[CLEAN] Synthetic Benchmark PR #25963 - chore: Ensure that uuid is available in server session[Booking Audit Prerequisite]

[tomerqodo]

Benchmark PR calcom#25963

Type: Clean (correct implementation)

Original PR Title: chore: Ensure that uuid is available in server session[Booking Audit Prerequisite]
Original PR Description: ## What does this PR do?

Similar to calcom#25721, adds uuid in session so that BookingAudit has it readily available

Adds the user's UUID to the booking metadata by:

1. Extending the NextAuth User interface to include an optional uuid property from PrismaUser
2. Making uuid required on Session.user via intersection type (User & { uuid: PrismaUser["uuid"] })
3. Adding uuid to the session user object in getServerSession.ts
4. Adding uuid to the AdapterUser transformation in next-auth-custom-adapter.ts
5. Passing userUuid from the session to the booking creation flow
6. Updating the API key verification flow to include uuid in the user data (repository, service, and type definitions)
7. Adding req.userUuid as a required field on the request object (like req.userId)
8. Adding uuid to mock session objects in web app routes and test context
9. Adding uuid to the findByEmailAndIncludeProfilesAndPassword query in UserRepository

Also removes commented-out code that was placeholder for future work and fixes lint warnings for unused variables.

Mandatory Tasks (DO NOT REMOVE)

• I have self-reviewed the code (A decent size PR without self-review might be rejected).
• I have updated the developer docs in /docs if this PR makes changes that would require a documentation change. N/A - no documentation changes needed.
• I confirm automated tests are in place that prove my fix is effective or that my feature works.

How should this be tested?

1. Verify that the NextAuth session callback is already populating the uuid field on the user object
2. Create a booking and confirm userUuid is included in the booking metadata
3. Test API v1 endpoints (/api/invites POST and /api/teams/[teamId]/publish) to verify they receive the uuid from the authenticated user
4. Check that the booking flow works correctly with the new parameter
5. Test SAML login flow to verify session still works correctly (uuid is resolved from database after authentication)

Human Review Checklist

• Verify the NextAuth session callback populates uuid - if not, this change will pass undefined at runtime
• Confirm userUuid is consumed downstream in the booking service
• Verify that PrismaApiKeyRepository.findByHashedKey() correctly fetches the user's uuid from the database
• Verify the discriminated union type in ApiKeyService.ts ensures result.user is always defined when result.valid is true
• Confirm all API v1 endpoints using req.userUuid go through the verifyApiKey middleware
• Verify UserRepository.findByEmailAndIncludeProfilesAndPassword() includes uuid in the select clause
• Verify SAML login still works correctly - uuid is now optional on User interface so SAML providers don't need to supply it at profile stage

Updates since last revision

• Made uuid optional on User, required on Session: Changed the type strategy so uuid is optional on the NextAuth User interface but required on Session.user via intersection type. This allows SAML providers to not supply uuid at the profile stage while ensuring uuid is always present on the session after the user is resolved from the database.
• Removed uuid from SAML functions: Since uuid is now optional on User, the SAML profile and authorize functions no longer need to include it.

---

Link to Devin run: https://app.devin.ai/sessions/97e5603b719a420b9b35041252c9db26
Requested by: hariom@cal.com (@hariombalhara)
Original PR URL: calcom#25963

[github-actions]

Hey there and thank you for opening this pull request! 👋🏼

We require pull request titles to follow the Conventional Commits specification and it looks like your proposed title needs to be adjusted.

Details:

No release type found in pull request title "[CLEAN] Synthetic Benchmark PR #25963 - chore: Ensure that uuid is available in server session[Booking Audit Prerequisite]". Add a prefix to indicate what kind of release this pull request corresponds to. For reference, see https://www.conventionalcommits.org/

Available types:
 - feat: A new feature
 - fix: A bug fix
 - docs: Documentation only changes
 - style: Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc)
 - refactor: A code change that neither fixes a bug nor adds a feature
 - perf: A code change that improves performance
 - test: Adding missing tests or correcting existing tests
 - build: Changes that affect the build system or external dependencies (example scopes: gulp, broccoli, npm)
 - ci: Changes to our CI configuration files and scripts (example scopes: Travis, Circle, BrowserStack, SauceLabs)
 - chore: Other changes that don't modify src or test files
 - revert: Reverts a previous commit

[github-actions]

This PR has been marked as stale due to inactivity. If you're still working on it or need any help, please let us know or update the PR to keep it active.