Added Auth Integration#2
Open
jamius19 wants to merge 19 commits into
Open
Conversation
…I client, zustand-based auth store, and schema validations. Added UI components for form handling and alerts.
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (64)
📝 Walkthrough<review_stack_artifact> </review_stack_artifact> 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 9
🧹 Nitpick comments (1)
flightdrift-frontend/src/routes/auth/signup.tsx (1)
88-98: ⚡ Quick winAssociate each input with its error message for better accessibility.
Inputs set
aria-invalid, but they are not linked to theirFieldError. Addaria-describedby+ stable error ids so assistive tech can announce field-specific errors in context.Suggested pattern (apply to each field)
<Input id={field.name} name={field.name} autoComplete="name" value={field.state.value} aria-invalid={Boolean(error)} + aria-describedby={error ? `${field.name}-error` : undefined} onBlur={field.handleBlur} onChange={(event) => field.handleChange(event.target.value)} /> -<FieldError>{error}</FieldError> +<FieldError id={`${field.name}-error`}>{error}</FieldError>Also applies to: 115-126, 143-153, 170-180
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@flightdrift-frontend/src/routes/auth/signup.tsx` around lines 88 - 98, The Input components are not associated with their FieldError messages; create a stable error id (e.g., `${field.name}-error`) and add it as the id on the FieldError element and as aria-describedby on the corresponding Input when an error exists (use aria-describedby={error ? `${field.name}-error` : undefined}); keep aria-invalid as is and apply this pattern to the other fields referenced (lines ~115-126, ~143-153, ~170-180) so assistive technology can announce field-specific errors.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@api-collection/Flightdrift/Auth/Sign` In.yml:
- Line 76: The example response in the Sign In YAML includes a real JWT in the
"token" field; replace that concrete token string with a sanitized placeholder
(e.g. "REDACTED_TOKEN" or "<JWT_TOKEN_PLACEHOLDER>") so the "token" value in the
example payload is not a real credential and does not leak secrets.
In `@api-collection/Flightdrift/Auth/Signup.yml`:
- Line 14: The signup example email is inconsistent across Signup.yml; update
the example request body so the "email" field matches the other examples (use
jamius@example.com) in the Signup.yml example payloads (search for the "email"
key inside the example request body entries) to keep documentation consistent
across the file.
In `@flightdrift-backend/AGENTS.md`:
- Line 12: Update the compound adjective in AGENTS.md by changing "DB related
SQL files can be found under `db/migration`" to "DB-related SQL files can be
found under `db/migration`" so the compound adjective "DB-related" is hyphenated
correctly before the noun; edit the sentence in AGENTS.md accordingly.
In
`@flightdrift-backend/src/main/java/com/flightdrift/flightdrift/config/SecurityConfig.java`:
- Around line 61-67: The corsConfigurer() implementation currently opens CORS
for all origins and all paths; update the addCorsMappings(CorsRegistry registry)
override in SecurityConfig to only allow trusted origins and only API paths
(e.g., registry.addMapping("/api/**") rather than "/**"), replacing
allowedOrigins("*") with a list/array of configured trusted origins (read from
properties or a constant) and explicitly set allowedMethods and allowedHeaders
and allowCredentials as appropriate; change the registry.addMapping(...) call in
the corsConfigurer() anonymous WebMvcConfigurer to use the tightened path and
origins and add allowedMethods(...), allowedHeaders(...), and
allowCredentials(...) for safer, explicit CORS rules.
In
`@flightdrift-backend/src/main/java/com/flightdrift/flightdrift/controller/AuthController.java`:
- Around line 95-97: The current AuthController code uses
accountRepository.findByUsername(...).orElseThrow(() -> new
IllegalStateException(...)) which produces a 500 when an authenticated account
is missing; change this to return a controlled 401/Unauthorized instead by
replacing the orElseThrow usage with logic that detects the empty Optional and
either throws a ResponseStatusException(HttpStatus.UNAUTHORIZED) or returns
ResponseEntity.status(HttpStatus.UNAUTHORIZED). Ensure you reference the same
symbols (AuthController, accountRepository, findByUsername, userDetails) so the
change is applied where the authenticated account is resolved.
In `@flightdrift-frontend/src/components/alerts/error-alert.tsx`:
- Around line 18-20: The rendered error paragraph lacks ARIA alert semantics so
screen readers may not announce dynamic messages; update the element that
renders {message} (the <p> with className "rounded-md border
border-destructive/30 bg-destructive/5 px-3 py-2 text-xs text-destructive" in
error-alert.tsx) to include ARIA attributes such as role="alert",
aria-live="assertive" and aria-atomic="true" (or wrap it in a container element
with those attributes) so submission errors are reliably announced to assistive
technologies.
In `@flightdrift-frontend/src/components/alerts/success-alert.tsx`:
- Around line 18-20: The success message paragraph currently lacks ARIA
attributes for assistive tech; update the SuccessAlert component's <p> that
renders {message} to be an accessible status region by adding role="status" and
aria-live="polite" (optionally aria-atomic="true") so screen readers announce
updates; target the paragraph element rendering {message} in success-alert.tsx.
In `@flightdrift-frontend/src/lib/auth-api.ts`:
- Around line 34-39: The signout function currently awaits
apiClient.post("/api/auth/signout", ...) but doesn't validate the API body;
update signout to capture the response from apiClient.post (the
ApiResponse<null>), check response.data.success (or the appropriate success
field on the returned payload) and throw or reject (e.g., throw new Error with a
descriptive message) when success is false so callers don't treat a failed
sign-out as successful; reference the signout function, apiClient.post call, and
the ApiResponse type when making this change.
In `@flightdrift-frontend/src/routes/auth/signup.tsx`:
- Around line 35-44: Validation runs against raw input while submission trims
name, email, and username, causing mismatches; normalize (trim) these fields
before any validation and before calling signupMutation.mutateAsync. Concretely,
in the onSubmit handler (and the other validation/submit points referenced
around the same form logic) derive trimmedName = value.name.trim(), trimmedEmail
= value.email.trim(), trimmedUsername = value.username.trim() and use those
trimmed variables for all validator calls and for the payload passed to
signupMutation.mutateAsync (and update the validation checks at the other
occurrences noted) so validation and submission use the same normalized values.
---
Nitpick comments:
In `@flightdrift-frontend/src/routes/auth/signup.tsx`:
- Around line 88-98: The Input components are not associated with their
FieldError messages; create a stable error id (e.g., `${field.name}-error`) and
add it as the id on the FieldError element and as aria-describedby on the
corresponding Input when an error exists (use aria-describedby={error ?
`${field.name}-error` : undefined}); keep aria-invalid as is and apply this
pattern to the other fields referenced (lines ~115-126, ~143-153, ~170-180) so
assistive technology can announce field-specific errors.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro Plus
Run ID: e6534d78-248e-4f4e-88a2-6930d8cb75a4
⛔ Files ignored due to path filters (1)
flightdrift-frontend/package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (56)
.codex/config.tomlapi-collection/Flightdrift/Auth/Sign In.ymlapi-collection/Flightdrift/Auth/Signup.ymlapi-collection/Flightdrift/Project/Create Project.ymlapi-collection/Flightdrift/Project/Edit Project.ymlapi-collection/Flightdrift/Project/Get Projects.ymlapi-collection/Flightdrift/environments/Flightdrift-Dev.ymlapi-collection/Flightdrift/opencollection.ymldb/migration/3. project.sqlflightdrift-backend/AGENTS.mdflightdrift-backend/src/main/java/com/flightdrift/flightdrift/config/SecurityConfig.javaflightdrift-backend/src/main/java/com/flightdrift/flightdrift/controller/AuthController.javaflightdrift-backend/src/main/java/com/flightdrift/flightdrift/dto/auth/TokenResponse.javaflightdrift-backend/src/main/java/com/flightdrift/flightdrift/dto/auth/UserInfoResponse.javaflightdrift-backend/src/main/java/com/flightdrift/flightdrift/dto/project/CreateProjectRequest.javaflightdrift-backend/src/main/java/com/flightdrift/flightdrift/dto/project/EditProjectRequest.javaflightdrift-backend/src/main/java/com/flightdrift/flightdrift/dto/project/ProjectResponse.javaflightdrift-backend/src/main/java/com/flightdrift/flightdrift/entity/Project.javaflightdrift-backend/src/main/java/com/flightdrift/flightdrift/service/ProjectService.javaflightdrift-frontend/.envflightdrift-frontend/.gitignoreflightdrift-frontend/AGENTS.mdflightdrift-frontend/eslint.config.jsflightdrift-frontend/package.jsonflightdrift-frontend/src/@types/auth.tsflightdrift-frontend/src/@types/item.tsflightdrift-frontend/src/components/alerts/error-alert.tsxflightdrift-frontend/src/components/alerts/success-alert.tsxflightdrift-frontend/src/components/items/boards.tsxflightdrift-frontend/src/components/items/breadcrumb.tsxflightdrift-frontend/src/components/items/horizontal-rule.tsxflightdrift-frontend/src/components/loader/loader.tsxflightdrift-frontend/src/components/sidebar/user-menu.tsxflightdrift-frontend/src/components/ui/field.tsxflightdrift-frontend/src/components/ui/input.tsxflightdrift-frontend/src/components/ui/label.tsxflightdrift-frontend/src/lib/api-client.tsflightdrift-frontend/src/lib/auth-api.tsflightdrift-frontend/src/lib/auth-schema.tsflightdrift-frontend/src/lib/env.tsflightdrift-frontend/src/lib/form-utils.tsflightdrift-frontend/src/lib/utils.tsflightdrift-frontend/src/lib/validation-utils.tsflightdrift-frontend/src/main.tsxflightdrift-frontend/src/routes/auth/index.tsxflightdrift-frontend/src/routes/auth/route.tsxflightdrift-frontend/src/routes/auth/signin.tsxflightdrift-frontend/src/routes/auth/signup.tsxflightdrift-frontend/src/routes/dash/items.tsxflightdrift-frontend/src/routes/dash/route.tsxflightdrift-frontend/src/routes/index.tsxflightdrift-frontend/src/stores/auth-store.tsflightdrift-frontend/src/vite-env.d.tsflightdrift-frontend/tsconfig.app.jsonflightdrift-frontend/tsconfig.jsonflightdrift-frontend/vite.config.ts
💤 Files with no reviewable changes (1)
- api-collection/Flightdrift/opencollection.yml
…d` attributes to field error elements
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@flightdrift-frontend/src/routes/auth/signup.tsx`:
- Line 40: The code is trimming the name on every keystroke (e.g., using .trim()
in the input change handler and where you set state for `name`), which removes
users' transient spaces; remove the immediate `.trim()` from the input
`onChange`/state update (the code that assigns `name: value.name` or calls
`setForm`/`setName` in the change handler) so the raw input is preserved, and
instead apply `.trim()` only in the validation/submission boundary (e.g., inside
`handleSubmit` or your validation function that runs before sending data) and
where you build the final payload (the object currently containing `name:
value.name`), ensuring `name` is trimmed there.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro Plus
Run ID: 07dd54f4-2075-4a0c-acbe-e7fb03923f92
📒 Files selected for processing (12)
db/migration/1. account.sqldb/migration/2. organization.sqldb/migration/3. project.sqldb/migration/4. item.sqldb/migration/5. flag.sqldb/migration/6. setting.sqlflightdrift-backend/src/main/java/com/flightdrift/flightdrift/exception/GlobalExceptionHandler.javaflightdrift-frontend/src/components/alerts/error-alert.tsxflightdrift-frontend/src/components/alerts/success-alert.tsxflightdrift-frontend/src/routeTree.gen.tsflightdrift-frontend/src/routes/auth/signin.tsxflightdrift-frontend/src/routes/auth/signup.tsx
✅ Files skipped from review due to trivial changes (3)
- db/migration/4. item.sql
- db/migration/6. setting.sql
- flightdrift-frontend/src/routeTree.gen.ts
🚧 Files skipped from review as they are similar to previous changes (4)
- flightdrift-frontend/src/components/alerts/error-alert.tsx
- db/migration/3. project.sql
- flightdrift-frontend/src/components/alerts/success-alert.tsx
- flightdrift-frontend/src/routes/auth/signin.tsx
There was a problem hiding this comment.
Actionable comments posted: 1
♻️ Duplicate comments (1)
flightdrift-backend/AGENTS.md (1)
12-12:⚠️ Potential issue | 🟡 Minor | ⚡ Quick winFix compound adjective hyphenation.
"DB related" should be hyphenated as "DB-related" when used as a compound adjective before a noun.
📝 Proposed fix
-9. DB related SQL files can be found under `db/migration` +9. DB-related SQL files can be found under `db/migration`🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@flightdrift-backend/AGENTS.md` at line 12, Change the compound adjective "DB related" in the sentence "DB related SQL files can be found under `db/migration`" to the hyphenated form "DB-related" so it reads "DB-related SQL files can be found under `db/migration`"; update the AGENTS.md line containing that phrase to use the hyphenated compound adjective.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@AGENTS.md`:
- Line 11: Fix the spelling error in AGENTS.md by replacing the misspelled word
"relavant" with the correct word "relevant" in the sentence that instructs
updating the yml files for the `api-collection\Flightdrift` OpenCollection
directory; ensure the corrected sentence reads "When you create/modify any
endpoint, update the relevant yml file(s)..." and keep the rest of the line
unchanged.
---
Duplicate comments:
In `@flightdrift-backend/AGENTS.md`:
- Line 12: Change the compound adjective "DB related" in the sentence "DB
related SQL files can be found under `db/migration`" to the hyphenated form
"DB-related" so it reads "DB-related SQL files can be found under
`db/migration`"; update the AGENTS.md line containing that phrase to use the
hyphenated compound adjective.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro Plus
Run ID: 76f7034b-5a8f-468b-a6c9-916e5679c164
📒 Files selected for processing (3)
AGENTS.mdflightdrift-backend/AGENTS.mdflightdrift-frontend/AGENTS.md
| Keep your changes as small as possible and always ask before making a big change. | ||
|
|
||
| When you create/modify any endpoint, update the relavant yml file(s) in the `api-collection\Flightdrift` OpenCollection directory. No newline at end of file | ||
| When you create/modify any endpoint, update the relavant yml file(s) in the `api-collection\Flightdrift` OpenCollection directory. |
There was a problem hiding this comment.
Fix spelling error.
"relavant" should be "relevant".
📝 Proposed fix
-When you create/modify any endpoint, update the relavant yml file(s) in the `api-collection\Flightdrift` OpenCollection directory.
+When you create/modify any endpoint, update the relevant yml file(s) in the `api-collection\Flightdrift` OpenCollection directory.📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| When you create/modify any endpoint, update the relavant yml file(s) in the `api-collection\Flightdrift` OpenCollection directory. | |
| When you create/modify any endpoint, update the relevant yml file(s) in the `api-collection\Flightdrift` OpenCollection directory. |
🧰 Tools
🪛 LanguageTool
[grammar] ~11-~11: Ensure spelling is correct
Context: ... create/modify any endpoint, update the relavant yml file(s) in the `api-collection\Flig...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@AGENTS.md` at line 11, Fix the spelling error in AGENTS.md by replacing the
misspelled word "relavant" with the correct word "relevant" in the sentence that
instructs updating the yml files for the `api-collection\Flightdrift`
OpenCollection directory; ensure the corrected sentence reads "When you
create/modify any endpoint, update the relevant yml file(s)..." and keep the
rest of the line unchanged.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Added Signup, Sign in pages along with schema validation and route handling
Summary by CodeRabbit
New Features
Improvements