Skip to content

refactor(auth): type jwt user payload and drop any casts (#541)#560

Merged
Harxhit merged 5 commits into
Dev-Card:mainfrom
ramnnn2006:refactor/jwt-user-types
Jun 14, 2026
Merged

refactor(auth): type jwt user payload and drop any casts (#541)#560
Harxhit merged 5 commits into
Dev-Card:mainfrom
ramnnn2006:refactor/jwt-user-types

Conversation

@ramnnn2006

@ramnnn2006 ramnnn2006 commented Jun 13, 2026
edited by Harxhit
Loading

Copy link
Copy Markdown
Contributor

summary

this PR removes the remaining any usages in the backend auth module and replaces them with proper fastify types and a dedicated jwt payload interface.
this closes out the auth.ts scope of the type-safety umbrella issue, so request.userand theauthenticate` decorator are now type-checked instead of being cast away.

Fixes #541

type of Change

  • Bug fix
  • New feature
  • Refactor (no functional change)
  • UI / Design change
  • Tests only
  • Documentation
  • Infrastructure / DevOps
  • Security

What Changed

  • 9added an AuthenticatedUser { id, username } interface in apps/backend/src/types/fastify.d.ts and augmented @fastify/jwt's FastifyJWT interface so request.user is typed. went through Fasti FastifyRequest.userdirectly since@fastify/jwt`already owns that field and doing it the other way would clash

  • declared the authenticate decorator on FastifyInstan.authenticate is no longer untyped

  • typed the authenticate decorator in apps/backend/src/app.ts (request: any, reply: any to FastifyRequest, FastifyReply) and passed the
    user shape through `request.jwtVerify(

  • dropped the (request.user as any) casts in apps/backend/src/routes/auth.ts (the /me route and the secure logout route).

How to Test

  1. npm run typecheck -w apps/backend passes with no errors
  2. npm run lint -w apps/backend stays clean
  3. 4, npx vitest run src/__tests__/logout.test.ts

Checklist

  • My code follows the project's coding style
  • TypeScript compiles without errors (npm run typecheck).
  • I have added or updated tests for the changes I mad
  • All tests pass locally
  • I have updated documentation where necessary.
  • No new console.log or debug statements left in the code.
  • Breaking changes are documented in this PR descript

Screenshots / Recordings

n/a, no ui changes.

Additional Context

Copilot AI review requested due to automatic review settings June 13, 2026 10:44
@vercel

vercel Bot commented Jun 13, 2026

Copy link
Copy Markdown

@ramnnn2006 is attempting to deploy a commit to the Prashantkumar Khatri's projects Team on Vercel.

A member of the Team first needs to authorize it.

@github-actions github-actions Bot added backend gssoc:approved Required label for every approved PR. Gives the base +50 points and enables contribution tracking. labels Jun 13, 2026
@github-actions

github-actions Bot commented Jun 13, 2026

Copy link
Copy Markdown

Hi @ramnnn2006,

Thanks for opening this pull request.

This PR has been automatically classified based on the files modified.

Applied Labels

  • gssoc:approved
  • backend

Primary Review Area

  • backend

Reviewer

@Harxhit has been identified as the primary reviewer for this pull request.

If you have any questions regarding the affected area or implementation details, feel free to reach out to the assigned reviewer.

Thank you for your contribution!

@github-actions

github-actions Bot commented Jun 13, 2026

Copy link
Copy Markdown

CI — All Checks Passed

Backend — PASS

Check Result
Lint PASS
Test PASS
Typecheck PASS

Mobile — SKIP

Check Result
Lint -
Test -

Web — SKIP

Check Result
Check -
Build -

Last updated: Sat, 13 Jun 2026 10:45:16 GMT

Copilot AI reviewed Jun 13, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

This PR improves Fastify JWT/auth type safety by introducing a typed AuthenticatedUser, adding Fastify module augmentations for JWT user and an authenticate decorator, and removing any casts from auth routes.

Changes:

  • Added AuthenticatedUser type and @fastify/jwt / fastify module augmentations (typed request.user and app.authenticate)
  • Updated route code to use strongly typed request.user.id and safer optional logging
  • Updated authenticate decorator implementation to use FastifyRequest/FastifyReply types and a typed jwtVerify call

Reviewed changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated 1 comment.

File Description
apps/backend/src/types/fastify.d.ts Adds JWT/Fastify TypeScript module augmentation and AuthenticatedUser type
apps/backend/src/routes/auth.ts Removes any casts by using typed request.user
apps/backend/src/app.ts Types authenticate decorator params and uses typed jwtVerify payload

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread apps/backend/src/app.ts
import { extractRawJwt, blocklistKey } from './utils/jwt.js';
import { validateEnv } from './utils/validateEnv.js';

import type { AuthenticatedUser } from './types/fastify.js';

@ramnnn2006 ramnnn2006 Jun 13, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it's an import type, so it should probably get stripped out at compile time and nothing actually tries to load that file at runtime.
and for typechecking, the backend is set to moduleResolution: bundler, which means a .js import just maps to the matching .ts or .d.ts file, so ./types/fastify.js points at fastify.d.ts fine

anddd the typecheck passing in CI backs that up.

@ramnnn2006

ramnnn2006 commented Jun 13, 2026

Copy link
Copy Markdown
Contributor Author

hmm i think it might be a false positive/

@ShantKhatri ShantKhatri requested a review from Harxhit June 13, 2026 11:16
Harxhit
Harxhit approved these changes Jun 14, 2026
View reviewed changes

@Harxhit Harxhit left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Merging this PR is required before contributors can start working on the linked sub-issues, as it provides the necessary foundation for those tasks. Approving

@Harxhit Harxhit merged commit f6e043e into Dev-Card:main Jun 14, 2026
7 of 8 checks passed
@github-actions

github-actions Bot commented Jun 14, 2026

Copy link
Copy Markdown

Congratulations @ramnnn2006 on getting PR #560 merged!

Thank you for your contribution to the project.

To receive the appropriate GSSoC labels and recognition, please mention @Harxhit in the #get-labels channel on our Discord server and share your merged PR link.

@Harxhit Harxhit added level:advanced Complex contribution involving deeper technical work. (+55 pts) quality:clean PR is well-structured, readable, and follows good practices. (×1.2 multiplier) type:performance Performance optimization (+15 pts) type:refactor Code refactoring/cleanup (+10 pts) type:bug Bug fixes (+10 pts) labels Jun 14, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@Harxhit Harxhit Harxhit approved these changes

Assignees

No one assigned

Labels

backend gssoc:approved Required label for every approved PR. Gives the base +50 points and enables contribution tracking. level:advanced Complex contribution involving deeper technical work. (+55 pts) quality:clean PR is well-structured, readable, and follows good practices. (×1.2 multiplier) type:bug Bug fixes (+10 pts) type:performance Performance optimization (+15 pts) type:refactor Code refactoring/cleanup (+10 pts)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Improve Type Safety Across the Codebase and Remove Remaining any Usage

3 participants

@ramnnn2006 @Harxhit