batch3 T3 review fix: swap req.user! for requireUser; document ws/user guard

Replaces six non-null assertions on req.user with the requireUser helper from auth.ts, which throws a descriptive error if the auth hook didn't populate req.user. Adds an inline comment in /api/ws/user explaining the manual auth check is defensive (the global hook already enforces auth). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-15 15:10:20 +00:00
parent 8fc525eab9
commit 124beae2bc
4 changed files with 11 additions and 6 deletions
--- a/apps/server/src/routes/ws.ts
+++ b/apps/server/src/routes/ws.ts
@@ -46,6 +46,8 @@ export function registerWebSocket(

  app.get('/api/ws/user', { websocket: true }, async (socket, req) => {
    const user = req.user;
+    // defensive: global auth hook (auth.ts) already rejects unauthenticated /api/* requests;
+    // keep the explicit check here to close the WS cleanly (1008) rather than throwing.
    if (!user) {
      socket.close(1008, 'unauthenticated');
      return;