Merge branch 'main' into feat/add-pkce-like-session-binding

Author: zhongliang02

.github/workflows/ci.yml

@@ -54,6 +54,10 @@ jobs:
       - name: Setup
         uses: ./tooling/github/setup
 
+      - name: Copy env
+        shell: bash
+        run: cp .env.example .env
+
       - name: Typecheck
         run: pnpm typecheck
 # TODO: Add test CI

apps/web/package.json

@@ -14,6 +14,7 @@
     "with-env": "dotenv -e ../../.env --",
     "test": "vitest",
     "storybook": "CI=1 storybook dev -p 6006",
+    "docker": "docker-compose up",
     "build-storybook": "CI=1 storybook build"
   },
   "dependencies": {
@@ -34,16 +35,16 @@
     "iron-session": "^8.0.4",
     "lodash-es": "^4.17.21",
     "nanoid": "^5.1.6",
-    "next": "16.0.3",
+    "next": "catalog:next",
     "nextjs-toploader": "^3.9.17",
-    "nuqs": "^2.7.3",
-    "react": "19.2.0",
+    "nuqs": "^2.8.2",
+    "react": "catalog:react",
     "react-aria-components": "catalog:",
-    "react-dom": "19.2.0",
+    "react-dom": "catalog:react",
     "react-hook-form": "catalog:",
     "react-icons": "^5.5.0",
     "superjson": "2.2.5",
-    "type-fest": "^5.2.0",
+    "type-fest": "^5.3.0",
     "usehooks-ts": "^3.1.1",
     "zod": "catalog:"
   },
@@ -61,26 +62,26 @@
     "@tanstack/react-query-devtools": "catalog:react-query5",
     "@types/lodash-es": "^4.17.12",
     "@types/node": "catalog:",
-    "@types/react": "19.2.4",
-    "@types/react-dom": "19.2.3",
+    "@types/react": "catalog:react",
+    "@types/react-dom": "catalog:react",
     "@vitest/browser": "catalog:vitest",
     "@vitest/browser-playwright": "catalog:vitest",
     "@vitest/coverage-v8": "catalog:vitest",
     "dotenv-cli": "catalog:",
     "eslint": "catalog:",
     "jiti": "^2.6.1",
-    "msw": "^2.12.1",
+    "msw": "^2.12.3",
     "msw-storybook-addon": "^2.0.6",
     "msw-trpc": "^2.0.1",
-    "playwright": "^1.56.1",
+    "playwright": "^1.57.0",
     "prettier": "catalog:",
     "storybook": "catalog:storybook10",
     "storybook-addon-vite-mock": "catalog:storybook10",
     "tailwindcss": "catalog:tailwindcss4",
-    "testcontainers": "^11.8.1",
+    "testcontainers": "^11.9.0",
     "tw-animate-css": "^1.4.0",
     "typescript": "catalog:",
-    "vite": "^7.2.2",
+    "vite": "^7.2.6",
     "vite-tsconfig-paths": "^5.1.4",
     "vitest": "catalog:vitest",
     "vitest-mock-extended": "^3.1.0"

apps/web/src/server/modules/auth/auth.service.ts

@@ -121,14 +121,26 @@ export const emailVerifyOtp = async ({
       })
     }
 
+    // NOTE: You can also use `kysely` for your queries
+    // if you want more fine-grained control.
     // Valid token, delete record to prevent reuse
-    return db.verificationToken.delete({
-      where: {
-        identifier: vfnIdentifier,
-      },
-    })
+    return db.$kysely
+      .deleteFrom('VerificationToken')
+      .where('identifier', '=', vfnIdentifier)
+      .returningAll()
+      .executeTakeFirstOrThrow(
+        // NOTE: If we are unable to find the token,
+        // this means that it has been deleted between
+        // our initial query and the deletion here
+        () =>
+          new TRPCError({
+            code: 'BAD_REQUEST',
+            message:
+              'Token is invalid or has expired. Please request a new OTP.',
+          }),
+      )
   } catch (error) {
-    // see error code here: https://www.prisma.io/docs/reference/api-reference/error-reference#p2025
+    // see error code here: https://www.prisma.io/docs/orm/reference/error-reference#p2025
     if (
       error instanceof Prisma.PrismaClientKnownRequestError &&
       error.code === 'P2025'

apps/web/turbo.json

@@ -6,8 +6,12 @@
       "dependsOn": ["^build"],
       "outputs": [".next/**", "!.next/cache/**", "next-env.d.ts"]
     },
+    "docker": {
+      "cache": false
+    },
     "dev": {
-      "persistent": true
+      "persistent": true,
+      "dependsOn": ["docker"]
     }
   }
 }

apps/web/vercel.json

@@ -0,0 +1,4 @@
+{
+  "$schema": "https://openapi.vercel.sh/vercel.json",
+  "buildCommand": "turbo vercel-build"
+}

docker-compose.yml

@@ -8,7 +8,7 @@ services:
       - POSTGRES_USER=root
       - POSTGRES_PASSWORD=root
     volumes:
-      - postgres-volume:/var/lib/postgresql/data
+      - postgres-volume:/var/lib/postgresql
 
 volumes:
   postgres-volume:

package.json

@@ -3,9 +3,8 @@
   "private": true,
   "engines": {
     "node": ">=24.11.1",
-    "pnpm": ">=10.18.1"
+    "pnpm": ">=10.17.1"
   },
-  "packageManager": "[email protected]+sha512.77a884a165cbba2d8d1c19e3b4880eee6d2fcabd0d879121e282196b80042351d5eb3ca0935fa599da1dc51265cc68816ad2bddd2a2de5ea9fdf92adbec7cd34",
   "scripts": {
     "build": "turbo run build",
     "vercel-build": "turbo run vercel-build",
@@ -33,5 +32,6 @@
     "typescript": "catalog:",
     "vitest": "^4.0.8"
   },
-  "prettier": "@acme/prettier-config"
+  "prettier": "@acme/prettier-config",
+  "packageManager": "[email protected]+sha512.17c560fca4867ae9473a3899ad84a88334914f379be46d455cbf92e5cf4b39d34985d452d2583baf19967fa76cb5c17bc9e245529d0b98745721aa7200ecaf7a"
 }