feat: replace dynamic schema generation with static schema import and enhance session validation logic

Author: Lasim

cookies.txt

@@ -37,35 +37,17 @@ function getColumnBuilder(type: 'text' | 'integer' | 'timestamp') {
 }
 
 function generateSchema(): AnySchema {
-  const generatedSchema: AnySchema = {};
-
-  for (const [tableName, tableColumns] of Object.entries(baseTableDefinitions)) {
-    const columns: Record<string, ReturnType<typeof tableColumns[keyof typeof tableColumns]>> = {};
-    for (const [columnName, columnDefFunc] of Object.entries(tableColumns)) {
-      let builderType: 'text' | 'integer' | 'timestamp' = 'text';
-      
-      // Special handling for specific columns
-      if (columnName === 'id' || columnName === 'user_id') {
-        builderType = 'text'; // All IDs are text (Lucia uses string IDs)
-      } else if (columnName === 'expires_at') {
-        builderType = 'integer'; // Lucia uses number for expires_at
-      } else if (columnName.toLowerCase().includes('at') || columnName.toLowerCase().includes('date')) {
-        builderType = 'timestamp';
-      } else if (['count', 'age', 'quantity', 'order', 'status', 'number'].some(keyword => columnName.toLowerCase().includes(keyword)) && !columnName.toLowerCase().includes('text')) {
-        builderType = 'integer';
-      }
-      
-      const builder = getColumnBuilder(builderType);
-      columns[columnName] = columnDefFunc(builder);
-    }
-    generatedSchema[tableName] = sqliteTable(tableName, columns);
-  }
+  // Import the static schema instead of generating it dynamically
+  // This avoids SQL syntax errors caused by dynamic schema generation
+  const staticSchema = require('./schema.sqlite');
+  const generatedSchema = { ...staticSchema };
 
+  // Add plugin tables to the static schema
   for (const [tableName, tableColumns] of Object.entries(inputPluginTableDefinitions)) {
     const columns: Record<string, ReturnType<typeof tableColumns[keyof typeof tableColumns]>> = {};
-     for (const [columnName, columnDefFunc] of Object.entries(tableColumns)) {
+    for (const [columnName, columnDefFunc] of Object.entries(tableColumns)) {
       let builderType: 'text' | 'integer' | 'timestamp' = 'text';
-       if (columnName.toLowerCase().includes('at') || columnName.toLowerCase().includes('date')) {
+      if (columnName.toLowerCase().includes('at') || columnName.toLowerCase().includes('date')) {
         builderType = 'timestamp';
       } else if (['id', 'count', 'age', 'quantity', 'order', 'status', 'number'].some(keyword => columnName.toLowerCase().includes(keyword))) {
         builderType = 'integer';

services/backend/src/db/index.ts

@@ -15,9 +15,9 @@ export const usersTableColumns = {
   id: (columnBuilder: any) => columnBuilder('id').primaryKey(),
   email: (columnBuilder: any) => columnBuilder('email').notNull().unique(),
   name: (columnBuilder: any) => columnBuilder('name'),
-  // Added .defaultNow() to let Drizzle handle dialect-specific default timestamp generation
-  createdAt: (columnBuilder: any) => columnBuilder('created_at', { mode: 'timestamp' }).notNull().defaultNow(),
-  updatedAt: (columnBuilder: any) => columnBuilder('updated_at', { mode: 'timestamp' }).notNull().defaultNow(),
+  // Use $defaultFn for SQLite timestamp generation
+  createdAt: (columnBuilder: any) => columnBuilder('created_at', { mode: 'timestamp' }).notNull().$defaultFn(() => new Date()),
+  updatedAt: (columnBuilder: any) => columnBuilder('updated_at', { mode: 'timestamp' }).notNull().$defaultFn(() => new Date()),
 };
 
 // Enum for authentication types
@@ -30,8 +30,8 @@ export const rolesTableColumns = {
   description: (columnBuilder: any) => columnBuilder('description'),
   permissions: (columnBuilder: any) => columnBuilder('permissions').notNull(), // JSON string
   is_system_role: (columnBuilder: any) => columnBuilder('is_system_role').notNull().default(false),
-  created_at: (columnBuilder: any) => columnBuilder('created_at', { mode: 'timestamp' }).notNull().defaultNow(),
-  updated_at: (columnBuilder: any) => columnBuilder('updated_at', { mode: 'timestamp' }).notNull().defaultNow(),
+  created_at: (columnBuilder: any) => columnBuilder('created_at', { mode: 'timestamp' }).notNull().$defaultFn(() => new Date()),
+  updated_at: (columnBuilder: any) => columnBuilder('updated_at', { mode: 'timestamp' }).notNull().$defaultFn(() => new Date()),
 };
 
 export const authUserTableColumns = {
@@ -66,8 +66,8 @@ export const teamsTableColumns = {
   slug: (columnBuilder: any) => columnBuilder('slug').notNull().unique(),
   description: (columnBuilder: any) => columnBuilder('description'),
   owner_id: (columnBuilder: any) => columnBuilder('owner_id').notNull(), // Foreign key to authUser.id
-  created_at: (columnBuilder: any) => columnBuilder('created_at', { mode: 'timestamp' }).notNull().defaultNow(),
-  updated_at: (columnBuilder: any) => columnBuilder('updated_at', { mode: 'timestamp' }).notNull().defaultNow(),
+  created_at: (columnBuilder: any) => columnBuilder('created_at', { mode: 'timestamp' }).notNull().$defaultFn(() => new Date()),
+  updated_at: (columnBuilder: any) => columnBuilder('updated_at', { mode: 'timestamp' }).notNull().$defaultFn(() => new Date()),
 };
 
 // Enum for team member roles
@@ -78,7 +78,7 @@ export const teamMembershipsTableColumns = {
   team_id: (columnBuilder: any) => columnBuilder('team_id').notNull(), // Foreign key to teams.id
   user_id: (columnBuilder: any) => columnBuilder('user_id').notNull(), // Foreign key to authUser.id
   role: (columnBuilder: any) => columnBuilder('role').notNull(), // team_admin or team_user
-  joined_at: (columnBuilder: any) => columnBuilder('joined_at', { mode: 'timestamp' }).notNull().defaultNow(),
+  joined_at: (columnBuilder: any) => columnBuilder('joined_at', { mode: 'timestamp' }).notNull().$defaultFn(() => new Date()),
 };
 
 // This object will hold definitions for all base tables.

services/backend/src/db/schema.ts

@@ -1,6 +1,7 @@
 import type { FastifyRequest, FastifyReply, HookHandlerDoneFunction } from 'fastify';
 import { getLucia } from '../lib/lucia';
-import { getDbStatus, getSchema } from '../db';
+import { getDbStatus, getSchema, getDb } from '../db';
+import { eq } from 'drizzle-orm';
 import type { User, Session } from 'lucia';
 
 // Augment FastifyRequest to include user and session
@@ -37,23 +38,80 @@ export async function authHook(
     }
 
     request.log.debug(`Auth hook: Found session ID: ${sessionId}`);
-    const { session, user } = await lucia.validateSession(sessionId);
-
-    if (session && session.fresh) {
-      // Session was refreshed, send new cookie
-      request.log.debug(`Auth hook: Session ${sessionId} is fresh, sending new cookie`);
-      const sessionCookie = lucia.createSessionCookie(session.id);
+    
+    // Manual session validation to avoid Lucia SQL syntax issues
+    const db = getDb();
+    const schema = getSchema();
+    const authSessionTable = schema.authSession;
+    const authUserTable = schema.authUser;
+    
+    if (!authSessionTable || !authUserTable) {
+      request.log.error('Auth tables not found in schema');
+      request.user = null;
+      request.session = null;
+      return;
+    }
+    
+    // Query session and user manually
+    const sessionResult = await db.select({
+      sessionId: authSessionTable.id,
+      userId: authSessionTable.user_id,
+      expiresAt: authSessionTable.expires_at,
+      username: authUserTable.username,
+      email: authUserTable.email,
+      firstName: authUserTable.first_name,
+      lastName: authUserTable.last_name,
+      authType: authUserTable.auth_type,
+      githubId: authUserTable.github_id
+    })
+    .from(authSessionTable)
+    .innerJoin(authUserTable, eq(authSessionTable.user_id, authUserTable.id))
+    .where(eq(authSessionTable.id, sessionId))
+    .limit(1);
+    
+    if (sessionResult.length === 0) {
+      request.log.debug(`Auth hook: Session ${sessionId} not found`);
+      const sessionCookie = lucia.createBlankSessionCookie();
       reply.setCookie(sessionCookie.name, sessionCookie.value, sessionCookie.attributes);
+      request.user = null;
+      request.session = null;
+      return;
     }
-    if (!session) {
-      // Invalid session, clear cookie
-      request.log.debug(`Auth hook: Session ${sessionId} is invalid, clearing cookie`);
+    
+    const sessionData = sessionResult[0];
+    
+    // Check if session is expired
+    if (sessionData.expiresAt < Date.now()) {
+      request.log.debug(`Auth hook: Session ${sessionId} is expired`);
+      // Delete expired session
+      await db.delete(authSessionTable).where(eq(authSessionTable.id, sessionId));
       const sessionCookie = lucia.createBlankSessionCookie();
       reply.setCookie(sessionCookie.name, sessionCookie.value, sessionCookie.attributes);
-    } else {
-      request.log.debug(`Auth hook: Session ${sessionId} is valid for user ${user?.id}`);
+      request.user = null;
+      request.session = null;
+      return;
     }
+    
+    // Create user and session objects
+    const user = {
+      id: sessionData.userId,
+      username: sessionData.username,
+      email: sessionData.email,
+      firstName: sessionData.firstName,
+      lastName: sessionData.lastName,
+      authType: sessionData.authType,
+      githubId: sessionData.githubId
+    };
+    
+    const session = {
+      id: sessionData.sessionId,
+      userId: sessionData.userId,
+      expiresAt: new Date(sessionData.expiresAt),
+      fresh: false
+    };
 
+    request.log.debug(`Auth hook: Session ${sessionId} is valid for user ${user.id}`);
+    
     request.user = user;
     request.session = session;
     // No explicit done() call, Fastify awaits the promise