Phase 3 testing fixes: Fastify 5, SSE→WebSocket+FCM, enums, security, session lifecycle
- Upgrade Fastify 4→5 with all plugins (@fastify/websocket 11, cors 11, sensible 6) - Migrate all SSE endpoints to WebSocket + FCM push (mitra chat requests, customer pairing status) - Add flutter_local_notifications for foreground push notifications with sound - Add splash screen to both apps (hide auth loading flash) - Introduce constants/enums across entire codebase (no raw string literals) - Move price tiers from hardcoded array to app_config DB (data-driven, includes 1-min test tier) - Add session ownership validation on all shared chat routes - Add ownership checks on endSession, respondToExtension, requestExtension - Fix session timer: auto-complete expired/stale sessions on server restart - Add 5-min grace period for abandoned closing sessions - Fix extension flow: proper session_resumed handling, clearExtensionRequest, closure grace timer cleanup - Fix chat screens: ConnectChat in initState, session status check on connect - Fix customer expired view: 5-min countdown, closure state priority over expired state - Fix mitra extension UI: loading spinner, disable buttons, handle EXTENSION_RESOLVED error - Fix GoRouter navigation consistency (no more Navigator.pushNamed) - Fix goodbye view keyboard overflow (SingleChildScrollView) - Add active session card on customer home screen with refresh on navigate back - Fix PricingBottomSheet extension mode (RequestExtension instead of new pairing) - Send session_resumed to both parties on extension accept Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -4,17 +4,21 @@ import { getMitraByFirebaseUid } from '../../services/mitra.service.js'
|
||||
import { getMessages } from '../../services/chat.service.js'
|
||||
import { getSessionClosures } from '../../services/closure.service.js'
|
||||
import { registerDeviceToken } from '../../services/notification.service.js'
|
||||
import { getDb } from '../../db/client.js'
|
||||
import { UserType } from '../../constants.js'
|
||||
|
||||
const sql = getDb()
|
||||
|
||||
const resolveUser = async (request, reply) => {
|
||||
const customer = await getCustomerByFirebaseUid(request.firebaseUser.uid)
|
||||
if (customer) {
|
||||
request.userType = 'customer'
|
||||
request.userType = UserType.CUSTOMER
|
||||
request.userId = customer.id
|
||||
return
|
||||
}
|
||||
const mitra = await getMitraByFirebaseUid(request.firebaseUser.uid)
|
||||
if (mitra) {
|
||||
request.userType = 'mitra'
|
||||
request.userType = UserType.MITRA
|
||||
request.userId = mitra.id
|
||||
return
|
||||
}
|
||||
@@ -24,9 +28,25 @@ const resolveUser = async (request, reply) => {
|
||||
})
|
||||
}
|
||||
|
||||
// Verify session belongs to the authenticated user
|
||||
const verifySessionOwnership = async (request, reply) => {
|
||||
const { sessionId } = request.params
|
||||
const [session] = await sql`
|
||||
SELECT id FROM chat_sessions
|
||||
WHERE id = ${sessionId}
|
||||
AND (customer_id = ${request.userId} OR mitra_id = ${request.userId})
|
||||
`
|
||||
if (!session) {
|
||||
return reply.code(403).send({
|
||||
success: false,
|
||||
error: { code: 'FORBIDDEN', message: 'You do not have access to this session' },
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
export const sharedChatRoutes = async (app) => {
|
||||
// Get messages for a session (paginated)
|
||||
app.get('/chat/:sessionId/messages', { preHandler: [authenticate, resolveUser] }, async (request, reply) => {
|
||||
app.get('/chat/:sessionId/messages', { preHandler: [authenticate, resolveUser, verifySessionOwnership] }, async (request, reply) => {
|
||||
const { sessionId } = request.params
|
||||
const { limit, before } = request.query
|
||||
const messages = await getMessages(sessionId, {
|
||||
@@ -37,7 +57,7 @@ export const sharedChatRoutes = async (app) => {
|
||||
})
|
||||
|
||||
// Get session info
|
||||
app.get('/chat/:sessionId/info', { preHandler: [authenticate, resolveUser] }, async (request, reply) => {
|
||||
app.get('/chat/:sessionId/info', { preHandler: [authenticate, resolveUser, verifySessionOwnership] }, async (request, reply) => {
|
||||
const { sessionId } = request.params
|
||||
const { getSessionById } = await import('../../services/session.service.js')
|
||||
const session = await getSessionById(sessionId)
|
||||
@@ -48,7 +68,7 @@ export const sharedChatRoutes = async (app) => {
|
||||
})
|
||||
|
||||
// Get full transcript (read-only, for history)
|
||||
app.get('/chat/:sessionId/transcript', { preHandler: [authenticate, resolveUser] }, async (request, reply) => {
|
||||
app.get('/chat/:sessionId/transcript', { preHandler: [authenticate, resolveUser, verifySessionOwnership] }, async (request, reply) => {
|
||||
const { sessionId } = request.params
|
||||
const messages = await getMessages(sessionId, { limit: 10000 })
|
||||
const closures = await getSessionClosures(sessionId)
|
||||
@@ -66,7 +86,7 @@ export const sharedChatRoutes = async (app) => {
|
||||
})
|
||||
|
||||
// Submit goodbye/closure message
|
||||
app.post('/sessions/:sessionId/close-message', { preHandler: [authenticate, resolveUser] }, async (request, reply) => {
|
||||
app.post('/sessions/:sessionId/close-message', { preHandler: [authenticate, resolveUser, verifySessionOwnership] }, async (request, reply) => {
|
||||
const { sessionId } = request.params
|
||||
const { message } = request.body
|
||||
if (!message) {
|
||||
|
||||
Reference in New Issue
Block a user