Open
Conversation
Contributor
🚀 Package Preview Available!Install this PR's preview build with npm: npm i @base44-preview/cli@0.0.50-pr.475.3ca36bbPrefer not to change any import paths? Install using npm alias so your code still imports npm i "base44@npm:@base44-preview/cli@0.0.50-pr.475.3ca36bb"Or add it to your {
"dependencies": {
"base44": "npm:@base44-preview/cli@0.0.50-pr.475.3ca36bb"
}
}
Preview published to npm registry — try new features instantly! |
artemdemo
force-pushed
the
auth-and-stuff
branch
2 times, most recently
from
f104342 to
795a527
Compare
Contributor
Author
|
@claude review |
artemdemo
commented
Apr 13, 2026
| "engines": { | ||
| "node": ">=20.19.0" | ||
| } | ||
| "name": "base44", |
Contributor
Author
There was a problem hiding this comment.
just formatting - replaced 4 spaces with 2
artemdemo
commented
Apr 13, 2026
| "scripts": { | ||
| "lint": "biome check packages/*/src packages/*/tests", | ||
| "lint:fix": "biome check --write packages/*/src packages/*/tests", | ||
| "typecheck": "bun --workspaces --if-present --sequential run typecheck", |
Contributor
Author
There was a problem hiding this comment.
This allows to run bun run typecheck from the root of the project
Contributor
Author
|
@claude review |
artemdemo
force-pushed
the
auth-and-stuff
branch
from
4da5171 to
76fd3cb
Compare
artemdemo
force-pushed
the
auth-and-stuff
branch
from
5254e7a to
e8c7ae7
Compare
artemdemo
commented
Apr 13, 2026
| return Object.keys(projection).length > 0 ? projection : undefined; | ||
| } | ||
|
|
||
| export const queryEntity = async ( |
Contributor
Author
There was a problem hiding this comment.
Moved this logic from entities-router.ts
So I can share it.
artemdemo
force-pushed
the
auth-and-stuff
branch
from
e8c7ae7 to
d87fe51
Compare
artemdemo
commented
Apr 14, 2026
Comment on lines
+33
to
+40
| join( | ||
| t.getTempDir(), | ||
| "project", | ||
| "base44", | ||
| "functions", | ||
| "hello", | ||
| "index.ts", | ||
| ), |
Contributor
Author
There was a problem hiding this comment.
No related to PR, fixing windows thingy
artemdemo
commented
Apr 14, 2026
| env: { | ||
| ...globalThis.process.env, | ||
| FUNCTION_PATH: func.entryPath, | ||
| FUNCTION_PATH: pathToFileURL(func.entryPath).href, |
Contributor
Author
There was a problem hiding this comment.
No related to PR, fixing windows thingy
artemdemo
force-pushed
the
auth-and-stuff
branch
from
be32076 to
a44a76a
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Note
Description
Adds a local authentication router to the
base44 devserver, enabling developers to test registration, OTP verification, and login flows locally without hitting the production API. The auth router issues JWT tokens signed with a local secret and stores user credentials in a private in-memory NeDB collection, keeping sensitive data (passwords, OTP codes) separate from the publicUsercollection. A dedicatedentities-user-routeris also introduced to give theUserentity special handling (auth-gated reads/writes, restricted fields, role-based access) that mirrors production behavior.Related Issue
None
Type of Change
Changes Made
routes/auth-router.ts(new): Express router mounted at/api/apps/:appId/authwith three endpoints —POST /login,POST /register(generates a 6-digit OTP printed to the dev-server log), andPOST /verify-otp(completes registration and issues a JWT)routes/entities/entities-user-router.ts(new): Auth-gated CRUD router for theUserentity; admins can list all users, regular users only see themselves; restricted fields (full_name,email,role) cannot be updated via the entities API, matching production behaviordb/entity-queries.ts(new): ExtractedqueryEntityhelper supportingsort,limit,skip,fields, andq(JSON query) parameters — shared by the entity router and user routerdb/database.ts: AddedPRIVATE_USER_COLLECTION($user) for storing passwords and OTP codes out of reach of public API clientsdev-server/main.ts: Registered the newauthRouterand wired in theentities-user-routervia the entity routespackage.json/bun.lock: Movedjsonwebtoken+@types/jsonwebtokenfrom the root workspace topackages/cli(where they are actually used); addedqsfor typed query-string parsingtests/cli/dev-auth.spec.ts(new): Integration test covering the full register → OTP verify → login flow0.0.47→0.0.50Testing
npm test)Checklist
docs/(AGENTS.md) if I made architectural changesAdditional Notes
The OTP code is intentionally printed to the dev-server log (via
devLogger) rather than sent by email, since local development has no email delivery. The JWT is signed with the hard-coded constantLOCAL_DEV_SECRET— this is intentional and safe for local-only use. Auth routes that involve OAuth redirects (/api/apps/auth/…) are still redirected tobase44.appvia the existing proxy redirect middleware.🤖 Generated by Claude | 2026-04-14 08:44 UTC | 3ca36bb