Skip to content

Add authentication and workspace middleware #21

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
torresmateo wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add authentication and workspace middleware #21

torresmateo wants to merge 1 commit into from

Conversation

@torresmateo
Copy link
Collaborator

@torresmateo torresmateo commented Jan 22, 2026

Summary

Implemented middleware infrastructure for authentication, workspace context injection, and global error handling. This provides a foundation for protecting routes and ensuring proper user/workspace context is available throughout the API.

Implementation

Created Middleware Files

apps/server/src/middleware/auth.ts

  • authenticateRequest(): Validates user session using better-auth's getSession() API
  • requireAuth(): Middleware to enforce authentication on routes (returns 401 if unauthenticated)
  • Extracts user from HTTP-only session cookies
  • Returns properly typed AuthenticatedUser interface

apps/server/src/middleware/workspace.ts

  • getUserWorkspace(): Fetches user's workspace from database
  • requireWorkspace(): Middleware to inject workspace context (returns 404 if no workspace found)
  • Currently fetches the user's first workspace (can be enhanced for multi-workspace support)
  • Returns properly typed WorkspaceContext interface

apps/server/src/middleware/error-handler.ts

  • handleError(): Global error handler for Elysia application
  • Formats errors with consistent structure (error name, message, status code, timestamp)
  • Handles custom AppError class for application-specific errors
  • Handles validation errors and Prisma database errors
  • Returns proper JSON error responses with appropriate HTTP status codes

Applied to Server

apps/server/src/index.ts

  • Registered global error handler using .onError() hook
  • Created /api/protected/* route group with authentication and workspace middleware
  • Used Elysia's .derive() to inject user and workspace into request context
  • Added example /api/protected/me endpoint demonstrating middleware usage
  • Middleware chain: auth validation → workspace injection → route handler

Testing

  • TypeScript compilation passes with no errors in middleware files
  • Server starts successfully with new middleware applied
  • Middleware properly typed with full TypeScript support
  • Error handler catches and formats errors correctly
  • Protected routes group properly configured with middleware chain

Review Checklist

  • Auth middleware validates user session
  • Workspace middleware injects user's workspace
  • Error handler catches and formats errors
  • Middleware properly typed
  • No breaking changes to existing auth

Closes https://linear.app/megaforce/issue/MEG-13/add-authentication-and-workspace-middleware

🤖 Generated with Claude Code

@torresmateo @claude
feat(server): add authentication and workspace middleware
1be5bc4 
Implemented middleware for authentication, workspace context injection, and global error handling.

- Created auth.ts middleware to validate user sessions and inject authenticated user into context
- Created workspace.ts middleware to fetch and inject user's workspace into request context
- Created error-handler.ts middleware for global error handling with proper error formatting
- Applied middleware to protected routes using Elysia's .derive() and .onError() hooks
- Added example /api/protected/me route demonstrating middleware usage
- All middleware properly typed with TypeScript interfaces

Fixes MEG-13

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@torresmateo