From 819b6c190abd441c3408fe2811cd7495b5d155b8 Mon Sep 17 00:00:00 2001
From: kimjaehyeon0101 <47347352-kimjaehyeon0101@users.noreply.replit.com>
Date: Mon, 29 Sep 2025 19:41:12 +0000
Subject: [PATCH] Improve user authentication and bid data handling

Standardizes user ID retrieval across multiple API endpoints and formats bid amount to string in the client.

Replit-Commit-Author: Agent
Replit-Commit-Session-Id: 069d4324-6c40-4355-955e-c714a50de1ea
Replit-Commit-Checkpoint-Type: intermediate_checkpoint
Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/3df548ff-50ae-432f-9be4-25d34eccc983/069d4324-6c40-4355-955e-c714a50de1ea/YptCfK0
---
 .replit                                 |  4 ++++
 client/src/pages/MediaOutletAuction.tsx |  6 +++++-
 server/routes.ts                        | 16 ++++++++--------
 3 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/.replit b/.replit
index b0526f5..1746cb0 100644
--- a/.replit
+++ b/.replit
@@ -22,6 +22,10 @@ externalPort = 3002
 localPort = 37531
 externalPort = 3001
 
+[[ports]]
+localPort = 39291
+externalPort = 3003
+
 [[ports]]
 localPort = 43349
 externalPort = 3000
diff --git a/client/src/pages/MediaOutletAuction.tsx b/client/src/pages/MediaOutletAuction.tsx
index 405a45f..d080c5c 100644
--- a/client/src/pages/MediaOutletAuction.tsx
+++ b/client/src/pages/MediaOutletAuction.tsx
@@ -37,7 +37,11 @@ export default function MediaOutletAuction() {
 
   const placeBidMutation = useMutation({
     mutationFn: async (bidData: { amount: number; qualityScore?: number }) => {
-      return apiRequest("POST", `/api/media-outlets/${params?.slug}/auction/bids`, bidData);
+      const formattedData = {
+        amount: bidData.amount.toString(),
+        qualityScore: bidData.qualityScore
+      };
+      return apiRequest("POST", `/api/media-outlets/${params?.slug}/auction/bids`, formattedData);
     },
     onSuccess: () => {
       toast({
diff --git a/server/routes.ts b/server/routes.ts
index 3368aa8..60aa740 100644
--- a/server/routes.ts
+++ b/server/routes.ts
@@ -180,7 +180,7 @@ export async function registerRoutes(app: Express): Promise<Server> {
 
   app.post('/api/auctions/:id/bid', isAuthenticated, async (req: any, res) => {
     try {
-      const userId = req.user.claims.sub;
+      const userId = req.user.claims?.sub || req.user.id;
       const bidData = insertBidSchema.parse({
         ...req.body,
         auctionId: req.params.id,
@@ -207,7 +207,7 @@ export async function registerRoutes(app: Express): Promise<Server> {
         return res.status(404).json({ message: "No active auction found for this media outlet" });
       }
 
-      const userId = req.user.claims.sub;
+      const userId = req.user.claims?.sub || req.user.id;
       const bidData = insertBidSchema.parse({
         ...req.body,
         auctionId: auction.id,
@@ -225,7 +225,7 @@ export async function registerRoutes(app: Express): Promise<Server> {
   // Prediction market betting endpoints
   app.post('/api/prediction-markets/:marketId/bets', isAuthenticated, async (req: any, res) => {
     try {
-      const userId = req.user.claims.sub;
+      const userId = req.user.claims?.sub || req.user.id;
       const { side, amount } = req.body;
 
       // Validate request
@@ -258,7 +258,7 @@ export async function registerRoutes(app: Express): Promise<Server> {
   // Media outlet request routes
   app.get('/api/media-outlet-requests', isAuthenticated, async (req: any, res) => {
     try {
-      const userId = req.user.claims.sub;
+      const userId = req.user.claims?.sub || req.user.id;
       const user = await storage.getUser(userId);
       
       if (!user || user.role !== 'superadmin') {
@@ -276,7 +276,7 @@ export async function registerRoutes(app: Express): Promise<Server> {
 
   app.post('/api/media-outlet-requests', isAuthenticated, async (req: any, res) => {
     try {
-      const userId = req.user.claims.sub;
+      const userId = req.user.claims?.sub || req.user.id;
       const requestData = insertMediaOutletRequestSchema.parse({
         ...req.body,
         requesterId: userId
@@ -292,7 +292,7 @@ export async function registerRoutes(app: Express): Promise<Server> {
 
   app.patch('/api/media-outlet-requests/:id', isAuthenticated, async (req: any, res) => {
     try {
-      const userId = req.user.claims.sub;
+      const userId = req.user.claims?.sub || req.user.id;
       const user = await storage.getUser(userId);
       
       if (!user || user.role !== 'superadmin') {
@@ -321,7 +321,7 @@ export async function registerRoutes(app: Express): Promise<Server> {
 
   app.post('/api/articles/:articleId/comments', isAuthenticated, async (req: any, res) => {
     try {
-      const userId = req.user.claims.sub;
+      const userId = req.user.claims?.sub || req.user.id;
       const commentData = insertCommentSchema.parse({
         ...req.body,
         articleId: req.params.articleId,
@@ -339,7 +339,7 @@ export async function registerRoutes(app: Express): Promise<Server> {
   // Analytics routes
   app.get('/api/analytics', isAuthenticated, async (req: any, res) => {
     try {
-      const userId = req.user.claims.sub;
+      const userId = req.user.claims?.sub || req.user.id;
       const user = await storage.getUser(userId);
       
       if (!user || (user.role !== 'admin' && user.role !== 'superadmin')) {