refactor: remove all JWT-related code and references

JWT was never used - auth uses X-User-Id header. Removes jwt.ts utility, jsonwebtoken dependency, stubbed refresh/logout endpoints, and updates all docs (PUML diagrams, api-routes, tex, CLAUDE.md) accordingly.
2026-02-09 20:02:05 +01:00
parent cb32bd23ca
commit 73e768a0ad
12 changed files with 10 additions and 179 deletions
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -48,7 +48,7 @@ npm run start -w @calchat/server        # Run compiled server (port 3000)
 | | MongoDB | Database |
 | | Mongoose | ODM |
 | | GPT (OpenAI) | AI/LLM for chat |
-| | X-User-Id Header | Authentication (simple, no JWT yet) |
+| | X-User-Id Header | Authentication |
 | | pino / pino-http | Structured logging |
 | | react-native-logs | Client-side logging |
 | | tsdav | CalDAV client library |
@@ -235,7 +235,7 @@ CardBase
 src/
 ├── app.ts                    # Entry point, DI setup, Express config
 ├── controllers/              # Request handlers + middleware (per architecture diagram)
-│   ├── AuthController.ts     # login(), register(), refresh(), logout()
+│   ├── AuthController.ts     # login(), register()
 │   ├── ChatController.ts     # sendMessage(), confirmEvent() + CalDAV push, rejectEvent(), getConversations(), getConversation(), updateProposalEvent()
 │   ├── EventController.ts    # create(), getById(), getAll(), getByDateRange(), update(), delete() - pushes/deletes to CalDAV on mutations
 │   ├── CaldavController.ts   # saveConfig(), loadConfig(), deleteConfig(), pullEvents(), pushEvents(), pushEvent()
@@ -285,7 +285,6 @@ src/
 │       ├── toolDefinitions.ts # TOOL_DEFINITIONS - provider-agnostic tool specs
 │       └── toolExecutor.ts   # executeToolCall() - handles getDay, proposeCreate/Update/Delete, searchEvents, getEventsInRange
 ├── utils/
-│   ├── jwt.ts                # signToken(), verifyToken() - NOT USED YET (no JWT)
 │   ├── password.ts           # hash(), compare() using bcrypt
 │   ├── eventFormatters.ts    # getWeeksOverview(), getMonthOverview() - formatted event listings
 │   └── recurrenceExpander.ts # expandRecurringEvents() - expand recurring events into occurrences
@@ -296,8 +295,6 @@ src/
 **API Endpoints:**
 - `POST /api/auth/login` - User login
 - `POST /api/auth/register` - User registration
- `POST /api/auth/refresh` - Refresh JWT token
- `POST /api/auth/logout` - User logout
 - `GET /api/events` - Get all events (protected)
 - `GET /api/events/range` - Get events by date range (protected)
 - `GET /api/events/:id` - Get single event (protected)
@@ -536,8 +533,6 @@ docker compose up -d                  # Start Radicale CalDAV server
 ### Environment Variables
 Server requires `.env` file in `apps/server/`:
 ```
-JWT_SECRET=your-secret-key
-JWT_EXPIRES_IN=1h
 MONGODB_URI=mongodb://root:mongoose@localhost:27017/calchat?authSource=admin
 OPENAI_API_KEY=sk-proj-...
 USE_TEST_RESPONSES=false    # true = static test responses, false = real GPT AI
@@ -585,10 +580,6 @@ NODE_ENV=development        # development = pretty logs, production = JSON
  - `EventService`: Extended with searchByTitle(), findByCaldavUUID()
  - `utils/eventFormatters`: Refactored to use EventService instead of EventRepository
  - CORS configured to allow X-User-Id header
- **Stubbed (TODO):**
-  - `AuthController`: refresh(), logout()
-  - `AuthService`: refreshToken()
-  - JWT authentication (currently using simple X-User-Id header)

 **Shared:**
 - Types, DTOs, constants (Day, Month with German translations), ExpandedEvent type, CaldavConfig, CaldavSyncStatus defined and exported