New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(web): move from react-router to @tanstack/router #1338
Conversation
As internally discussed i went ahead and set the |
…alidation fix typo in comment
Something is still majorly fucked... 😅 When logged in change the session secret in the config.toml and restart autobrr. autobrr will now run into a "loop" where it won't log you out, let's you navigate to other pages, but the queries fail. Removing the auth context manually from localstorage, redirects you to the login page but: PS: I couldn't dismiss your review so i thought i could re-request the review to dismiss it.. well that didn't work sorry 😂 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When logged in, change the value of the session cookie to something invalid or
the expiration date of the session cookie to something before the current time.
autobrr will now delete the session cookie correctly but will not redirect to login.
Instead you get an "empty" UI and the infamous
data?.filter is not a function
for the filters page or
data?.map is not a function
for the releases page.
I suspect the latter option with the expiration date is what users have been hitting?
Manually logging out and in again fixes the filters page but the releases page needs a good ol' F5.
I think this problem occurs due to the autobrr_user_auth
key in localstorage not changing it's isLoggedIn
value to false
hence it not redirecting for login and so on and so forth?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This PR turned into a huge refactor of the whole routing layer to use @tanstack/router
and remove react-router
.
It plays really well with @tanstack/query
and we also use @tanstack/table
which will get an update to v8+ in the future.
We have tested these changes thoroughly with different setups and everything looks the be working as intended.
This PR fixes our login issues when an invalid
user_session
cookie was present.The logic behind it is a bit fucked and needs some context so i will try my best to clarify:
On line 89 we try to get the
user_session
cookie which is likely to fail due to 2 reasons:user_session
cookieuser_session
cookie.Regardless of what the error would be:
We ignore the error and save a new session since we check for bad credentials a little bit further up,
in order to set a new and valid
user_session
cookie.The error handling from line 92 to 95 could maybe be improved? Idk.
ref gorilla/sessions#16 (comment)
Additionally this PR changes the HTTP status code when providing bad credentials for an existing user.
HTTP status code 401 is not an appropriate status code here even if it might seems so. Why?
When an application renders a page with status code 401,
any webserver with enabled basic authentication is forced to log you out.
The most logical status code after 401 was 403 for me - feel free to suggest other codes though.
ref zammad/zammad#2983
Yes, onboarding still works.
I tested this pretty extensively i would say - but still:
I would appreciate if some brains with more convolutions than mine could take an additional look at this PR. 😄
closes #941