mirror of https://github.com/Memo-2023/mana-monorepo.git synced 2026-05-14 21:21:10 +02:00

History

Till JS 8e8b6ac65f fix(mana-auth) + chore: rewrite /api/v1/auth/login JWT mint, remove Matrix stack This commit bundles two unrelated changes that were swept together by an accidental `git add -A` in another working session. Documented here so the history reflects what's actually inside. ═══════════════════════════════════════════════════════════════════════ 1. fix(mana-auth): /api/v1/auth/login mints JWT via auth.handler instead of api.signInEmail ═══════════════════════════════════════════════════════════════════════ Previous attempt (commit `55cc75e7d`) tried to fix the broken JWT mint in /api/v1/auth/login by switching the cookie name from `mana.session_token` to `__Secure-mana.session_token` for production. That was necessary but not sufficient: Better Auth's session cookie value isn't just the raw session token, it's `<token>.<HMAC>` where the HMAC is derived from the better-auth secret. Reconstructing the cookie from auth.api.signInEmail's JSON response only gave us the raw token, so /api/auth/token's get-session middleware still couldn't validate it and the JWT mint kept silently failing. Real fix: do the sign-in via auth.handler (the HTTP path) rather than auth.api.signInEmail (the SDK path). The handler returns a real fetch Response with a Set-Cookie header containing the fully signed cookie envelope. We capture that header verbatim and forward it as the cookie on the /api/auth/token request, which now passes validation and mints the JWT correctly. Verified end-to-end on auth.mana.how: $ curl -X POST https://auth.mana.how/api/v1/auth/login \ -d '{"email":"...","password":"..."}' { "user": {...}, "token": "<session token>", "accessToken": "eyJhbGciOiJFZERTQSI...", ← real JWT now "refreshToken": "<session token>" } Side benefits: - Email-not-verified path is now handled by checking signInResponse.status === 403 directly, no more catching APIError with the comment-noted async-stream footgun. - X-Forwarded-For is forwarded explicitly so Better Auth's rate limiter and our security log see the real client IP. - The leftover catch block now only handles unexpected exceptions (network errors etc); the FORBIDDEN-checking logic in it is dead but harmless and left in for defense in depth. ═══════════════════════════════════════════════════════════════════════ 2. chore: remove the entire self-hosted Matrix stack (Synapse, Element, Manalink, mana-matrix-bot) ═══════════════════════════════════════════════════════════════════════ The Matrix subsystem ran parallel to the main Mana product without any load-bearing integration: the unified web app never imported matrix-js-sdk, the chat module uses mana-sync (local-first), and mana-matrix-bot's plugins duplicated features the unified app already ships natively. Keeping it alive cost a Synapse + Element + matrix-web + bot container quartet, three Cloudflare routes, an OIDC provider plugin in mana-auth, and a steady drip of devlog/dependency churn. Removed: - apps/matrix (Manalink web + mobile, ~150 files) - services/mana-matrix-bot (Go bot with ~20 plugins) - docker/matrix configs (Synapse + Element) - synapse/element-web/matrix-web/mana-matrix-bot services in docker-compose.macmini.yml - matrix.mana.how/element.mana.how/link.mana.how Cloudflare tunnel routes - OIDC provider plugin + matrix-synapse trustedClient + matrixUserLinks table from mana-auth (oauth_* schema definitions also removed) - MatrixService import path in mana-media (importFromMatrix endpoint) - Matrix notification channel in mana-notify (worker, metrics, config, channel_type enum, MatrixOptions handler) - Matrix entries from shared-branding (mana-apps + app-icons), notify-client, the i18n bundle, the observatory map, the credits app-label list, the landing footer/apps page, the prometheus + alerts + promtail tier mappings, and the matrix-related deploy paths in cd-macmini.yml + ci.yml Devlog/manascore/blueprint entries that mention Matrix are left intact as historical record. The oauth_* + matrix_user_links Postgres tables stay on existing prod databases — code can no longer write to them, drop them in a follow-up migration if you want them gone for real. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>		2026-04-08 16:32:13 +02:00
..
src	fix(mana-auth) + chore: rewrite /api/v1/auth/login JWT mint, remove Matrix stack	2026-04-08 16:32:13 +02:00
.eslintignore	✨ feat(mana-notify): add central notification service	2026-01-29 22:07:38 +01:00
package.json	feat: rename ManaCore to Mana across entire codebase	2026-04-05 20:00:13 +02:00
README.md	chore: complete ManaCore → Mana rename (docs, go modules, plists, images)	2026-04-07 12:26:10 +02:00
tsconfig.json	✨ feat(mana-notify): add central notification service	2026-01-29 22:07:38 +01:00
tsup.config.ts	✨ feat(mana-notify): add central notification service	2026-01-29 22:07:38 +01:00

README.md

@mana/notify-client

Client SDK for the mana-notify notification service.

Installation

pnpm add @mana/notify-client

Usage

Basic Usage

import { NotifyClient } from '@mana/notify-client';

const notify = new NotifyClient({
  serviceUrl: 'http://localhost:3040',
  serviceKey: process.env.MANA_NOTIFY_SERVICE_KEY,
  appId: 'your-app-id',
});

// Send email
await notify.sendEmail({
  to: 'user@example.com',
  template: 'auth-password-reset',
  data: { resetUrl: 'https://...', userName: 'Max' },
});

// Send push notification
await notify.sendPush({
  userId: 'user-uuid',
  title: 'New Message',
  body: 'You have a new message',
  data: { messageId: 'xxx' },
});

// Send to specific token
await notify.sendPush({
  token: 'ExponentPushToken[xxx]',
  title: 'Hello',
  body: 'World',
});

// Schedule notification
await notify.scheduleEmail({
  to: 'user@example.com',
  template: 'calendar-reminder',
  data: { eventTitle: 'Meeting' },
  scheduledFor: new Date('2024-12-20T13:45:00Z'),
});

NestJS Integration

import { Module } from '@nestjs/common';
import { ConfigModule, ConfigService } from '@nestjs/config';
import { NotifyModule } from '@mana/notify-client/nestjs';

@Module({
  imports: [
    ConfigModule.forRoot(),
    NotifyModule.forRootAsync({
      imports: [ConfigModule],
      useFactory: (config: ConfigService) => ({
        serviceUrl: config.get('MANA_NOTIFY_URL', 'http://localhost:3040'),
        serviceKey: config.get('MANA_NOTIFY_SERVICE_KEY'),
        appId: config.get('APP_ID'),
      }),
      inject: [ConfigService],
    }),
  ],
})
export class AppModule {}

Then inject the client:

import { Injectable, Inject } from '@nestjs/common';
import { NOTIFY_CLIENT, NotifyClient } from '@mana/notify-client/nestjs';

@Injectable()
export class NotificationService {
  constructor(@Inject(NOTIFY_CLIENT) private readonly notify: NotifyClient) {}

  async sendWelcomeEmail(email: string, name: string) {
    await this.notify.sendEmail({
      to: email,
      template: 'auth-welcome',
      data: { userName: name },
    });
  }
}

API Reference

NotifyClient

Constructor

new NotifyClient({
  serviceUrl: string;    // mana-notify service URL
  serviceKey: string;    // Service authentication key
  appId: string;         // Your application ID
  timeout?: number;      // Request timeout in ms (default: 30000)
});

Methods

Email

sendEmail(options) - Send an email immediately
scheduleEmail(options) - Schedule an email for later

Push Notifications

sendPush(options) - Send a push notification
schedulePush(options) - Schedule a push notification

Other Channels

sendMatrix(options) - Send a Matrix message
sendWebhook(options) - Send a webhook

Batch & Management

sendBatch(notifications) - Send multiple notifications
getNotification(id) - Get notification status
cancelNotification(id) - Cancel a pending notification

Templates

listTemplates(appId?) - List available templates
getTemplate(slug, locale?) - Get a template
previewTemplate(slug, data, locale?) - Preview a rendered template

Environment Variables

Variable	Description
`MANA_NOTIFY_URL`	mana-notify service URL
`MANA_NOTIFY_SERVICE_KEY`	Service authentication key
`APP_ID`	Your application ID