@etus/bhono-app 0.1.6 → 0.1.7

package/templates/base/src/server/db/sql.ts

@@ -16,6 +16,26 @@ export type SqlParams = SqlValue[]
 export type SqlRow = Record<string, unknown>
 export type RowMapper<T> = (row: SqlRow) => T
 
+/**
+ * Safely convert an unknown database value to a string.
+ * Returns empty string for null/undefined/objects.
+ */
+export function toStringValue(value: unknown): string {
+  if (typeof value === 'string') return value
+  if (typeof value === 'number' || typeof value === 'bigint') return String(value)
+  return ''
+}
+
+/**
+ * Safely convert an unknown database value to a string or null.
+ */
+export function toNullableString(value: unknown): string | null {
+  if (value === null || value === undefined) return null
+  if (typeof value === 'string') return value
+  if (typeof value === 'number' || typeof value === 'bigint') return String(value)
+  return null
+}
+
 function normalizeValue(value: SqlValue): unknown {
   if (value === undefined) return null
   if (value instanceof Date) return value.toISOString()
@@ -41,7 +61,7 @@ export async function queryAll<T = SqlRow>(
 ): Promise<T[]> {
   const prepared = prepareStatement(db, statement, params)
   const result = await prepared.all<SqlRow>()
-  const rows = result.results ?? []
+  const rows = result.results
   return mapper ? rows.map(mapper) : (rows as T[])
 }
 
@@ -63,7 +83,7 @@ export async function queryValue<T = unknown>(
   params?: SqlParams,
   column?: string
 ): Promise<T | null> {
-  const row = await queryOne<SqlRow>(db, statement, params)
+  const row = await queryOne(db, statement, params)
   if (!row) return null
   if (column) return (row[column] as T) ?? null
   const firstKey = Object.keys(row)[0]
@@ -75,7 +95,7 @@ export async function execute(
   db: D1Database,
   statement: string,
   params?: SqlParams
-): Promise<D1Result<unknown>> {
+): Promise<D1Result> {
   const prepared = prepareStatement(db, statement, params)
   return prepared.run()
 }
@@ -88,7 +108,7 @@ export interface BatchStatement {
 export async function executeBatch(
   db: D1Database,
   statements: BatchStatement[]
-): Promise<D1Result<unknown>[]> {
+): Promise<D1Result[]> {
   const preparedStatements = statements.map((item) =>
     prepareStatement(db, item.statement, item.params)
   )

package/templates/base/src/server/index.ts

@@ -65,6 +65,7 @@ app.use('/auth/*', async (c, next) => {
   const path = c.req.path
   // Only apply strict rate limit to login-related endpoints (brute force protection)
   if (path === '/auth/login' || path === '/auth/callback') {
+    // eslint-disable-next-line @typescript-eslint/no-unsafe-argument -- Hono wildcard route typing
     return loginRateLimiter(c, next)
   }
   // Other auth endpoints (/auth/me, /auth/refresh, /auth/logout) use global rate limit

package/templates/base/src/server/lib/audited-db.ts

@@ -1,7 +1,7 @@
 // src/server/lib/audited-db.ts
 import type { ServiceContext } from '../types'
 import { logAudit, createChangeDiff } from './audit'
-import { execute, queryAll, type SqlParams } from '../db/sql'
+import { execute, queryAll, toStringValue, type SqlParams } from '../db/sql'
 
 /**
  * Base interface for auditable records - requires an id field
@@ -64,7 +64,7 @@ function normalizeRows(
     }
   }
 
-  const columns = Array.from(columnSet)
+  const columns = [...columnSet]
   if (columns.length === 0) {
     throw new Error('No columns provided for SQL operation')
   }
@@ -96,11 +96,11 @@ async function auditedInsertSql<TRecord extends AuditableRecord>(
 ): Promise<TRecord[]> {
   const { columns, rows } = normalizeRows(values, options?.columnMap)
   const sql = buildInsertSql(tableName, columns, rows.length)
-  const params = rows.flatMap((row) => columns.map((column) => row[column]))
+  const params = rows.flatMap((row) => columns.map((column) => row[column])) as SqlParams
   const results = await queryAll<Record<string, unknown>>(db, sql, params)
 
   for (const record of results) {
-    const entityId = String(record[options?.primaryKey ?? 'id'] ?? '')
+    const entityId = toStringValue(record[options?.primaryKey ?? 'id'])
     await logAudit(db, ctx, tableName, entityId, 'INSERT', record)
   }
 
@@ -133,7 +133,7 @@ async function auditedUpdateSql<TRecord extends AuditableRecord>(
   )
 
   const setClause = columns.map((column) => `${column} = ?`).join(', ')
-  const params = columns.map((column) => mappedValues[column]).concat(where.params ?? [])
+  const params = [...columns.map((column) => mappedValues[column]), ...(where.params ?? [])] as SqlParams
 
   let results: Record<string, unknown>[] = []
   try {
@@ -154,12 +154,12 @@ async function auditedUpdateSql<TRecord extends AuditableRecord>(
   const primaryKey = options?.primaryKey ?? 'id'
   const oldById = new Map<string, Record<string, unknown>>()
   for (const record of oldRecords) {
-    const id = String(record[primaryKey] ?? '')
+    const id = toStringValue(record[primaryKey])
     oldById.set(id, record)
   }
 
   for (const record of results) {
-    const entityId = String(record[primaryKey] ?? '')
+    const entityId = toStringValue(record[primaryKey])
     const oldData = oldById.get(entityId) ?? {}
     const diff = createChangeDiff(oldData, record)
     await logAudit(db, ctx, tableName, entityId, 'UPDATE', diff)
@@ -187,7 +187,7 @@ async function auditedDeleteSql(
     ...options?.softDeleteColumns,
   }
 
-  const setColumns: Array<[string, unknown]> = [
+  const setColumns: [string, unknown][] = [
     [columns.deletedAt, timestamp],
     [columns.deletedById, ctx.user.id],
     [columns.updatedAt, timestamp],
@@ -195,7 +195,7 @@ async function auditedDeleteSql(
   ]
 
   const setClause = setColumns.map(([column]) => `${column} = ?`).join(', ')
-  const params = setColumns.map(([, value]) => value).concat(where.params ?? [])
+  const params = [...setColumns.map(([, value]) => value), ...(where.params ?? [])] as SqlParams
 
   let results: Record<string, unknown>[] = []
   try {
@@ -215,7 +215,7 @@ async function auditedDeleteSql(
 
   const primaryKey = options?.primaryKey ?? 'id'
   for (const record of results) {
-    const entityId = String(record[primaryKey] ?? '')
+    const entityId = toStringValue(record[primaryKey])
     await logAudit(db, ctx, tableName, entityId, 'DELETE', { deleted: true })
   }
 }

package/templates/base/src/server/middleware/account.ts

@@ -52,7 +52,7 @@ export const accountMiddleware = createMiddleware<HonoEnv>(async (c, next) => {
 
   // Set accountId and userRole in context
   c.set('accountId', accountId)
-  c.set('userRole', membership.role as Role)
+  c.set('userRole', membership.role)
   c.set('isSystemAdminAccess', false)
 
   await next()

package/templates/base/src/server/middleware/auth.ts

@@ -4,7 +4,7 @@ import { verify } from 'hono/jwt'
 import { HTTPException } from 'hono/http-exception'
 import type { HonoEnv } from '../types'
 import { getSession } from '../lib/session'
-import { queryOne, type SqlRow } from '../db/sql'
+import { queryOne, toStringValue, toNullableString, type SqlRow } from '../db/sql'
 
 interface JWTPayload {
   sub: string
@@ -58,15 +58,15 @@ function mapUserRow(row: SqlRow) {
   const deletedAt = row.deletedAt ?? row.deleted_at
 
   return {
-    id: String(row.id ?? ''),
-    email: String(row.email ?? ''),
-    name: String(row.name ?? ''),
+    id: toStringValue(row.id),
+    email: toStringValue(row.email),
+    name: toStringValue(row.name),
     status: row.status === 'inactive' ? 'inactive' : 'active',
     providerIds: parseProviderIds(providerIds),
     isSuperAdmin: toBoolean(isSuperAdmin),
-    createdAt: String(createdAt ?? ''),
-    updatedAt: String(updatedAt ?? ''),
-    deletedAt: deletedAt ? String(deletedAt) : null,
+    createdAt: toStringValue(createdAt),
+    updatedAt: toStringValue(updatedAt),
+    deletedAt: toNullableString(deletedAt),
   }
 }
 
@@ -103,7 +103,7 @@ export const sessionAuth = createMiddleware<HonoEnv>(async (c, next) => {
     })
   }
 
-  const mappedUser = mapUserRow(user as SqlRow)
+  const mappedUser = mapUserRow(user)
 
   if (mappedUser.status !== 'active') {
     throw new HTTPException(401, {
@@ -117,7 +117,7 @@ export const sessionAuth = createMiddleware<HonoEnv>(async (c, next) => {
     email: mappedUser.email,
     name: mappedUser.name,
     status: mappedUser.status,
-    providerIds: mappedUser.providerIds ?? [],
+    providerIds: mappedUser.providerIds,
     isSuperAdmin: mappedUser.isSuperAdmin,
     createdAt: mappedUser.createdAt,
     updatedAt: mappedUser.updatedAt,
@@ -185,7 +185,7 @@ export const jwtAuth = createMiddleware<HonoEnv>(async (c, next) => {
     })
   }
 
-  const mappedUser = mapUserRow(user as SqlRow)
+  const mappedUser = mapUserRow(user)
 
   if (mappedUser.status !== 'active') {
     throw new HTTPException(401, {
@@ -199,7 +199,7 @@ export const jwtAuth = createMiddleware<HonoEnv>(async (c, next) => {
     email: mappedUser.email,
     name: mappedUser.name,
     status: mappedUser.status,
-    providerIds: mappedUser.providerIds ?? [],
+    providerIds: mappedUser.providerIds,
     isSuperAdmin: mappedUser.isSuperAdmin,
     createdAt: mappedUser.createdAt,
     updatedAt: mappedUser.updatedAt,

package/templates/base/src/server/middleware/rate-limit.ts

@@ -49,11 +49,8 @@ class RateLimitStore {
   private cleanupInterval: ReturnType<typeof setInterval> | null = null
   private lastCleanup = 0
 
-  constructor() {
-    // Don't use setInterval at construction time - Cloudflare Workers
-    // don't allow async I/O at global scope. Instead, we'll cleanup
-    // lazily during request processing.
-  }
+  // Note: Don't use setInterval at construction time - Cloudflare Workers
+  // don't allow async I/O at global scope. Instead, we cleanup lazily.
 
   /**
    * Start periodic cleanup (call from within a handler, not at global scope)
@@ -244,7 +241,7 @@ export function authRateLimit() {
     message: 'Too many authentication attempts, please try again later',
     // Use separate key prefix to not conflict with global rate limit
     keyGenerator: (c) => {
-      const ip = c.get('ip') || c.req.header('x-forwarded-for')?.split(',')[0].trim() || 'unknown'
+      const ip = c.get('ip') ?? c.req.header('x-forwarded-for')?.split(',')[0].trim() ?? 'unknown'
       return `auth:${ip}` // Different prefix than global rate limit
     },
   })

package/templates/base/src/server/routes/auth/handlers.ts

@@ -61,14 +61,14 @@ export const loginHandler: RouteHandler<typeof loginRoute, HonoEnv> = async (c)
 export const callbackHandler: RouteHandler<typeof callbackRoute, HonoEnv> = async (c) => {
   const db = c.get('db')
   const env = c.env
-  const authDb = env.DB ?? db
-  const inviteDb = env.DB ?? db
   const { code, state } = c.req.valid('query')
   const ctx = getAuthContext(c)
 
-  if (!db || !authDb) {
+  const authDb = env.DB ?? db
+  if (!authDb) {
     throw new HTTPException(500, { message: 'Database not initialized' })
   }
+  const inviteDb = authDb
 
   // Get stored OAuth state
   const oauthCookie = getCookie(c, 'oauth_state')
@@ -197,10 +197,10 @@ export const meHandler: RouteHandler<typeof meRoute, HonoEnv> = (c) => {
 export const inviteHandler: RouteHandler<typeof inviteRoute, HonoEnv> = async (c) => {
   const db = c.get('db')
   const env = c.env
-  const inviteDb = env.DB ?? db
   const { token } = c.req.valid('param')
 
-  if (!db) {
+  const inviteDb = env.DB ?? db
+  if (!inviteDb) {
     throw new HTTPException(500, { message: 'Database not initialized' })
   }
 

package/templates/base/src/server/routes/auth/test-login.ts

@@ -2,7 +2,7 @@
 import type { RouteHandler } from '@hono/zod-openapi'
 import { createRoute, z } from '@hono/zod-openapi'
 import { HTTPException } from 'hono/http-exception'
-import { execute, queryOne, type SqlRow } from '../../db/sql'
+import { execute, queryOne, toStringValue, toNullableString, type SqlRow } from '../../db/sql'
 import type { UserRecord } from '../../db/records'
 import { createSession } from '../../lib/session'
 import type { HonoEnv } from '../../types'
@@ -34,17 +34,17 @@ function toBoolean(value: unknown): boolean {
 
 function mapUserRow(row: SqlRow): UserRecord {
   return {
-    id: String(row.id ?? ''),
-    googleId: String(row.googleId ?? row.google_id ?? ''),
-    email: String(row.email ?? ''),
-    name: String(row.name ?? ''),
-    avatarUrl: row.avatarUrl ? String(row.avatarUrl) : null,
+    id: toStringValue(row.id),
+    googleId: toStringValue(row.googleId ?? row.google_id),
+    email: toStringValue(row.email),
+    name: toStringValue(row.name),
+    avatarUrl: toNullableString(row.avatarUrl),
     status: row.status === 'inactive' ? 'inactive' : 'active',
     providerIds: [],
     isSuperAdmin: toBoolean(row.isSuperAdmin ?? row.is_super_admin),
-    createdAt: String(row.createdAt ?? row.created_at ?? ''),
-    updatedAt: String(row.updatedAt ?? row.updated_at ?? ''),
-    deletedAt: row.deletedAt ? String(row.deletedAt) : null,
+    createdAt: toStringValue(row.createdAt ?? row.created_at),
+    updatedAt: toStringValue(row.updatedAt ?? row.updated_at),
+    deletedAt: toNullableString(row.deletedAt),
   }
 }
 

package/templates/base/src/server/routes/index.ts

@@ -51,3 +51,12 @@ api.doc('/doc', openApiConfig)
 api.get('/swagger', swaggerUI({ url: '/api/doc' }))
 
 export { api }
+
+// Re-export individual routers for testing
+export { users } from './users'
+export { accounts } from './accounts'
+export { invitationsRouter } from './invitations'
+export { audits } from './audits'
+export { storage } from './storage'
+export { health } from './health'
+export { auth } from './auth'

package/templates/base/src/server/routes/invitations/handlers.ts

@@ -32,10 +32,10 @@ export const createInvitationHandler: RouteHandler<typeof createInvitationRoute,
   const body = c.req.valid('json')
   const db = c.get('db')
   const env = c.env
-  const invitationsDb = env.DB ?? db
   const ctx = getServiceContext(c)
 
-  if (!db) {
+  const invitationsDb = env.DB ?? db
+  if (!invitationsDb) {
     throw new HTTPException(500, { message: 'Database not initialized' })
   }
 
@@ -46,10 +46,10 @@ export const createInvitationHandler: RouteHandler<typeof createInvitationRoute,
 
 export const listInvitationsHandler: RouteHandler<typeof listInvitationsRoute, HonoEnv> = async (c) => {
   const db = c.get('db')
-  const invitationsDb = c.env.DB ?? db
   const ctx = getServiceContext(c)
 
-  if (!db) {
+  const invitationsDb = c.env.DB ?? db
+  if (!invitationsDb) {
     throw new HTTPException(500, { message: 'Database not initialized' })
   }
 
@@ -61,10 +61,10 @@ export const listInvitationsHandler: RouteHandler<typeof listInvitationsRoute, H
 export const revokeInvitationHandler: RouteHandler<typeof revokeInvitationRoute, HonoEnv> = async (c) => {
   const { id } = c.req.valid('param')
   const db = c.get('db')
-  const invitationsDb = c.env.DB ?? db
   const ctx = getServiceContext(c)
 
-  if (!db) {
+  const invitationsDb = c.env.DB ?? db
+  if (!invitationsDb) {
     throw new HTTPException(500, { message: 'Database not initialized' })
   }
 

package/templates/base/src/server/routes/openapi.ts

@@ -11,4 +11,4 @@ export const openApiConfig = {
     { url: 'http://localhost:3000', description: 'Development server' },
   ],
   security: [{ SessionCookie: [] }],
-} as const
+}

package/templates/base/src/server/services/accounts.ts

@@ -4,7 +4,7 @@ import { auditedInsert, auditedUpdate, auditedDelete } from '../lib/audited-db'
 import { createPaginationMeta, calculateOffset } from '../lib/pagination'
 import { NotFoundError, ConflictError, ForbiddenError } from '../lib/errors'
 import type { ServiceContext, PaginationQuery, PaginatedResponse, Account } from '../types'
-import { queryAll, queryOne, type SqlRow } from '../db/sql'
+import { queryAll, queryOne, toStringValue, toNullableString, type SqlRow, type SqlParams } from '../db/sql'
 
 interface CreateAccountInput {
   name: string
@@ -36,13 +36,13 @@ function mapAccountRow(row: SqlRow): AccountRecord {
   const deletedAt = row.deletedAt ?? row.deleted_at
 
   return {
-    id: String(row.id ?? ''),
-    name: String(row.name ?? ''),
-    description: row.description ? String(row.description) : null,
-    domain: row.domain ? String(row.domain) : null,
-    createdAt: String(createdAt ?? ''),
-    updatedAt: String(updatedAt ?? ''),
-    deletedAt: deletedAt ? String(deletedAt) : null,
+    id: toStringValue(row.id),
+    name: toStringValue(row.name),
+    description: toNullableString(row.description),
+    domain: toNullableString(row.domain),
+    createdAt: toStringValue(createdAt),
+    updatedAt: toStringValue(updatedAt),
+    deletedAt: toNullableString(deletedAt),
   }
 }
 
@@ -65,7 +65,7 @@ async function findAllSql(
 ): Promise<PaginatedResponse<Account>> {
   const offset = calculateOffset(pagination.page, pagination.limit)
   const whereClauses: string[] = ['a.deleted_at IS NULL']
-  const params: unknown[] = []
+  const params: SqlParams = []
 
   if (!ctx.user.isSuperAdmin) {
     whereClauses.push('a.id IN (SELECT account_id FROM user_accounts WHERE user_id = ?)')

package/templates/base/src/server/services/audits.ts

@@ -1,7 +1,7 @@
 // src/server/services/audits.ts
 import { createPaginationMeta, calculateOffset } from '../lib/pagination'
 import type { ServiceContext, PaginatedResponse, AuditLog } from '../types'
-import { queryAll, queryOne, type SqlRow } from '../db/sql'
+import { queryAll, queryOne, toStringValue, toNullableString, type SqlRow, type SqlParams } from '../db/sql'
 
 export interface AuditLogFilters {
   page: number
@@ -53,17 +53,17 @@ function mapAuditRow(row: SqlRow): AuditLog {
   const changesValue = row.changes
 
   return {
-    id: String(row.id ?? ''),
-    transactionId: String(transactionId ?? ''),
-    accountId: accountId ? String(accountId) : null,
-    userId: userId ? String(userId) : null,
-    entity: String(row.entity ?? ''),
-    entityId: String(entityId ?? ''),
-    action: String(row.action ?? '') as AuditLog['action'],
+    id: toStringValue(row.id),
+    transactionId: toStringValue(transactionId),
+    accountId: toNullableString(accountId),
+    userId: toNullableString(userId),
+    entity: toStringValue(row.entity),
+    entityId: toStringValue(entityId),
+    action: toStringValue(row.action) as AuditLog['action'],
     changes: parseChanges(changesValue),
-    ipAddress: ipAddress ? String(ipAddress) : null,
-    userAgent: userAgent ? String(userAgent) : null,
-    timestamp: String(row.timestamp ?? ''),
+    ipAddress: toNullableString(ipAddress),
+    userAgent: toNullableString(userAgent),
+    timestamp: toStringValue(row.timestamp),
   }
 }
 
@@ -75,7 +75,7 @@ async function findAllSql(
 ): Promise<PaginatedResponse<AuditLog>> {
   const offset = calculateOffset(filters.page, filters.limit)
   const whereClauses: string[] = []
-  const params: unknown[] = []
+  const params: SqlParams = []
 
   // Super-admin can see all logs, non-super-admin only their account
   if (!ctx.user.isSuperAdmin) {

package/templates/base/src/server/services/auth.ts

@@ -6,7 +6,7 @@ import { UnauthorizedError } from '../lib/errors'
 import { logAuthEvent, type AuthEventContext } from '../lib/audit'
 import type { GoogleUserInfo, AuthTokens } from '../types/auth'
 import type { User } from '../types'
-import { execute, queryOne, type SqlRow } from '../db/sql'
+import { execute, queryOne, toStringValue, toNullableString, type SqlRow, type SqlParams } from '../db/sql'
 
 interface AuthResult {
   user: User
@@ -60,17 +60,17 @@ function parseProviderIds(value: unknown): string[] {
 
 function mapUserRow(row: SqlRow): UserRecord {
   return {
-    id: String(row.id ?? ''),
-    googleId: String(row.googleId ?? ''),
-    email: String(row.email ?? ''),
-    name: String(row.name ?? ''),
-    avatarUrl: row.avatarUrl ? String(row.avatarUrl) : null,
+    id: toStringValue(row.id),
+    googleId: toStringValue(row.googleId),
+    email: toStringValue(row.email),
+    name: toStringValue(row.name),
+    avatarUrl: toNullableString(row.avatarUrl),
     status: (row.status === 'inactive' ? 'inactive' : 'active'),
     providerIds: parseProviderIds(row.providerIds),
     isSuperAdmin: toBoolean(row.isSuperAdmin),
-    createdAt: String(row.createdAt ?? ''),
-    updatedAt: String(row.updatedAt ?? ''),
-    deletedAt: row.deletedAt ? String(row.deletedAt) : null,
+    createdAt: toStringValue(row.createdAt),
+    updatedAt: toStringValue(row.updatedAt),
+    deletedAt: toNullableString(row.deletedAt),
   }
 }
 
@@ -80,7 +80,7 @@ function toUser(record: UserRecord): User {
     email: record.email,
     name: record.name,
     status: record.status,
-    providerIds: record.providerIds ?? [],
+    providerIds: record.providerIds,
     isSuperAdmin: record.isSuperAdmin,
     createdAt: record.createdAt,
     updatedAt: record.updatedAt,
@@ -121,7 +121,7 @@ async function updateUserSql(
   if (columns.length === 0) return selectUserById(db, userId)
 
   const setClause = columns.map((column) => `${column} = ?`).join(', ')
-  const params = columns.map((column) => updates[column])
+  const params = columns.map((column) => updates[column]) as SqlParams
   await execute(
     db,
     `UPDATE users SET ${setClause} WHERE id = ?`,
@@ -137,7 +137,7 @@ async function insertUserSql(
 ): Promise<UserRecord | null> {
   const columns = Object.keys(values)
   const placeholders = columns.map(() => '?').join(', ')
-  const params = columns.map((column) => values[column])
+  const params = columns.map((column) => values[column]) as SqlParams
 
   await execute(
     db,
@@ -145,7 +145,7 @@ async function insertUserSql(
     params
   )
 
-  return selectUserById(db, String(values.id ?? ''))
+  return selectUserById(db, toStringValue(values.id))
 }
 
 async function findOrCreateUserSql(
@@ -265,8 +265,8 @@ async function refreshAccessTokenSql(
     throw new UnauthorizedError('Invalid or expired refresh token')
   }
 
-  const userRecord = await selectUserById(db, String(tokenRecord.userId ?? ''))
-  if (!userRecord || userRecord.status !== 'active') {
+  const userRecord = await selectUserById(db, toStringValue(tokenRecord.userId))
+  if (userRecord?.status !== 'active') {
     throw new UnauthorizedError('User not found or inactive')
   }
 

package/templates/base/src/server/services/invitations.ts

@@ -5,7 +5,7 @@ import { ConflictError, NotFoundError, ForbiddenError } from '../lib/errors'
 import type { Env } from '../env'
 import { hasMinimumRole, type Role } from '../auth/roles'
 import type { ServiceContext } from '../types'
-import { execute, queryAll, queryOne, type SqlRow } from '../db/sql'
+import { execute, queryAll, queryOne, toStringValue, type SqlRow } from '../db/sql'
 
 function generateToken(): string {
   const array = new Uint8Array(32)
@@ -58,13 +58,13 @@ function mapInvitationRow(row: SqlRow): {
   const createdAt = row.createdAt ?? row.created_at
 
   return {
-    id: String(row.id ?? ''),
-    email: String(row.email ?? ''),
-    role: String(row.role ?? '') as Role,
-    invitedById: String(invitedById ?? ''),
-    inviterName: String(inviterName ?? ''),
-    expiresAt: String(expiresAt ?? ''),
-    createdAt: String(createdAt ?? ''),
+    id: toStringValue(row.id),
+    email: toStringValue(row.email),
+    role: toStringValue(row.role) as Role,
+    invitedById: toStringValue(invitedById),
+    inviterName: toStringValue(inviterName),
+    expiresAt: toStringValue(expiresAt),
+    createdAt: toStringValue(createdAt),
   }
 }
 
@@ -271,14 +271,14 @@ async function getByTokenSql(
   if (acceptedAt) return null
 
   const expiresAtValue = row.expiresAt ?? row.expires_at
-  if (expiresAtValue && new Date(String(expiresAtValue)) < new Date()) return null
+  if (expiresAtValue && new Date(toStringValue(expiresAtValue)) < new Date()) return null
 
   return {
-    id: String(row.id ?? ''),
-    accountId: String(row.accountId ?? row.account_id ?? ''),
-    email: String(row.email ?? ''),
-    role: String(row.role ?? '') as Role,
-    accountName: String(row.accountName ?? row.account_name ?? ''),
+    id: toStringValue(row.id),
+    accountId: toStringValue(row.accountId ?? row.account_id),
+    email: toStringValue(row.email),
+    role: toStringValue(row.role) as Role,
+    accountName: toStringValue(row.accountName ?? row.account_name),
   }
 }
 
@@ -298,8 +298,8 @@ async function acceptSql(
     throw new NotFoundError('Invitation')
   }
 
-  const accountId = String(invitation.accountId ?? invitation.account_id ?? '')
-  const role = String(invitation.role ?? '') as Role
+  const accountId = toStringValue(invitation.accountId ?? invitation.account_id)
+  const role = toStringValue(invitation.role) as Role
 
   await execute(
     db,