fix(auth): update auth to use localStorage#543
Conversation
|
Deployment failed with the following error: |
|
|
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
| * @param {Response} res Response object | ||
| */ | ||
| private success = (req, res) => { | ||
| // eslint-disable-next-line no-console |
There was a problem hiding this comment.
Why do we need the log? I'd be okay with having console.info if it's really helpful
There was a problem hiding this comment.
Ah, I was just leaving it until we tested the entire auth flow and then remove them once and for all. But I can remove them
There was a problem hiding this comment.
That's okay. Let me know when it works so I can test it with the editor.
There was a problem hiding this comment.
You can try testing now. Works for me locally
2367d44 to
9f977f9
Compare
|
One thing that's a bit annoying right now is that |
|
Looks like there are a few issues preventing this PR from being merged!
If you'd like me to help, just leave a comment, like
Feel free to include any additional details that might help me get this PR into a better state. You can manage your notification settings |
|
I added debugging to the main endpoint. Note that the redirect doesn't work for debug yet. It should really redirect back to the main page but I get a loop. |
|
When I go to http://localhost:3000 and do the auth, I should get redirected to http://localhost:3000, not the editor, though. Can you fix that? |
|
Also, always make sure that listing passes. Just helps keep things clean. |
Sure, I can change that. |
There was a problem hiding this comment.
Pull Request Overview
This PR replaces session-based authentication (using Redis and express-session) with a token-based approach stored in localStorage, updates routing and controllers accordingly, and removes legacy functionality related to gists.
- Migrate to token-based auth: generate/validate HMAC-signed tokens, add
getGithubTokenendpoint - Remove Redis/session middleware and related environment vars
- Update Pug view to display and verify auth tokens
Reviewed Changes
Copilot reviewed 22 out of 22 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| vercel.json | Removed Redis env vars |
| typedoc.json | Switched to entryPoints schema, added $schema field |
| src/views/index.pug | Added debug panel for token display and auth check script |
| src/urls.ts | Added getGithubToken, removed Gist URLs, adjusted hosts |
| src/controllers/auth.ts | Implemented token logic, removed session handling |
| src/app.ts | Dropped session/Redis setup, switched to ES modules |
| package.json | Set "type": "module", bumped deps |
| .vscode/settings.json | Tweaked eslint code actions setting |
Comments suppressed due to low confidence (3)
src/controllers/auth.ts:187
- [nitpick] On logout you post
{type: 'auth'}without a distinct flag for logout. Consider using a separate message type (e.g.{type: 'logout'}) so the opener can differentiate login vs. logout events.
{type: 'auth'}, '*'
typedoc.json:6
- Trailing comma in a JSON array is invalid; remove the comma after the last entry to ensure
typedoc.jsonparses correctly.
"src/**/*.ts",
.vscode/settings.json:12
- The
source.fixAll.eslintsetting expects a boolean, not a string. Change it totrueorfalseto restore auto-fix on save.
"source.fixAll.eslint": "explicit"
| name: user._json.name, | ||
| profilePicUrl: user._json.avatar_url, | ||
| authToken: tokenUser ? authToken : this.generateToken(user), | ||
| githubAccessToken: tokenUser.accessToken, |
There was a problem hiding this comment.
When tokenUser is null (session-based flow), this will throw. Use user.accessToken instead of tokenUser.accessToken to cover both cases.
| githubAccessToken: tokenUser.accessToken, | |
| githubAccessToken: user.accessToken, |
| redirectUrl.successful = authUrl.isAuthenticated; | ||
| } else if (nodeEnv === 'development' || !nodeEnv) { | ||
| redirectUrl.successful = 'http://localhost:1234'; | ||
| hostUrl = 'http://localhost:3000'; |
There was a problem hiding this comment.
If nodeEnv has another value (e.g., staging), neither branch runs and hostUrl remains undefined. Consider adding a default case to avoid unexpected undefined values.
| hostUrl = 'http://localhost:3000'; | |
| hostUrl = 'http://localhost:3000'; | |
| } else { | |
| // Default case for unexpected `nodeEnv` values | |
| redirectUrl.successful = 'https://default-url.com'; | |
| hostUrl = 'https://default-host.com'; |
No description provided.