feat(auth): update verify-code handler to be context-aware

fulleni · fulleni · commit 183c82864b8c · 2025-07-05T09:19:04.000+01:00
Modifies the `/api/v1/auth/verify-code` route handler to parse an
optional `is_dashboard_login` boolean field from the request body.

This flag is passed to the `AuthService.completeEmailSignIn` method,
enabling it to trigger the appropriate verification logic for either a
standard user-facing app sign-in/sign-up or a restricted dashboard
login.

The handler is also simplified by removing the now-redundant logic for
passing the `authenticatedUser` to the service.
diff --git a/routes/api/v1/auth/verify-code.dart b/routes/api/v1/auth/verify-code.dart
@@ -8,20 +8,21 @@ import 'package:ht_shared/ht_shared.dart';
 /// Handles POST requests to `/api/v1/auth/verify-code`.
 ///
 /// Verifies the provided email and code, completes the sign-in/sign-up,
-/// and returns the authenticated User object along with an auth token.
+/// and returns the authenticated User object along with an auth token. It
+/// supports a context-aware flow by checking for an `is_dashboard_login`
+/// flag in the request body, which dictates whether to perform a strict
+/// login-only check or a standard sign-in/sign-up.
 Future<Response> onRequest(RequestContext context) async {
   // Ensure this is a POST request
   if (context.request.method != HttpMethod.post) {
     return Response(statusCode: HttpStatus.methodNotAllowed);
   }
 
-  // Read the AuthService provided by middleware
+  // Read the AuthService provided by middleware.
+  // The `authenticatedUser` is no longer needed here as the service handles
+  // all context internally.
   final authService = context.read<AuthService>();
 
-  // Read the authenticated User from context (provided by authentication middleware)
-  // This user might be null (if not authenticated) or an anonymous user.
-  final authenticatedUser = context.read<User?>();
-
   // Parse the request body
   final dynamic body;
   try {
@@ -65,13 +66,16 @@ Future<Response> onRequest(RequestContext context) async {
     );
   }
 
+  // Check for the optional dashboard login flag. Default to false.
+  final isDashboardLogin = (body['is_dashboard_login'] as bool?) ?? false;
+
   try {
     // Call the AuthService to handle the verification and sign-in logic
-    // Pass the current authenticated user for potential data migration.
+    // Pass the context flag to determine the correct flow.
     final result = await authService.completeEmailSignIn(
       email,
       code,
-      currentAuthUser: authenticatedUser,
+      isDashboardLogin: isDashboardLogin,
     );
 
     // Create the specific payload containing user and token
