bugfix: fix typescript compile errors and test failures in middleware…

[ADITYAKUSHWAHA7975]

… and sessions

Description

Briefly describe what this pull request changes and why it is needed.

Related Issue

Closes #(2342)

Type of Change

• Bug fix

• Tests

Testing

Describe the commands you ran and any manual verification performed.

Ran npm run typecheck: Compiles successfully with zero TypeScript compilation errors.

Ran npm test: Runs the Jest suite. All 90 test suites and 1,705 assertions pass.

Ran npm run lint

Ran npm run build (Note: Next.js page collection requires local security configuration/env variables to build static assets, but code compiles successfully)

Ran npm run format

Ran git diff --check

Verified the changed behavior manually, or wrote N/A for documentation-only changes

Updated or added tests where appropriate, or wrote N/A with a reason

Checklist

My changes are focused on the linked issue
I have reviewed my own code
I have not introduced unrelated formatting or generated-file changes
Documentation is updated if needed

Summary by CodeRabbit

• New Features

  • Added JWT bearer token support from the Authorization header for authentication.

• Security

  • Enhanced token validation with user verification and automatic session rejection when token versions no longer match stored values.

[vercel]

@Aritra235 is attempting to deploy a commit to the Nisshchaya's projects Team on Vercel.

A member of the Team first needs to authorize it.

[github-actions]

⚠️ GSSoC Quality Check Failed — PR #2342

Hi @ADITYAKUSHWAHA7975! 👋 Your PR has been flagged by our automated GSSoC quality check.

Issues found:

• 🔗 No linked issue — Every PR must be linked to an open issue. Add closes #<issue-number> or fixes #<issue-number> in your description so maintainers know what this PR resolves.

---

✅ How to fix this

1. Read the issues listed above carefully
2. Edit your PR title and description to address them
3. Make sure your PR is linked to an open issue using closes #<issue-number>
4. Make sure your changes are meaningful and solve a real problem

Once you've fixed these, a maintainer will review and remove the flag. If you believe this is a mistake, please comment below. 🙏

GSSoC'26 automation · Maintainer: @nisshchayarathi

[coderabbitai]

📝 Walkthrough

Walkthrough

getAuthUser in lib/middleware.ts gains two new behaviors: Bearer JWT extraction and validation via verifyTokenWithUserValidation, and post-DB-fetch rejection when userPayload.tokenVersion mismatches the stored user record. Jest config gains require.resolve mappings for jose, @panva/hkdf, and uuid, and the session test harness adds a mockDeleteMany mock. A separate test-only change enriches commit mock objects in the contributor journey simulator test.

Changes

Auth Middleware: Bearer Token & tokenVersion Enforcement

Layer / File(s)	Summary
Bearer token extraction and tokenVersion check in getAuthUser lib/middleware.ts	Extracts a Bearer token from the Authorization header and validates it via verifyTokenWithUserValidation, continuing silently on failure. After the DB lookup, rejects authentication if userPayload.tokenVersion is present and does not match the stored finalUser.tokenVersion.
Jest config module mappings and session mock harness jest.config.cjs, app/api/auth/sessions/__tests__/route.test.ts	Adds require.resolve entries for jose, @panva/hkdf, and uuid in moduleNameMapper. Introduces mockDeleteMany and wires it to session.deleteMany in the Prisma mock.

Contributor Journey Simulator Test Mock Update

Layer / File(s)	Summary
Enriched commit mock objects src/utils/__tests__/contributorJourneySimulator.test.ts	Replaces message-only mock commit entries with full objects containing hash, author, date, and filesChanged.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• nisshchayarathi/gitverse-nextjs#1657: Modifies the same getAuthUser function in lib/middleware.ts with tokenVersion-based validation and user/lock checks, directly overlapping with this PR's tokenVersion mismatch enforcement.

Suggested labels

bug

Poem

🐇 Hop hop, the token must match,
No stale version shall slip through the latch!
Bearer or session, both checked with care,
deleteMany mocked — jest is prepared.
The bunny guards auth with a vigilant eye,
No mismatched token shall sneak on by! 🔐

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'bugfix: fix typescript compile errors and test failures in middleware' directly aligns with the PR objectives of addressing TypeScript compilation errors and test failures, making it clear and specific about the primary changes.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

ESLint install failed due to a network error.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[ADITYAKUSHWAHA7975]

all good

_{Commented in CodeRabbit Change Stack}

[coderabbitai]

🧹 Nitpick comments (1)

src/utils/__tests__/contributorJourneySimulator.test.ts (1)

15-16: 💤 Low value

Clarify the intent behind enriched commit mock objects.

The commit fixtures now include hash, author, date, and filesChanged fields, but the upstream computeCommitSignal function only reads commit.message (as shown in the relevant code snippets). Unless these fields are intentionally added to prepare for future features, the extra data adds noise to the test fixture without improving coverage of current behavior.

If this enrichment is exploratory or defensive test design with no documented intent, consider removing the unused fields to keep fixtures lean and focused. If the fields are meant for future use, document that intent inline or in related issue/ADR references.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/utils/__tests__/contributorJourneySimulator.test.ts` around lines 15 -
16, The commit mock objects at lines 15-16 in the test fixture include fields
(hash, author, date, filesChanged) that are not used by the upstream
computeCommitSignal function, which only reads the message field. Either remove
these unused fields from the commit fixture objects to keep the test lean and
focused on what is actually being tested, or if these fields are intentionally
included for future features, add an inline comment documenting that intent and
referencing any related issue or ADR.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@src/utils/__tests__/contributorJourneySimulator.test.ts`:
- Around line 15-16: The commit mock objects at lines 15-16 in the test fixture
include fields (hash, author, date, filesChanged) that are not used by the
upstream computeCommitSignal function, which only reads the message field.
Either remove these unused fields from the commit fixture objects to keep the
test lean and focused on what is actually being tested, or if these fields are
intentionally included for future features, add an inline comment documenting
that intent and referencing any related issue or ADR.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 6434c540-07cd-4e34-a7a8-65fdaf040873

📥 Commits

Reviewing files that changed from the base of the PR and between 9aa9b51 and bbd2cd1.

📒 Files selected for processing (4)

• app/api/auth/sessions/__tests__/route.test.ts
• jest.config.cjs
• lib/middleware.ts
• src/utils/__tests__/contributorJourneySimulator.test.ts