fix(auth): make DISABLE_AUTH usable for /workspace

[jayy-77]

Summary

• Fix DISABLE_AUTH mode causing a blank /workspace by returning an anonymous session using the same response envelope as Better Auth’s get-session endpoint.
• Make the session provider tolerant to both wrapped ({ data: ... }) and raw session payload shapes.

Test plan

• bun run test -- lib/auth/session-response.test.ts \"app/api/auth/[...all]/route.test.ts\"

Fixes #2524

[vercel]

@jayy-77 is attempting to deploy a commit to the Sim Team on Vercel.

A member of the Team first needs to authorize it.

[greptile-apps]

Greptile Summary

This PR fixes DISABLE_AUTH mode for /workspace by ensuring the anonymous session response matches Better Auth's expected { data: ... } envelope format. The session provider now tolerantly handles both wrapped and raw session payloads.

Key changes:

• Added extractSessionDataFromAuthClientResult utility to handle both { data: session } (Better Auth format) and raw { user, session } payloads
• Created createAnonymousGetSessionResponse to wrap anonymous sessions in the proper envelope
• Updated /api/auth/get-session endpoint to return wrapped response when auth is disabled
• Made SessionProvider use the extraction utility for consistent session handling
• Added comprehensive test coverage for both new utilities

The fix ensures /workspace no longer shows a blank page in DISABLE_AUTH mode.

Confidence Score: 4/5

• This PR is safe to merge with one minor style improvement recommended
• The implementation correctly fixes the DISABLE_AUTH blank page issue with proper response envelope wrapping. Comprehensive test coverage validates both the extraction utility and route behavior. The only concern is a type assertion in session-provider.tsx that bypasses type safety, though it's unlikely to cause runtime issues given the extraction function's validation logic.
• No files require special attention - all changes are straightforward with good test coverage

Important Files Changed

Filename	Overview
apps/sim/lib/auth/session-response.ts	Added utility to extract session data from wrapped or raw payloads, handles both Better Auth's { data: ... } envelope and raw session objects
apps/sim/lib/auth/anonymous.ts	Added createAnonymousGetSessionResponse to wrap anonymous session in Better Auth's expected { data: ... } response envelope
apps/sim/app/api/auth/[...all]/route.ts	Updated to return properly wrapped anonymous session response using createAnonymousGetSessionResponse for consistency with Better Auth format
apps/sim/app/_shell/providers/session-provider.tsx	Updated to use extractSessionDataFromAuthClientResult for tolerant handling of both wrapped and raw session responses, but uses unsafe type assertion

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[SessionProvider requests session] --> B{DISABLE_AUTH enabled?}
    B -->|Yes| C[ensureAnonymousUserExists]
    C --> D[createAnonymousGetSessionResponse]
    D --> E[Return wrapped anonymous session]
    B -->|No| F[Delegate to Better Auth handler]
    F --> E
    E --> G[extractSessionDataFromAuthClientResult]
    G --> H{Response has data property?}
    H -->|Yes| I[Extract from data envelope]
    H -->|No| J{Response has user property?}
    J -->|Yes| K[Use raw response]
    J -->|No| L[Return null]
    I --> M[Session loaded in provider]
    K --> M
    L --> M

Loading

_{Last reviewed commit: ee579b5}

[greptile-apps]

_{6 files reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}