Session 9: api-football + FootApi + Tank01 adapters, grace period middleware, cookie consent, /pricing page, OOM fix documented (1240 tests)

src/middleware/auth.js

@@ -14,10 +14,14 @@ async function requireAuth(req, res, next) {
     return res.status(401).json({ error: 'Invalid or expired token' });
   }
 
-  // Fetch user profile from our users table
+  // Fetch user profile from our users table. Session 9 added
+  // `grace_period_until` + `stripe_customer_id` to the select so the
+  // grace-period middleware can read them off `req.user` without a
+  // second round-trip. Both fields default to null when absent so
+  // pre-Stripe users behave identically to before.
   const { data: profile, error: profileError } = await supabase
     .from('users')
-    .select('id, email, tier, scan_count, scan_reset_date, founder_status')
+    .select('id, email, tier, scan_count, scan_reset_date, founder_status, grace_period_until, stripe_customer_id')
     .eq('id', user.id)
     .single();