server: fix all TypeScript and linter errors

- Remove all `any` types from organization routes by leveraging Elysia
  type inference and adding authMiddleware to route files
- Add optional chaining for cookie.token access to handle undefined cases
- Remove explicit type annotations where TypeScript can infer correctly

All TypeScript errors and biome lint warnings are now resolved.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <[email protected]>

Author: aster-void

apps/server/src/domains/auth/routes.ts

@@ -45,7 +45,7 @@ export const authRoutes = new Elysia({ prefix: "/auth" })
       });
 
       // Set cookie
-      cookie.token.set({
+      cookie.token?.set({
         value: token,
         httpOnly: true,
         maxAge: 7 * 24 * 60 * 60, // 7 days
@@ -61,7 +61,7 @@ export const authRoutes = new Elysia({ prefix: "/auth" })
     },
   )
   .post("/signout", async ({ cookie }) => {
-    cookie.token.set({
+    cookie.token?.set({
       value: "",
       httpOnly: true,
       maxAge: 0,

apps/server/src/domains/organizations/crud-read.ts

@@ -2,15 +2,15 @@ import { eq } from "drizzle-orm";
 import { Elysia } from "elysia";
 import { db } from "../../db/index.ts";
 import { organizationMembers, organizations } from "../../db/schema.ts";
-import type { AuthUser } from "../../middleware/auth.ts";
+import { authMiddleware } from "../../middleware/auth.ts";
 import { getOrganizationPermissions } from "./permissions.ts";
 
 /**
  * Organization read routes
  * Handles: list organizations, get organization by ID
  */
-export const organizationReadRoutes = new Elysia()
-  .get("/", async ({ user, set }: { user: AuthUser | null; set: any }) => {
+export const organizationReadRoutes = new Elysia().use(authMiddleware)
+  .get("/", async ({ user, set }) => {
     if (!user) {
       set.status = 401;
       return { message: "Unauthorized" };
@@ -36,15 +36,7 @@ export const organizationReadRoutes = new Elysia()
   })
   .get(
     "/:id",
-    async ({
-      user,
-      params,
-      set,
-    }: {
-      user: AuthUser | null;
-      params: { id: string };
-      set: any;
-    }) => {
+    async ({ user, params, set }) => {
       if (!user) {
         set.status = 401;
         return { message: "Unauthorized" };

apps/server/src/domains/organizations/crud-write.ts

@@ -2,25 +2,17 @@ import { eq } from "drizzle-orm";
 import { Elysia, t } from "elysia";
 import { db } from "../../db/index.ts";
 import { organizationMembers, organizations } from "../../db/schema.ts";
-import type { AuthUser } from "../../middleware/auth.ts";
+import { authMiddleware } from "../../middleware/auth.ts";
 import { getOrganizationPermissions } from "./permissions.ts";
 
 /**
  * Organization write routes
  * Handles: create organization, update organization
  */
-export const organizationWriteRoutes = new Elysia()
+export const organizationWriteRoutes = new Elysia().use(authMiddleware)
   .post(
     "/",
-    async ({
-      user,
-      body,
-      set,
-    }: {
-      user: AuthUser | null;
-      body: { name: string; description?: string };
-      set: any;
-    }) => {
+    async ({ user, body, set }) => {
       if (!user) {
         set.status = 401;
         return { message: "Unauthorized" };
@@ -54,17 +46,7 @@ export const organizationWriteRoutes = new Elysia()
   )
   .patch(
     "/:id",
-    async ({
-      user,
-      body,
-      params,
-      set,
-    }: {
-      user: AuthUser | null;
-      body: { name?: string; description?: string };
-      params: { id: string };
-      set: any;
-    }) => {
+    async ({ user, body, params, set }) => {
       if (!user) {
         set.status = 401;
         return { message: "Unauthorized" };

apps/server/src/domains/organizations/members-add.ts

@@ -2,30 +2,16 @@ import { and, eq } from "drizzle-orm";
 import { Elysia, t } from "elysia";
 import { db } from "../../db/index.ts";
 import { organizationMembers, users } from "../../db/schema.ts";
-import type { AuthUser } from "../../middleware/auth.ts";
+import { authMiddleware } from "../../middleware/auth.ts";
 import { getOrganizationPermissions } from "./permissions.ts";
 
 /**
  * Organization member addition route
  * Handles: add member to organization
  */
-export const organizationMemberAddRoute = new Elysia().post(
+export const organizationMemberAddRoute = new Elysia().use(authMiddleware).post(
   "/:id/members",
-  async ({
-    user,
-    body,
-    params,
-    set,
-  }: {
-    user: AuthUser | null;
-    body: {
-      userId: string;
-      role?: string;
-      permission: "admin" | "member" | "visitor";
-    };
-    params: { id: string };
-    set: any;
-  }) => {
+  async ({ user, body, params, set }) => {
     if (!user) {
       set.status = 401;
       return { message: "Unauthorized" };

apps/server/src/domains/organizations/members-read.ts

@@ -2,24 +2,16 @@ import { eq } from "drizzle-orm";
 import { Elysia } from "elysia";
 import { db } from "../../db/index.ts";
 import { organizationMembers, users } from "../../db/schema.ts";
-import type { AuthUser } from "../../middleware/auth.ts";
+import { authMiddleware } from "../../middleware/auth.ts";
 import { getOrganizationPermissions } from "./permissions.ts";
 
 /**
  * Organization member read routes
  * Handles: list members
  */
-export const organizationMemberReadRoutes = new Elysia().get(
+export const organizationMemberReadRoutes = new Elysia().use(authMiddleware).get(
   "/:id/members",
-  async ({
-    user,
-    params,
-    set,
-  }: {
-    user: AuthUser | null;
-    params: { id: string };
-    set: any;
-  }) => {
+  async ({ user, params, set }) => {
     if (!user) {
       set.status = 401;
       return { message: "Unauthorized" };

apps/server/src/domains/organizations/members-remove.ts

@@ -2,24 +2,16 @@ import { and, eq } from "drizzle-orm";
 import { Elysia } from "elysia";
 import { db } from "../../db/index.ts";
 import { organizationMembers } from "../../db/schema.ts";
-import type { AuthUser } from "../../middleware/auth.ts";
+import { authMiddleware } from "../../middleware/auth.ts";
 import { getOrganizationPermissions } from "./permissions.ts";
 
 /**
  * Organization member removal route
  * Handles: remove member from organization
  */
-export const organizationMemberRemoveRoute = new Elysia().delete(
+export const organizationMemberRemoveRoute = new Elysia().use(authMiddleware).delete(
   "/:id/members/:userId",
-  async ({
-    user,
-    params,
-    set,
-  }: {
-    user: AuthUser | null;
-    params: { id: string; userId: string };
-    set: any;
-  }) => {
+  async ({ user, params, set }) => {
     if (!user) {
       set.status = 401;
       return { message: "Unauthorized" };

apps/server/src/domains/organizations/routes.ts

@@ -1,5 +1,4 @@
 import { Elysia } from "elysia";
-import { authMiddleware } from "../../middleware/auth.ts";
 import { organizationReadRoutes } from "./crud-read.ts";
 import { organizationWriteRoutes } from "./crud-write.ts";
 import { organizationMemberAddRoute } from "./members-add.ts";
@@ -11,7 +10,6 @@ import { organizationMemberRemoveRoute } from "./members-remove.ts";
  * Combines CRUD and member management routes under /organizations prefix
  */
 export const organizationRoutes = new Elysia({ prefix: "/organizations" })
-  .use(authMiddleware)
   .use(organizationReadRoutes)
   .use(organizationWriteRoutes)
   .use(organizationMemberReadRoutes)

apps/server/src/middleware/auth.ts

@@ -15,7 +15,7 @@ if (!jwtSecret) {
 export const authMiddleware = new Elysia({ name: "auth" })
   .use(jwt({ name: "jwt", secret: jwtSecret }))
   .derive({ as: "global" }, async ({ jwt, cookie }) => {
-    const tokenValue = cookie.token.value;
+    const tokenValue = cookie.token?.value;
 
     if (!tokenValue || typeof tokenValue !== "string") {
       return { user: null as AuthUser | null };