From 83aae1c4207bdd629164831f7a5368644738603a Mon Sep 17 00:00:00 2001
From: Ridanshi <ridanshiagarwal2@gmail.com>
Date: Mon, 18 May 2026 12:15:38 +0530
Subject: [PATCH] fix(auth): encrypt OAuth tokens using encryption utility
 directly

auth.ts silently stored GitHub OAuth access tokens as plaintext because
the encryption check relied on a non-existent `app.encryption` Fastify
decorator - the condition always evaluated false, falling back to the raw
token. connect.ts called `app.encryption.encrypt()` directly, throwing
a TypeError at runtime and breaking the GitHub connect flow entirely.

Both routes now import `encrypt()` directly from utils/encryption.ts,
consistent with how follow.ts already imports `decrypt()` from the same module.
---
 apps/backend/src/routes/auth.ts    | 3 ++-
 apps/backend/src/routes/connect.ts | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/apps/backend/src/routes/auth.ts b/apps/backend/src/routes/auth.ts
index e12f10a..2c05184 100644
--- a/apps/backend/src/routes/auth.ts
+++ b/apps/backend/src/routes/auth.ts
@@ -1,4 +1,5 @@
 import type { FastifyInstance, FastifyRequest, FastifyReply } from 'fastify';
+import { encrypt } from '../utils/encryption.js';
 
 const GITHUB_AUTH_URL = 'https://github.com/login/oauth/authorize';
 const GITHUB_TOKEN_URL = 'https://github.com/login/oauth/access_token';
@@ -103,7 +104,7 @@ export async function authRoutes(app: FastifyInstance) {
       });
 
       // Save the authentication token for 'user:email read:user' so we have a basic platform connection
-      const encryptedToken = (app as any).encryption ? (app as any).encryption.encrypt(tokenData.access_token) : tokenData.access_token;
+      const encryptedToken = encrypt(tokenData.access_token);
       
       await app.prisma.oAuthToken.upsert({
         where: { userId_platform: { userId: user.id, platform: 'github' } },
diff --git a/apps/backend/src/routes/connect.ts b/apps/backend/src/routes/connect.ts
index 952e845..15255dc 100644
--- a/apps/backend/src/routes/connect.ts
+++ b/apps/backend/src/routes/connect.ts
@@ -1,4 +1,5 @@
 import type { FastifyInstance, FastifyRequest, FastifyReply } from 'fastify';
+import { encrypt } from '../utils/encryption.js';
 
 const GITHUB_AUTH_URL = 'https://github.com/login/oauth/authorize';
 const GITHUB_TOKEN_URL = 'https://github.com/login/oauth/access_token';
@@ -95,7 +96,7 @@ export async function connectRoutes(app: FastifyInstance) {
       }
 
       // Encrypt and store the token
-      const encryptedToken = app.encryption.encrypt(tokenData.access_token);
+      const encryptedToken = encrypt(tokenData.access_token);
 
       await app.prisma.oAuthToken.upsert({
         where: {