TopherMayor/comparaison
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix: Associate comparisons with authenticated user #5

New Issue
Closed
opened 2026-04-26 08:15:03 +00:00 by TopherMayor · 0 comments
TopherMayor commented 2026-04-26 08:15:03 +00:00
Owner
Copy Link

Summary

Currently POST /api/compare creates comparisons with userId not set (no auth check). The server action createComparison also doesn't set userId. Comparisons need to be linked to the user who created them.

Implementation

  1. In src/app/api/compare/route.ts:

    • Read auth session from request headers
    • Extract userId from session
    • Set userId when inserting into comparisons table
    • Allow anonymous comparisons? (decide: require auth or allow guest with null userId)

  2. In src/app/actions/comparison.ts:

    • createComparison should accept userId and set it
    • getUserComparisons already filters by userId (line 94-100) — just needs to be called with real session

  3. Recommendation: Require authentication for creating comparisons. The compare page should redirect to sign-in if not authenticated.

Files

  • Modify: src/app/api/compare/route.ts (line 55-61 — add userId)
  • Modify: src/app/actions/comparison.ts (line 9-42 — add userId param)
  • Reference: src/lib/auth.ts (Better Auth server config for session extraction)

Acceptance Criteria

  • New comparisons are linked to the authenticated user
  • Unauthenticated users are prompted to sign in before creating
  • Profile page correctly shows only the user's comparisons
## Summary Currently `POST /api/compare` creates comparisons with `userId` not set (no auth check). The server action `createComparison` also doesn't set userId. Comparisons need to be linked to the user who created them. ## Implementation 1. **In `src/app/api/compare/route.ts`**: - Read auth session from request headers - Extract userId from session - Set `userId` when inserting into `comparisons` table - Allow anonymous comparisons? (decide: require auth or allow guest with null userId) 2. **In `src/app/actions/comparison.ts`**: - `createComparison` should accept userId and set it - `getUserComparisons` already filters by userId (line 94-100) — just needs to be called with real session 3. **Recommendation**: Require authentication for creating comparisons. The compare page should redirect to sign-in if not authenticated. ## Files - Modify: `src/app/api/compare/route.ts` (line 55-61 — add userId) - Modify: `src/app/actions/comparison.ts` (line 9-42 — add userId param) - Reference: `src/lib/auth.ts` (Better Auth server config for session extraction) ## Acceptance Criteria - [ ] New comparisons are linked to the authenticated user - [ ] Unauthenticated users are prompted to sign in before creating - [ ] Profile page correctly shows only the user's comparisons
TopherMayor added this to the v0.3 - Auth Integration milestone 2026-04-26 08:15:03 +00:00
TopherMayor added the backendbug labels 2026-04-26 08:15:03 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
backend
Server-side, API, database
 bug
Bugs and logic errors
 documentation
Docs, comments
 feature
New feature or enhancement
 frontend
UI/UX frontend work
 improvement
Code quality, refactoring
 testing
Test gaps, new tests
No Label backend bug
Milestone
No items
No Milestone v0.3 - Auth Integration
Projects
Clear projects
No project
Assignees
Clear assignees
TopherMayor
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: TopherMayor/comparaison#5
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?