feat(shared): add unified DeepLinkResolver with polymorphic fallback chain

.github/workflows/ci.yml

@@ -61,6 +61,9 @@ jobs:
       - name: Install backend dependencies
         run: npm --prefix apps/backend install
 
+      - name: Generate Prisma Client
+        run: cd apps/backend && npx prisma generate
+
       - name: Backend lint
         id: backend_lint
         continue-on-error: true                         

apps/backend/package.json

@@ -15,7 +15,8 @@
     "db:deploy": "prisma migrate deploy",
     "db:seed": "tsx prisma/seed.ts",
     "db:studio": "prisma studio",
-    "typecheck": "tsc --noEmit"
+    "typecheck": "tsc --noEmit",
+    "postinstall": "prisma generate"
   },
   "dependencies": {
     "@devcard/shared": "file:../../packages/shared",

apps/backend/src/__tests__/analytics.test.ts

@@ -1,3 +1,6 @@
+import Fastify, {
+  type FastifyInstance,
+} from 'fastify';
 import {
   describe,
   it,
@@ -7,13 +10,11 @@ import {
   vi,
 } from 'vitest';
 
-import Fastify, {
-  type FastifyInstance,
-} from 'fastify';
+
+import { analyticsRoutes } from '../routes/analytics';
 
 import type { PrismaClient } from '@prisma/client';
 
-import { analyticsRoutes } from '../routes/analytics';
 
 // ─── Shared mock data ────────────────────────────────────────────────────────
 
@@ -34,7 +35,7 @@ const prismaMock = {
 
 // ─── App factory ─────────────────────────────────────────────────────────────
 
-let mockJwtVerify = vi.fn();
+const mockJwtVerify = vi.fn();
 
 async function buildApp(): Promise<FastifyInstance> {
   const app = Fastify({

apps/backend/src/__tests__/app.test.ts

@@ -1,8 +1,9 @@
-process.env.NODE_ENV = 'test';
-
 import { describe, it, expect } from 'vitest';
+
 import { buildApp } from '../app';
 
+process.env.NODE_ENV = 'test';
+
 describe('GET /health', () => {
   it('should return status ok', async () => {
     const app = await buildApp();

apps/backend/src/__tests__/event.test.ts

@@ -1,8 +1,10 @@
+import Fastify, { type FastifyInstance } from 'fastify';
 import { describe, it, expect, beforeEach, afterEach, vi } from 'vitest';
-import Fastify, { FastifyInstance } from 'fastify';
-import { PrismaClient } from '@prisma/client';
+
 import { eventRoutes } from '../routes/event';
 
+import type { PrismaClient } from '@prisma/client';
+
 // ─── Shared mock data ────────────────────────────────────────────────────────
 
 const MOCK_USER_ID = 'user-uuid-001';
@@ -64,7 +66,7 @@
 //
 // This mirrors the real app setup without touching a real DB or real JWT keys.
 
-let mockJwtVerify = vi.fn();
+const mockJwtVerify = vi.fn();
 
 async function buildApp(): Promise<FastifyInstance> {
   const app = Fastify({ logger: false });
@@ -74,8 +76,10 @@
 
   // Decorate jwtVerify on the request prototype so request.jwtVerify() resolves
   // to whatever the current test wants.
-  app.decorateRequest('jwtVerify', function () {
-    return mockJwtVerify();
+  app.decorateRequest('jwtVerify', async function (this: any) {
+    const payload = await mockJwtVerify();
+    this.user = payload;
+    return payload;
   });
 
   // Register with the same prefix used in production (app.ts) so that
@@ -93,7 +97,7 @@
 }
 
 /** Injects a POST /api/events request */
 async function createEvent(
   app: FastifyInstance,
   body: Record<string, unknown>,
   authenticated = true,
@@ -252,6 +256,10 @@
       prismaMock.event.findUnique.mockResolvedValue({
         ...MOCK_EVENT,
         _count: { attendees: 42 },
+        organizer: {
+          username: 'johndoe',
+          displayName: 'John Doe',
+        },
       });
 
       const res = await app.inject({
@@ -264,8 +272,9 @@
       expect(body.slug).toBe('devcard-conf-2025');
       expect(body.attendeesCount).toBe(42);
       expect(body.location).toBe('San Francisco, CA');
-      // organizerId is exposed (public info)
-      expect(body.organizerId).toBe(MOCK_USER_ID);
+      // organizer public fields are exposed
+      expect(body.organizerUsername).toBe('johndoe');
+      expect(body.organizerDisplayName).toBe('John Doe');
     });
 
     it('404 — returns 404 for unknown slug', async () => {
@@ -286,6 +295,10 @@
       prismaMock.event.findUnique.mockResolvedValue({
         ...MOCK_EVENT,
         _count: { attendees: 0 },
+        organizer: {
+          username: 'johndoe',
+          displayName: 'John Doe',
+        },
       });
 
       const res = await app.inject({
@@ -474,7 +487,7 @@
 
   describe('GET /api/events/:slug/attendees — paginated attendee list', () => {
     /** Builds a raw EventAttendee row as Prisma returns it (with nested user) */
     function makeAttendeeRow(
       profile: typeof MOCK_USER_PROFILE | typeof MOCK_OTHER_USER_PROFILE,
     ) {
       return {
@@ -495,6 +508,7 @@
       prismaMock.event.findUnique.mockResolvedValue({
         ...MOCK_EVENT,
         attendees: attendeeRows,
+        _count: { attendees: 2 },
       });
 
       const res = await app.inject({
@@ -523,6 +537,7 @@
       prismaMock.event.findUnique.mockResolvedValue({
         ...MOCK_EVENT,
         attendees: [makeAttendeeRow(MOCK_OTHER_USER_PROFILE)],
+        _count: { attendees: 1 },
       });
 
       const res = await app.inject({
@@ -545,6 +560,7 @@
       prismaMock.event.findUnique.mockResolvedValue({
         ...MOCK_EVENT,
         attendees: [],
+        _count: { attendees: 0 },
       });
 
       const res = await app.inject({
@@ -561,6 +577,7 @@
       prismaMock.event.findUnique.mockResolvedValue({
         ...MOCK_EVENT,
         attendees: [],
+        _count: { attendees: 0 },
       });
 
       const res = await app.inject({
@@ -577,6 +594,7 @@
       prismaMock.event.findUnique.mockResolvedValue({
         ...MOCK_EVENT,
         attendees: [],
+        _count: { attendees: 0 },
       });
 
       const res = await app.inject({
@@ -594,6 +612,7 @@
       prismaMock.event.findUnique.mockResolvedValue({
         ...MOCK_EVENT,
         attendees: [makeAttendeeRow(MOCK_USER_PROFILE)],
+        _count: { attendees: 1 },
       });
 
       const res = await app.inject({
@@ -632,6 +651,7 @@
       prismaMock.event.findUnique.mockResolvedValue({
         ...MOCK_EVENT,
         attendees: [],
+        _count: { attendees: 0 },
       });
 
       await app.inject({

apps/backend/src/__tests__/follow.test.ts

@@ -1,4 +1,4 @@
-import Fastify, { FastifyInstance } from 'fastify';
+import Fastify, { type FastifyInstance } from 'fastify';
 import { describe, expect, it, vi, beforeAll, beforeEach, afterAll } from 'vitest';
 
 import { followRoutes } from '../routes/follow.js';

apps/backend/src/__tests__/oauth-scope.test.ts

@@ -11,10 +11,12 @@
  * flow so the two records are independent and can never overwrite each other.
  */
 
-import { describe, it, expect, beforeEach, vi } from 'vitest';
 import Fastify from 'fastify';
+import { describe, it, expect, beforeEach, vi } from 'vitest';
+
 import { connectRoutes } from '../routes/connect.js';
 import { followRoutes } from '../routes/follow.js';
+
 import type { PrismaClient } from '@prisma/client';
 
 // ── Mocks ─────────────────────────────────────────────────────────────────────
@@ -42,20 +44,20 @@
   return Buffer.from(JSON.stringify({ userId, nonce: 'test-nonce' })).toString('base64');
 }
 
 function buildConnectApp(mockPrisma: Partial<PrismaClient>) {
   const app = Fastify({ logger: false });
   app.decorate('prisma', mockPrisma as PrismaClient);
-  app.decorate('authenticate', async (req: any) => { req.user = { id: USER_ID }; });
+  app.decorate('authenticate', async (request: any) => { request.user = { id: USER_ID }; });
   app.register(connectRoutes, { prefix: '/api/connect' });
   return app.ready().then(() => app);
 }
 
 // ── Follow-route test harness ─────────────────────────────────────────────────
 
 function buildFollowApp(mockPrisma: Partial<PrismaClient>) {
   const app = Fastify({ logger: false });
   app.decorate('prisma', mockPrisma as PrismaClient);
-  app.decorate('authenticate', async (req: any) => { req.user = { id: USER_ID }; });
+  app.decorate('authenticate', async (request: any) => { request.user = { id: USER_ID }; });
   app.register(followRoutes, { prefix: '/api/follow' });
   return app.ready().then(() => app);
 }

apps/backend/src/__tests__/public.test.ts

@@ -1,9 +1,13 @@
-import { describe, it, expect, beforeEach, vi } from 'vitest';
-import Fastify from 'fastify';
 import jwt from '@fastify/jwt';
+import Fastify from 'fastify';
+import { describe, it, expect, beforeEach, vi } from 'vitest';
+
 import { publicRoutes } from '../routes/public.js';
+import { generateQRBuffer, generateQRSvg } from '../utils/qr.js';
+
 import type { PrismaClient } from '@prisma/client';
 
+
 // ── Mock QR utilities ─────────────────────────────────────────────────────────
 // Prevents real QR rasterisation (and any native canvas/image deps) from running
 // during unit tests.  The stubs return minimal valid values that satisfy the
@@ -13,8 +17,6 @@
   generateQRSvg: vi.fn().mockResolvedValue('<svg>fake</svg>'),
 }));
 
-import { generateQRBuffer, generateQRSvg } from '../utils/qr.js';
-
 const mockUser = {
   id: 'user-123',
   username: 'testuser',
@@ -50,7 +52,7 @@
   del: vi.fn().mockResolvedValue(1),
 };
 
 async function buildApp() {
   const app = Fastify();
   // Register JWT so app.jwt.sign() is available for the qr-session route.
   // @fastify/jwt also adds request.jwtVerify(), which throws when no valid

apps/backend/src/__tests__/team.test.ts

@@ -1,6 +1,7 @@
+import { type PrismaClient, TeamRole } from '@prisma/client';
+import Fastify, { type FastifyInstance } from 'fastify';
 import { describe, it, expect, beforeEach, afterEach, vi } from 'vitest';
-import Fastify, { FastifyInstance } from 'fastify';
-import { PrismaClient, TeamRole } from '@prisma/client';
+
 import { teamRoutes } from '../routes/team';
 
 // ─── Shared mock data ─────────────────────────────────────────────────────────
@@ -92,15 +93,17 @@
 
 // ─── App factory ──────────────────────────────────────────────────────────────
 
-let mockJwtVerify = vi.fn();
+const mockJwtVerify = vi.fn();
 
 async function buildApp(): Promise<FastifyInstance> {
   const app = Fastify({ logger: false });
 
   app.decorate('prisma', prismaMock as unknown as PrismaClient);
 
-  app.decorateRequest('jwtVerify', function () {
-    return mockJwtVerify();
+  app.decorateRequest('jwtVerify', async function (this: any) {
+    const payload = await mockJwtVerify();
+    this.user = payload;
+    return payload;
   });
 
   await app.register(teamRoutes);
@@ -114,7 +117,7 @@
   return { Authorization: 'Bearer mock-token' };
 }
 
 async function createTeam(
   app: FastifyInstance,
   body: Record<string, unknown>,
   authenticated = true,

apps/backend/src/app.ts

@@ -7,7 +7,6 @@ import helmet from '@fastify/helmet';
 import jwt from '@fastify/jwt';
 import multipart from '@fastify/multipart';
 import rateLimit from '@fastify/rate-limit';
-import fastifyStatic from '@fastify/static';
 import Fastify, {type FastifyInstance} from 'fastify';
 
 import { prismaPlugin } from './plugins/prisma.js';
@@ -21,15 +20,19 @@ import { followRoutes } from './routes/follow.js';
 import { nfcRoutes } from './routes/nfc.js';
 import { profileRoutes } from './routes/profiles.js';
 import { publicRoutes } from './routes/public.js';
-import { validateEnv } from './utils/validateEnv.js';
 import { teamRoutes } from './routes/team.js';
+import { validateEnv } from './utils/validateEnv.js';
 
 const __dirname = path.dirname(fileURLToPath(import.meta.url));
 
 export async function buildApp():Promise<FastifyInstance> {
   // Validate all required secrets before registering any plugin.
   // If validation fails the process exits here — no partially-initialised
   // auth state can exist because Fastify is not yet instantiated.
+  if (process.env.NODE_ENV === 'test') {
+    process.env.JWT_SECRET = process.env.JWT_SECRET || 'test-jwt-secret-that-is-sufficiently-long-and-secure';
+    process.env.ENCRYPTION_KEY = process.env.ENCRYPTION_KEY || 'test-encryption-key-for-testing-purposes-32-chars';
+  }
   validateEnv();
 
   const app = Fastify({
@@ -92,8 +95,8 @@ export async function buildApp():Promise<FastifyInstance> {
     try {
       // Ensure the verified payload is assigned to `request.user` like the original plugin.
       const payload = await request.jwtVerify();
-      if (payload) request.user = payload;
-    } catch (error) {
+      if (payload) {request.user = payload;}
+    } catch {
       reply.status(401).send({ error: 'Unauthorized' });
     }
   });

apps/backend/src/env.ts

@@ -1,6 +1,6 @@
-import process from 'node:process';
 import path from 'node:path';
 import { fileURLToPath } from 'node:url';
+
 import dotenv from 'dotenv';
 
 const __dirname = path.dirname(fileURLToPath(import.meta.url));

apps/backend/src/plugins/prisma.ts

@@ -1,5 +1,6 @@
-import fp from 'fastify-plugin';
 import { PrismaClient } from '@prisma/client';
+import fp from 'fastify-plugin';
+
 import type { FastifyInstance, FastifyRequest, FastifyReply } from 'fastify';
 
 declare module 'fastify' {

apps/backend/src/plugins/redis.ts

@@ -1,5 +1,6 @@
 import fp from 'fastify-plugin';
 import Redis from 'ioredis';
+
 import type { FastifyInstance } from 'fastify';
 
 declare module 'fastify' {
@@ -17,7 +18,7 @@ export const redisPlugin = fp(async (app: FastifyInstance) => {
   try {
     await redis.connect();
     app.log.info('🔴 Redis connected');
-  } catch (error) {
+  } catch {
     app.log.warn('⚠️  Redis connection failed — running without cache');
   }
 

apps/backend/src/routes/analytics.ts

@@ -11,8 +11,8 @@ export async function analyticsRoutes(
   app.get(
     '/overview',
     {
-      // eslint-disable-next-line @typescript-eslint/unbound-method
-      preHandler: [async (request, reply) => { const server = request.server as any; if (typeof server?.authenticate === 'function') { await server.authenticate(request, reply); return } if (typeof (app as any).authenticate === 'function') { await (app as any).authenticate(request, reply); return } try { await request.jwtVerify() } catch (e) { reply.status(401).send({ error: 'Unauthorized' }) } }],
+       
+      preHandler: [async (request, reply) => { const server = request.server as any; if (typeof server?.authenticate === 'function') { await server.authenticate(request, reply); return } if (typeof (app as any).authenticate === 'function') { await (app as any).authenticate(request, reply); return } try { await request.jwtVerify() } catch { reply.status(401).send({ error: 'Unauthorized' }) } }],
     },
     async (
       request: FastifyRequest,
@@ -96,8 +96,8 @@ export async function analyticsRoutes(
   }>(
     '/views',
     {
-      // eslint-disable-next-line @typescript-eslint/unbound-method
-      preHandler: [async (request, reply) => { const server = request.server as any; if (typeof server?.authenticate === 'function') { await server.authenticate(request, reply); return } if (typeof (app as any).authenticate === 'function') { await (app as any).authenticate(request, reply); return } try { await request.jwtVerify() } catch (e) { reply.status(401).send({ error: 'Unauthorized' }) } }],
+       
+      preHandler: [async (request, reply) => { const server = request.server as any; if (typeof server?.authenticate === 'function') { await server.authenticate(request, reply); return } if (typeof (app as any).authenticate === 'function') { await (app as any).authenticate(request, reply); return } try { await request.jwtVerify() } catch { reply.status(401).send({ error: 'Unauthorized' }) } }],
     },
     async (
       request: FastifyRequest<{