Skip to content

refactor: auth system for better security#63

Merged
PiquelChips merged 54 commits intomainfrom
refactor/auth
Feb 9, 2026
Merged

refactor: auth system for better security#63
PiquelChips merged 54 commits intomainfrom
refactor/auth

Conversation

@PiquelChips
Copy link
Copy Markdown
Member

@PiquelChips PiquelChips commented Jan 27, 2026
edited
Loading

Summary of the PR

Major update to authentication system. Now uses a access_token/refresh_token system.
Now uses Cookies for authentication

Warning

Update to DB Schema
Add user_sessions

Warning

Update to Env vars
Update REDIRECT_URL env var. Now should just be the frontend URL without trailing slash

Steps before PR review

  • Setup session management endpoints
  • Update main schema for Cookie authentication
  • Implement the feature
  • Test the feature
  • Make sure all checks pass
  • Properly document the feature in the PR and docs

Changes

  • Setup refresh token & access token system
  • Now use cookies for Authentication
  • Unify naming of DB methods
  • Add user session management endpoints
  • Add loads of cryptography and network utilities

@PiquelChips PiquelChips self-assigned this Jan 27, 2026
@PiquelChips PiquelChips added the service/auth Anything that pertains to authentication label Jan 27, 2026
@PiquelChips PiquelChips moved this to In Progress in piquel.fr development Jan 27, 2026
@PiquelChips PiquelChips added the enhancement New feature or request label Jan 27, 2026
@PiquelChips
add user sessions table
4f11536
@PiquelChips
add custom jwt claims
24d6402
@PiquelChips
update auth service api to have refresh system
59885c4
@PiquelChips
update auth handlers for new refresh api
58082e1
@PiquelChips
fix build errors
066ed92
@PiquelChips
move some stuff around
c39f69e
@PiquelChips
finish auth api & fix handlers
9a98807
@PiquelChips
add TODOs
0f9e107
@PiquelChips
setup refresh token generation and validation
a642b22
@PiquelChips
update todo's and hashing functions
3e67f01
@PiquelChips
fix build error
22f805c
@PiquelChips
setup session queries
f2d20e1
@PiquelChips
add TODO
b43b5ba
@PiquelChips
add cookie utils
e0f0366
@PiquelChips
add domain env var
ee3e149
@PiquelChips
setup FinishAuth API & finalize token generation
d3c8f47
@PiquelChips
add cookie parsing util
7d481da
@PiquelChips
setup refresh
21055bd
@PiquelChips
make sure to verify the refresh token
07c92a3
@PiquelChips
fix getting token from request
ffb467e
@PiquelChips
fix getting user from token to not use DB call
dd2cfe8
@PiquelChips
check token expiry in auth middleware
9533d40
@PiquelChips
fix issue with wrong header expiry
3771f2f
@PiquelChips
fix handling of claims in auth service
55c1161
@PiquelChips PiquelChips marked this pull request as ready for review February 9, 2026 17:01
@PiquelChips PiquelChips mentioned this pull request Feb 9, 2026
Merged
4 tasks
@PiquelChips PiquelChips merged commit 2361949 into main Feb 9, 2026
1 check passed
PiquelChips added a commit to piquel-fr/website that referenced this pull request Feb 9, 2026
@PiquelChips
refactor: auth (#37)
f7979bb 
## Summary of the PR

Update handling of Auth with new system
(piquel-fr/api#63)

## Steps before PR review

- [x] Implement the feature
- [x] Test the feature
- [x] Make sure all checks pass
- [x] Properly document the feature in the PR

## Changes

- Update generated schema
- Do some renaming and moving around of profile & user pages
- Update login & logout routes for new system
- Update hooks to forward cookies properly
- Update `client.ts` to use new auth system
@PiquelChips PiquelChips deleted the refactor/auth branch February 9, 2026 17:33
@PiquelChips PiquelChips moved this from In Progress to Done in piquel.fr development Feb 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@PiquelChips PiquelChips

Labels

db-schema-change enhancement New feature or request service/auth Anything that pertains to authentication

Projects

piquel.fr development
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[FEAT] (auth) Small improvements to JWT [FEAT] (auth) Secure authentication

1 participant

@PiquelChips