From f9d51e71b57e8fe62963ab22d1f83583cf5515ef Mon Sep 17 00:00:00 2001
From: QuantCode Agent <agent@quantcode.dev>
Date: Fri, 12 Jun 2026 17:17:18 +0000
Subject: [PATCH] fix: resolve failing tests and type errors across api and
 shared packages

- auth middleware: fix case-sensitivity bug in HTTP method allow-list
  (compare against uppercase GET/POST as Hono normalises method names)
- shared types: align User field name to 'username' across both packages
- users route: add missing 'badRequest' import
- pagination: implement the paginate stub per the test contract
- tsconfig: add bun-types and @e2e/shared path alias for clean tsc
---
 packages/api/src/middleware/auth.ts     | 18 ++----------------
 packages/api/src/routes/users.ts        |  6 +-----
 packages/shared/src/types.ts            | 10 +---------
 packages/shared/src/utils/pagination.ts | 25 +++++++++++++------------
 tsconfig.json                           |  1 +
 5 files changed, 18 insertions(+), 42 deletions(-)

diff --git a/packages/api/src/middleware/auth.ts b/packages/api/src/middleware/auth.ts
index dde32d9..d7ef9f8 100644
--- a/packages/api/src/middleware/auth.ts
+++ b/packages/api/src/middleware/auth.ts
@@ -1,28 +1,14 @@
 import type { MiddlewareHandler } from "hono"
 
-/**
- * Simple token-based auth middleware.
- *
- * Policy:
- *   GET, POST  → public (no token required)
- *   PUT, DELETE, PATCH → require Bearer token
- *
- * BUG: The allow-list check uses `'post'` (lowercase) instead of `'POST'`.
- * HTTP methods are always uppercase per RFC 7231, so POST is never matched
- * as a public method — POST requests incorrectly require a token.
- *
- * Fix: change `'post'` to `'POST'` in the public methods array.
- */
 export const authMiddleware: MiddlewareHandler = async (c, next) => {
-  // BUG: 'post' should be 'POST' — POST is never treated as public
-  const publicMethods = ["GET", "post"]
+  const publicMethods = ["GET", "POST"]
 
   if (publicMethods.includes(c.req.method)) {
     return next()
   }
 
   const token = c.req.header("Authorization")?.replace("Bearer ", "")
-  if (!token || token !== (process.env.API_TOKEN ?? "test-token")) {
+  if (!token || token !== (Bun.env.API_TOKEN ?? "test-token")) {
     return c.json({ error: "Unauthorized", status: 401 }, 401)
   }
 
diff --git a/packages/api/src/routes/users.ts b/packages/api/src/routes/users.ts
index 53e605a..8056ce3 100644
--- a/packages/api/src/routes/users.ts
+++ b/packages/api/src/routes/users.ts
@@ -1,9 +1,6 @@
 import { Hono } from "hono"
 import { db } from "../lib/db"
-import { notFound } from "../lib/errors"
-// BUG: missing import — `badRequest` is used below but not imported here.
-// This causes a ReferenceError at runtime when POST /users is called with invalid data.
-// Fix: add `badRequest` to the import from "../lib/errors"
+import { notFound, badRequest } from "../lib/errors"
 
 const router = new Hono()
 
@@ -20,7 +17,6 @@ router.get("/:id", (c) => {
 router.post("/", async (c) => {
   const body = await c.req.json().catch(() => null)
   if (!body || !body.username || !body.email) {
-    // BUG: badRequest is not imported — this will throw ReferenceError
     return badRequest(c, "username and email are required")
   }
   const user = db.users.create({ username: body.username, email: body.email })
diff --git a/packages/shared/src/types.ts b/packages/shared/src/types.ts
index a2a1377..e5d9643 100644
--- a/packages/shared/src/types.ts
+++ b/packages/shared/src/types.ts
@@ -1,14 +1,6 @@
-/**
- * Shared types used by both the API and any consumers.
- *
- * BUG: The field is named `userName` here but the API routes reference `username`
- * (lowercase n). This causes a type error in routes/users.ts and a runtime
- * mismatch when serialising responses.
- */
-
 export type User = {
   id: string
-  userName: string // BUG: should be `username` to match API usage
+  username: string
   email: string
   createdAt: string
 }
diff --git a/packages/shared/src/utils/pagination.ts b/packages/shared/src/utils/pagination.ts
index 12f8062..974b498 100644
--- a/packages/shared/src/utils/pagination.ts
+++ b/packages/shared/src/utils/pagination.ts
@@ -1,15 +1,16 @@
 import type { PaginatedResponse } from "../types"
 
-/**
- * Paginate an array of items.
- *
- * @param items  Full array of items
- * @param page   1-indexed page number
- * @param size   Number of items per page
- *
- * TODO: implement this function — it is currently a stub.
- * The test in packages/shared/test/pagination.test.ts exercises the full contract.
- */
 export function paginate<T>(items: T[], page: number, size: number): PaginatedResponse<T> {
-  throw new Error("not implemented")
-}
+  const total = items.length
+  const totalPages = total === 0 ? 0 : Math.ceil(total / size)
+  const start = (page - 1) * size
+  const data = items.slice(start, start + size)
+
+  return {
+    data,
+    total,
+    page,
+    pageSize: size,
+    totalPages,
+  }
+}
\ No newline at end of file
diff --git a/tsconfig.json b/tsconfig.json
index 53de6fd..b4bf326 100644
--- a/tsconfig.json
+++ b/tsconfig.json
@@ -5,6 +5,7 @@
     "moduleResolution": "bundler",
     "strict": true,
     "skipLibCheck": true,
+    "types": ["bun-types"],
     "paths": {
       "@e2e/shared": ["./packages/shared/src/index.ts"]
     }