Skip to content

Feat/inject cognito claims#175

Merged
rogerlenhart merged 7 commits intomainfrom
feat/inject-cognito-claims
Mar 25, 2026
Merged

Feat/inject cognito claims#175
rogerlenhart merged 7 commits intomainfrom
feat/inject-cognito-claims

Conversation

@rogerlenhart
Copy link
Copy Markdown
Collaborator

@rogerlenhart rogerlenhart commented Mar 24, 2026
edited
Loading

Faz com que os claims do cognito sejam injetados também no login por custom-oauth e google.
-> Por google, o usuário sempre será ADMIN, já que apenas o domínio @cloudhumans pode entrar dessa forma.
-> Por custom-oauth (cloud hub login), o usuário recebe as permissões esperadas do token do cognito, igual ao login pelo cloudchat embedded.
-> A busca por workspaces foi otimizada para utilizar apenas uma query com multiplas condições ao invés de 2 queries com filtro posterior.

Copilot AI review requested due to automatic review settings March 24, 2026 15:04
Copilot AI reviewed Mar 24, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Este PR ajusta a autenticação no Builder para propagar cognitoClaims também em logins via Google e custom-oauth, e otimiza a listagem de workspaces ao aplicar o acesso via Cognito diretamente na query do Prisma.

Changes:

  • Injeta cognitoClaims no JWT do NextAuth para providers adicionais (Google e custom-oauth) via helper extractCognitoClaims.
  • Adiciona helper getCognitoAccessibleWorkspaceIds para derivar workspaces acessíveis a partir de claims.
  • Otimiza listWorkspaces para buscar workspaces via uma única query OR (membro no banco OU permitido por claims).

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File Description
apps/builder/src/pages/api/auth/[...nextauth].ts Extrai/injeta cognitoClaims no JWT para múltiplos providers e adiciona helper de extração.
apps/builder/src/features/workspace/helpers/cognitoUtils.ts Adiciona helper para mapear claims → IDs de workspaces acessíveis (inclui caso ADMIN).
apps/builder/src/features/workspace/api/listWorkspaces.ts Troca abordagem de 2 queries + filtro em memória por uma query com OR baseado em membership/claims.
apps/builder/src/features/auth/types/cognito.ts Centraliza o tipo CognitoClaims para reutilização.

Copilot AI review requested due to automatic review settings March 24, 2026 21:34
Copilot AI reviewed Mar 24, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 6 out of 6 changed files in this pull request and generated 3 comments.

MeBSilva
MeBSilva requested changes Mar 25, 2026
View reviewed changes
Copilot AI review requested due to automatic review settings March 25, 2026 19:52
Copilot AI reviewed Mar 25, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 6 out of 6 changed files in this pull request and generated 2 comments.

@rogerlenhart rogerlenhart merged commit 95d4503 into main Mar 25, 2026
1 check passed
@rogerlenhart rogerlenhart deleted the feat/inject-cognito-claims branch March 25, 2026 21:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@MeBSilva MeBSilva MeBSilva approved these changes

@Fernandasacosta Fernandasacosta Fernandasacosta approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@rogerlenhart @MeBSilva @Fernandasacosta