Arcadia wiring: - home: real Overview dashboard (tenants/users/audit/health probe) replacing the inherited Vibespace welcome tiles; skeleton loaders, refresh button, registers admin context - profile: split into Account (synced via getUser/updateUser of session user) and local Preferences; updateSessionUser keeps the appbar in sync after edits - session: drop unused signIn mock, add updateSessionUser, refresh tests - profile schema: drop redundant Profile.name/email (session is the source of truth) - routes: delete orphaned resources route + lib Auth flows that previously 404'd: - /signup, /login/forgot, /login/reset, /login/2fa wired via @crema/arcadia-auth-ui - shared AuthShell + AuthBrand wrapper Assistant tools (admin-tools.ts): - +10 tools: deactivate_tenant, set_user_status, delete_user, list_memberships, list_roles, revoke_api_key, create_user, update_user, assign_role, remove_role - list_memberships gains user_id filter for "tenants this user belongs to" queries - search_kb / read_chunk: new token resolution (window override → VITE_ARCADIA_SEARCH_TOKEN service token → operator session JWT → "dev"); on 401/403 emit a tailored hint based on which token was used UI consistency: - new PageHeader component - AppShell.title was unrendered — dropped; first-child padding on #main-content keeps the floating actions pill from colliding with header content - removed dead "Sign in required" fallback cards from 14 routes (AppShell already redirects) - stripped p-6 from outer wrappers across 14 routes (was double-padding under AppShell's own p-6) - migrated home + tenants to PageHeader arcadia-search ergonomics: - scripts/mint-search-token.mjs + `npm run mint:search-token` mints HS512 JWT with required tenant_id claim, upserts VITE_ARCADIA_SEARCH_TOKEN into .env.local - README/.env document the new VITE_ARCADIA_SEARCH_URL / VITE_ARCADIA_SEARCH_TOKEN knobs - .env.local now gitignored Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
153 lines
4.5 KiB
TypeScript
153 lines
4.5 KiB
TypeScript
// Session — minimal auth scaffold backed by localStorage.
|
|
// Sign-in is owned by `persistFromArcadiaLogin`, which is called by the auth
|
|
// routes after a successful arcadia API exchange. The shape here matches what
|
|
// AppShell + useUser expect.
|
|
|
|
import { useEffect, useSyncExternalStore } from "react"
|
|
|
|
import { profileInitials } from "~/lib/profile"
|
|
|
|
export type Session = {
|
|
userId: string
|
|
name: string
|
|
email: string
|
|
token: string
|
|
// Issued at, ms since epoch.
|
|
issuedAt: number
|
|
}
|
|
|
|
const STORAGE_KEY = "crema.session"
|
|
const CHANGE_EVENT = "crema:session-change"
|
|
|
|
function readFromStorage(): Session | null {
|
|
if (typeof window === "undefined") return null
|
|
try {
|
|
const raw = localStorage.getItem(STORAGE_KEY)
|
|
if (!raw) return null
|
|
const parsed = JSON.parse(raw) as Partial<Session>
|
|
if (
|
|
typeof parsed.userId !== "string" ||
|
|
typeof parsed.email !== "string" ||
|
|
typeof parsed.token !== "string"
|
|
)
|
|
return null
|
|
return {
|
|
userId: parsed.userId,
|
|
name:
|
|
typeof parsed.name === "string" && parsed.name.trim()
|
|
? parsed.name
|
|
: parsed.email,
|
|
email: parsed.email,
|
|
token: parsed.token,
|
|
issuedAt:
|
|
typeof parsed.issuedAt === "number" ? parsed.issuedAt : Date.now(),
|
|
}
|
|
} catch {
|
|
return null
|
|
}
|
|
}
|
|
|
|
export function loadSession(): Session | null {
|
|
return readFromStorage()
|
|
}
|
|
|
|
export function signOut() {
|
|
if (typeof window === "undefined") return
|
|
localStorage.removeItem(STORAGE_KEY)
|
|
sessionStorage.removeItem("arcadia_access_token")
|
|
sessionStorage.removeItem("arcadia_refresh_token")
|
|
window.dispatchEvent(new CustomEvent(CHANGE_EVENT))
|
|
}
|
|
|
|
/** Bridge: persist a Session record from a successful arcadia login.
|
|
* Stores the JWT in sessionStorage (where ArcadiaProvider's getToken reads
|
|
* it) and writes the user-shaped Session into localStorage so the existing
|
|
* AppShell / useUser machinery keeps working unchanged. */
|
|
export function persistFromArcadiaLogin(
|
|
tokens: { access_token: string; refresh_token?: string },
|
|
user?: { id: string; email: string; full_name?: string; first_name?: string; last_name?: string } | null,
|
|
): Session {
|
|
const name =
|
|
user?.full_name ||
|
|
[user?.first_name, user?.last_name].filter(Boolean).join(" ") ||
|
|
user?.email ||
|
|
"Signed-in user"
|
|
const session: Session = {
|
|
userId: user?.id ?? `arcadia-${Date.now().toString(36)}`,
|
|
name,
|
|
email: user?.email ?? "",
|
|
token: tokens.access_token,
|
|
issuedAt: Date.now(),
|
|
}
|
|
if (typeof window !== "undefined") {
|
|
sessionStorage.setItem("arcadia_access_token", tokens.access_token)
|
|
if (tokens.refresh_token) sessionStorage.setItem("arcadia_refresh_token", tokens.refresh_token)
|
|
localStorage.setItem(STORAGE_KEY, JSON.stringify(session))
|
|
window.dispatchEvent(new CustomEvent(CHANGE_EVENT))
|
|
}
|
|
return session
|
|
}
|
|
|
|
/** Patch the stored session's identity fields without changing the token.
|
|
* Use after the operator edits their profile so the appbar avatar and
|
|
* protected-shell greeting reflect the new name/email immediately. */
|
|
export function updateSessionUser(patch: {
|
|
name?: string
|
|
email?: string
|
|
}): Session | null {
|
|
if (typeof window === "undefined") return null
|
|
const current = readFromStorage()
|
|
if (!current) return null
|
|
const next: Session = {
|
|
...current,
|
|
name: patch.name?.trim() ? patch.name : current.name,
|
|
email: patch.email?.trim() ? patch.email : current.email,
|
|
}
|
|
localStorage.setItem(STORAGE_KEY, JSON.stringify(next))
|
|
window.dispatchEvent(new CustomEvent(CHANGE_EVENT))
|
|
return next
|
|
}
|
|
|
|
/** True if a non-expired session is in storage. */
|
|
export function hasSession(): boolean {
|
|
return !!readFromStorage()
|
|
}
|
|
|
|
let cached: Session | null = null
|
|
let cacheValid = false
|
|
|
|
function subscribe(cb: () => void): () => void {
|
|
const onChange = () => {
|
|
cacheValid = false
|
|
cb()
|
|
}
|
|
window.addEventListener(CHANGE_EVENT, onChange)
|
|
window.addEventListener("storage", (e) => {
|
|
if (e.key === STORAGE_KEY) onChange()
|
|
})
|
|
return () => window.removeEventListener(CHANGE_EVENT, onChange)
|
|
}
|
|
function getSnapshot(): Session | null {
|
|
if (!cacheValid) {
|
|
cached = readFromStorage()
|
|
cacheValid = true
|
|
}
|
|
return cached
|
|
}
|
|
function getServerSnapshot(): Session | null {
|
|
return null
|
|
}
|
|
|
|
export function useSession(): Session | null {
|
|
const s = useSyncExternalStore(subscribe, getSnapshot, getServerSnapshot)
|
|
useEffect(() => {
|
|
cacheValid = false
|
|
}, [])
|
|
return s
|
|
}
|
|
|
|
export function sessionInitials(session: Session | null): string {
|
|
if (!session) return "?"
|
|
return profileInitials(session.name || session.email)
|
|
}
|