshToken/expiresIn
- Refactor jwt-validation.spec.ts to test minimal claims (sub, email, role, sid)
- Remove B2B/B2C org and credit_balance claims from tests (fetched via API now)
- Add Better Auth CLI config for schema generation
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- AUTHENTICATION_ARCHITECTURE.md: JWT flow, EdDSA vs RS256, JWKS usage
- CLAUDE.md: Guidelines to always use Better Auth native features
- Common mistakes and fixes documented
- Developer checklist for auth changes
- Replace jsonwebtoken RS256 validation with jose EdDSA
- Add JWKS endpoint to expose Better Auth public keys
- Use createRemoteJWKSet for token validation
- Fix issuer mismatch (use env var consistently)
- Add jwks table to schema for Better Auth JWT plugin
- Install jose library for JWT verification
- Add backHref prop to PageHeader component for back navigation
- Integrate PageHeader in Chat app (archive, documents, spaces, templates)
- Integrate PageHeader in Picture app (board, generate, profile, tags, upload)
- Integrate PageHeader in Manacore app (dashboard, organizations, teams)
- Integrate PageHeader in Presi app (home, profile)
- Integrate PageHeader in Zitare app (authors, lists)
- Update Picture, Manadeck, Presi profiles to use shared ProfilePage
- Create new profile pages for Manacore and Zitare using shared ProfilePage
- Add profile navigation links to Manacore and Zitare
- Add Mana subscription pages to Presi and Zitare
- Fix shared-profile-ui tsconfig.json (remove invalid extends)
- Add @manacore/shared-profile-ui dependency to all web apps
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add shared-feedback-types package with TypeScript types
- Add shared-feedback-service package with factory function
- Add shared-feedback-ui package with Svelte 5 components
- Add feedback module to mana-core-auth backend
- Add AI service using Gemini 2.0 Flash for title/category generation
- Add database schema and migration for feedback tables
- Integrate feedback page into Chat web app
- Add CORS support for X-App-Id header
- Add COMMANDS.md documentation for all dev commands
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Presi webapp:
- Add PillNavigation from @manacore/shared-ui
- Create navigation store for sidebar/collapsed state
- Update layout with floating/sidebar nav modes
- Hide nav on presentation and shared routes
- Add theme toggle and logout to navigation
Auth service:
- Fix JWT private key parsing by converting \n to actual newlines
- Required for Docker env vars where newlines are escaped
Environment:
- Add localhost:5174-5179 to CORS_ORIGINS for all webapp ports
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
