Remove multi-tenant company_id scoping from entire codebase

Drop company_id column from all 22 domain tables via migration. Remove companyId from JWT payload, auth plugins, all service method signatures (~215 occurrences), all route handlers (~105 occurrences), test runner, test suites, and frontend auth store/types. The company table stays as store settings (name, timezone). Tenant isolation in a SaaS deployment would be at the database level (one DB per customer) not the application level. All 107 API tests pass. Zero TSC errors across all packages.
2026-03-29 14:58:33 -05:00
parent 55f8591cf1
commit d36c6f7135
35 changed files with 353 additions and 511 deletions
--- a/packages/backend/src/routes/v1/auth.ts
+++ b/packages/backend/src/routes/v1/auth.ts
@@ -3,7 +3,6 @@ import { eq } from 'drizzle-orm'
 import bcrypt from 'bcrypt'
 import { RegisterSchema, LoginSchema } from '@forte/shared/schemas'
 import { users } from '../../db/schema/users.js'
-import { companies } from '../../db/schema/stores.js'

 const SALT_ROUNDS = 10

@@ -27,28 +26,8 @@ export const authRoutes: FastifyPluginAsync = async (app) => {
    }

    const { email, password, firstName, lastName, role } = parsed.data
-    const companyId = request.companyId

-    // Validate that the company exists
-    if (!companyId) {
-      return reply.status(400).send({
-        error: { message: 'Company ID is required (x-company-id header)', statusCode: 400 },
-      })
-    }
-
-    const [company] = await app.db
-      .select({ id: companies.id })
-      .from(companies)
-      .where(eq(companies.id, companyId))
-      .limit(1)
-
-    if (!company) {
-      return reply.status(400).send({
-        error: { message: 'Invalid company', statusCode: 400 },
-      })
-    }
-
-    // Email is globally unique across all companies
+    // Email is globally unique
    const existing = await app.db
      .select({ id: users.id })
      .from(users)
@@ -66,7 +45,6 @@ export const authRoutes: FastifyPluginAsync = async (app) => {
    const [user] = await app.db
      .insert(users)
      .values({
-        companyId,
        email,
        passwordHash,
        firstName,
@@ -84,11 +62,10 @@ export const authRoutes: FastifyPluginAsync = async (app) => {

    const token = app.jwt.sign({
      id: user.id,
-      companyId,
      role: user.role,
    })

-    request.log.info({ userId: user.id, email: user.email, companyId }, 'User registered')
+    request.log.info({ userId: user.id, email: user.email }, 'User registered')
    return reply.status(201).send({ user, token })
  })

@@ -126,7 +103,6 @@ export const authRoutes: FastifyPluginAsync = async (app) => {

    const token = app.jwt.sign({
      id: user.id,
-      companyId: user.companyId,
      role: user.role,
    })