Fix login cookie #17
Merged
Fix login cookie #17
+10
−47
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
There was a problem hiding this comment.
Pull Request Overview
Adds master/slave node synchronization, comprehensive backup & restore functionality, token refresh/auth storage refactor, and deployment/update scripting. Key changes introduce new Prisma models & migrations (backup, slave nodes, system config), large backup controller with export/import logic (including nginx/SSL file handling), and client-side state & API layer adjustments (token handling, node mode UI).
- Introduces slave node management (registration, status, sync) and system configuration APIs.
- Adds full backup/export/import with nginx vhost & SSL file regeneration plus user/password restoration.
- Refactors frontend auth/token handling (localStorage wrapper) and adds reactive system/node management UI.
Reviewed Changes
Copilot reviewed 2 out of 3 changed files in this pull request and generated 12 comments.
Show a summary per file
| File | Description |
|---|---|
| scripts/update.sh | New deployment/update automation script with build, migrate, seed, and health checks |
| apps/web/src/types/index.ts | Extends SlaveNode and adds SystemConfig type definitions |
| apps/web/src/store/useStore.ts | Switches auth state to tokenStorage abstraction |
| apps/web/src/services/* | New services for users, system config, slave nodes, backup; auth/logout refactor |
| apps/web/src/services/api.ts | Adds robust token refresh queue and logout/redirect handling |
| apps/web/src/routes/_auth/nodes.tsx | New UI for master/slave mode management with tabs |
| apps/web/src/queries/* | Query options for system config, slave nodes, auth adjustments |
| apps/web/src/mocks/data.ts | Updates mock slave nodes with new fields |
| apps/web/src/lib/auth-storage.ts | Centralized localStorage-based auth token/user utilities |
| apps/web/src/hooks/useAuthStorage.ts | Reactive auth state hooks with custom events |
| apps/web/src/components/pages/* | Adds SlaveNodes, SystemConfig, enhanced Backup & Account behavior |
| apps/web/src/auth.tsx | Refactors AuthProvider to use new storage hooks |
| apps/web/package.json | Adds react-use dependency |
| apps/api/src/utils/slave-status-checker.ts | Background job to mark stale slave nodes offline |
| apps/api/src/routes/* | New routes for backup, slave, system config, node sync |
| apps/api/src/controllers/* | Large additions: system config, slave, backup, node sync logic |
| apps/api/prisma/seed-safe.ts | Safe seeding script adding default users & CRS rules |
| apps/api/prisma/schema.prisma | New models & enums for backup, slave sync, system config |
| apps/api/prisma/migrations/* | Migrations for backup, slave node, and system config features |
Files not reviewed (1)
- pnpm-lock.yaml: Language not supported
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
Comment on lines
13
to
22
| export const tokenStorage = { | ||
| // Get access token | ||
| getAccessToken: (): string | null => { | ||
| return Cookies.get(AUTH_KEYS.ACCESS_TOKEN) || null; | ||
| return localStorage.getItem(AUTH_KEYS.ACCESS_TOKEN); | ||
| }, | ||
|
|
||
| // Set access token | ||
| setAccessToken: (token: string): void => { | ||
| Cookies.set(AUTH_KEYS.ACCESS_TOKEN, token, { | ||
| ...COOKIE_OPTIONS, | ||
| expires: ACCESS_TOKEN_EXPIRY, | ||
| }); | ||
| localStorage.setItem(AUTH_KEYS.ACCESS_TOKEN, token); | ||
| }, |
There was a problem hiding this comment.
Access and refresh tokens are stored in localStorage, increasing XSS exposure risk. Consider HttpOnly secure cookies or an in-memory strategy plus a refresh rotation to mitigate token theft.
vncloudsco
added a commit
that referenced
this pull request
Oct 8, 2025
* Feat: Update Features Backup & Restore (#12) * feat: Update Features Backup & Restore * Feat: Slave Mode (#13) * feat: Update Features Backup & Restore * Feat: Features update (#14) * feat: Update software * Features update version and update noti Change Password (#15) * feat: Update Features Backup & Restore * Fix frontend error (#16) * Refactor services to use centralized API module and token storage * Feat: Enhance Slave Mode UI with mode switch button and update node mode mutation * feat: Improve SSLDialog layout with enhanced text wrapping for certificate fields * refactor: replace js-cookie with localStorage for token management (#17) * feat: add syncInterval and lastSyncHash columns to system_configs table (#18) * feat: Update project goal description and remove security recommendation * feat: Update project goal description and remove security recommendation * About readme (#21) * feat: Update project goal description and remove security recommendation * Refactor be (#22) * Refactor code structure for improved readability and maintainability * style: limit max height of certificate, private key, and chain input fields (#23) --------- Co-authored-by: SangND <dacsang97@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.