From 8b9a1ace2f48401f618f327e479c24d22f804302 Mon Sep 17 00:00:00 2001
From: Manus Deploy <manus@santinova-soft.org>
Date: Tue, 21 Apr 2026 07:08:39 -0400
Subject: [PATCH] =?UTF-8?q?Fix=20critique=20:=20context.ts=20v=C3=A9rifie?=
 =?UTF-8?q?=20veille=5Flocal=5Fauth=20=E2=80=94=20corrige=20d=C3=A9connexi?=
 =?UTF-8?q?on=20lors=20des=20imports?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 server/_core/context.ts | 41 +++++++++++++++++++++++++++++++++++++++--
 1 file changed, 39 insertions(+), 2 deletions(-)

diff --git a/server/_core/context.ts b/server/_core/context.ts
index e4ae108..5fce18f 100644
--- a/server/_core/context.ts
+++ b/server/_core/context.ts
@@ -1,6 +1,8 @@
 import type { CreateExpressContextOptions } from "@trpc/server/adapters/express";
 import type { User } from "../../drizzle/schema";
 import { sdk } from "./sdk";
+import { parse as parseCookieHeader } from "cookie";
+import { verifyLocalToken, getLocalUserById, LOCAL_AUTH_COOKIE } from "../localAuth";
 
 export type TrpcContext = {
   req: CreateExpressContextOptions["req"];
@@ -13,13 +15,48 @@ export async function createContext(
 ): Promise<TrpcContext> {
   let user: User | null = null;
 
+  // 1. Essayer l'authentification Manus OAuth
   try {
     user = await sdk.authenticateRequest(opts.req);
-  } catch (error) {
-    // Authentication is optional for public procedures.
+  } catch {
     user = null;
   }
 
+  // 2. Si pas d'utilisateur OAuth, essayer le cookie d'auth locale
+  if (!user) {
+    try {
+      const cookieHeader = opts.req.headers.cookie;
+      if (cookieHeader) {
+        const cookies = parseCookieHeader(cookieHeader);
+        const localToken = cookies[LOCAL_AUTH_COOKIE];
+        if (localToken) {
+          const payload = await verifyLocalToken(localToken);
+          if (payload) {
+            const localUser = await getLocalUserById(payload.userId);
+            if (localUser && localUser.isActive) {
+              // Construire un objet User compatible avec le type attendu par tRPC
+              // On utilise un openId synthétique basé sur l'id local
+              user = {
+                id: localUser.id,
+                openId: `local:${localUser.id}`,
+                name: localUser.name,
+                email: localUser.email ?? null,
+                loginMethod: "local",
+                role: localUser.role === "admin" ? "admin" : "user",
+                createdAt: localUser.createdAt,
+                updatedAt: localUser.updatedAt,
+                lastSignedIn: localUser.lastSignedIn ?? new Date(),
+              } as User;
+            }
+          }
+        }
+      }
+    } catch (error) {
+      // Auth locale optionnelle — on ignore les erreurs
+      user = null;
+    }
+  }
+
   return {
     req: opts.req,
     res: opts.res,