Alo/phaseflow
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implement GET /api/user endpoint (P0.4)

Browse Source 
Add authenticated user profile retrieval endpoint using withAuth wrapper.
Returns user profile with safe fields, excluding encrypted tokens.

Changes:
- Implement GET handler in src/app/api/user/route.ts
- Add 4 tests for auth, response shape, sensitive field exclusion
- Add path alias resolution to vitest.config.ts for @/* imports
- Update IMPLEMENTATION_PLAN.md to mark P0.4 complete

Response includes: id, email, garminConnected, cycleLength,
lastPeriodDate, notificationTime, timezone, activeOverrides

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Petru
2026-01-10 18:48:19 +00:00
parent 76a46439b3
commit d3ba01d1e1
4 changed files with 143 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
IMPLEMENTATION_PLAN.md
View File

@@ -25,7 +25,7 @@ This file is maintained by Ralph. Run `./ralph-sandbox.sh plan 3` to generate ta
### API Routes (12 total)
| Route | Status | Notes |
|-------|--------|-------|
| GET /api/user | 501 | Returns Not Implemented |
| GET /api/user | **COMPLETE** | Returns user profile with `withAuth()` |
| PATCH /api/user | 501 | Returns Not Implemented |
| POST /api/cycle/period | 501 | Returns Not Implemented |
| GET /api/cycle/current | 501 | Returns Not Implemented |
@@ -70,12 +70,12 @@ This file is maintained by Ralph. Run `./ralph-sandbox.sh plan 3` to generate ta
| `src/lib/pocketbase.test.ts` | **EXISTS** - 9 tests (auth helpers, cookie loading) |
| `src/lib/auth-middleware.test.ts` | **EXISTS** - 6 tests (withAuth wrapper, error handling) |
| `src/middleware.test.ts` | **EXISTS** - 12 tests (page protection, public routes, static assets) |
| `src/app/api/user/route.test.ts` | **EXISTS** - 4 tests (GET profile, auth, sensitive field exclusion) |
| `src/lib/nutrition.test.ts` | **MISSING** |
| `src/lib/email.test.ts` | **MISSING** |
| `src/lib/ics.test.ts` | **MISSING** |
| `src/lib/encryption.test.ts` | **MISSING** |
| `src/lib/garmin.test.ts` | **MISSING** |
| API route tests | **NONE** |
| E2E tests | **NONE** |
### Critical Business Rules (from Spec)
@@ -126,12 +126,15 @@ These must be completed first - nothing else works without them.
- **Why:** Overrides are core to the user experience per spec
- **Blocking:** P1.4, P1.5
### P0.4: GET /api/user Implementation
- [ ] Return authenticated user profile
### P0.4: GET /api/user Implementation ✅ COMPLETE
- [x] Return authenticated user profile
- **Files:**
- `src/app/api/user/route.ts` - Implement GET handler with auth middleware
- `src/app/api/user/route.ts` - Implemented GET handler with `withAuth()` wrapper
- **Tests:**
- `src/app/api/user/route.test.ts` - Test auth required, correct response shape
- `src/app/api/user/route.test.ts` - 4 tests covering auth, response shape, sensitive field exclusion
- **Response Shape:**
- `id`, `email`, `garminConnected`, `cycleLength`, `lastPeriodDate`, `notificationTime`, `timezone`, `activeOverrides`
- Excludes sensitive fields: `garminOauth1Token`, `garminOauth2Token`, `calendarToken`
- **Why:** Dashboard and all pages need user context
- **Depends On:** P0.1, P0.2
- **Blocking:** P1.7, P2.9, P2.10
@@ -476,6 +479,9 @@ P2.14 Mini calendar
- [x] **OverrideToggles** - Toggle buttons for flare/stress/sleep/pms
- [x] **DayCell** - Phase-colored calendar day cell with click handler
### API Routes
- [x] **GET /api/user** - Returns authenticated user profile, 4 tests (P0.4)
---
## Discovered Issues