Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor session handling #224

Merged
merged 18 commits into from
Nov 19, 2024
Merged

Refactor session handling #224

merged 18 commits into from
Nov 19, 2024

Conversation

myssto
Copy link
Contributor

@myssto myssto commented Nov 2, 2024
edited
Loading

Unblocks osu-tournament-rating/otr-api#476
Closes #134
Part of #220

All of the changed code that makes calls to the otr-api now use the @osu-tournament-rating/otr-api-client package. These changes break almost everything on the site because of the partial adoption of the api client package, but @AkinariHex and I have agreed that is fine for now. Once this is merged we will work on refactoring the rest of the server side code to adopt the api client.

Changes:

  • Adds CSRF protection to login with a state variable
  • Refactors (and abstracts some) server actions that pertain to login / logout / session management
  • Site middleware and api wrappers will now silently refresh the access token when necessary
    • Will also logout the user when the refresh token is invalid

@myssto myssto requested a review from AkinariHex November 2, 2024 23:59
AkinariHex
AkinariHex approved these changes Nov 11, 2024
View reviewed changes
Copy link
Collaborator

@AkinariHex AkinariHex left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lot of changes applied but we watched together these changes a little bit, like that we made a big refactor.
I feel good with that if you tested that works as before, also we can check last things together if unsure.

@hburn7
Copy link
Collaborator

hburn7 commented Nov 11, 2024

Please ensure things aren't "more broken" than they were before, if possible.

@AkinariHex
Copy link
Collaborator

This is why I am waiting myssto, I want to merge the PR with him in a call so we can see if something is broken and hotfix it.
As we saw already the login and revalidation is much more smoother now, like 200% better.

@myssto myssto requested a review from hburn7 as a code owner November 17, 2024 20:00
@myssto myssto changed the base branch from master to admin-page November 17, 2024 22:04
@myssto myssto changed the base branch from admin-page to master November 17, 2024 22:04
@myssto myssto requested a review from AkinariHex November 17, 2024 22:09
@hburn7 hburn7 merged commit 04bb28c into master Nov 19, 2024
@hburn7 hburn7 deleted the refactor/session branch November 19, 2024 19:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hburn7 hburn7 Awaiting requested review from hburn7

@AkinariHex AkinariHex Awaiting requested review from AkinariHex AkinariHex is a code owner

Assignees
No one assigned
Labels
size/XL
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Token expiration should be checked when submitting tournaments
3 participants
@myssto @hburn7 @AkinariHex