idek

[Edd1e1]

Summary by CodeRabbit

• New Features
  • Google sign-in added to login and registration pages
  • Import items between lists with interactive target selection
  • Map theme switching (light/dark mode) synchronized with app UI theme
  • Enhanced map visuals: improved marker styling, updated route visualization, and transport mode-aware user location indicator

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
ucart	Ready	Preview, Comment	Jun 4, 2026 4:51pm

[coderabbitai]

Note

Reviews paused

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

This PR integrates Google OAuth authentication, adds per-list import workflows, implements map theme toggling, and refactors macro-route coordinate handling. Six complementary features span OAuth setup, auth page flows, list import UI, map theming, routing parameter expansion, and visual marker/tile updates.

Changes

Google OAuth and Enhanced List/Map Features

Layer / File(s)	Summary
Google OAuth Foundation package.json, src/main.tsx, src/services/authService.ts	Adds @react-oauth/google dependency, wraps app with GoogleOAuthProvider, and introduces googleLoginRequest method that posts credentials to /api/auth/google and stores auth tokens via Zustand.
Login and Registration Google Flow src/pages/LoginPage/LoginPage.tsx, src/pages/RegistrationPage/RegistrationPage.tsx	LoginPage and RegistrationPage each add "Continue with Google" button wired to useGoogleLogin hook; on success, calls googleLoginRequest, updates auth state, and navigates to /dashboard; failures display error message.
ListCard Import Action src/components/Card/ListCard.tsx	ListCard adds optional onImport prop and displays ListPlus icon button when import or delete is available; refactors top-right action area with shared wrapper controlling positioning and z-index.
Dashboard Import Target Picker Modal src/pages/Dashboard/Dashboard.tsx	Adds importPickerSourceId state and import handlers; extends ListCategorySection, DashboardTabsView, and DashboardSplitView with onImportList callback; renders modal with all target lists (excluding source) and empty-state when no alternatives exist.
Map Theme Toggle and Persistence src/pages/UnifiedMap/UnifiedMap.tsx	Consumes uiTheme from theme store, derives effective light/dark value for system mode, initializes mapTheme from localStorage or computed value, and adds top-right toggle UI button to switch and persist map theme.
Macro-Route Coordinate Refactoring src/pages/UnifiedMap/UnifiedMap.tsx, src/services/routingService.ts	fetchMacroRoute refactored to accept optional store coordinates; getMacroEstimates updated to conditionally include storeLat/storeLng query params; city-mode and custom-store callers updated to pass target location explicitly.
Map Tile and Marker Visual Updates src/pages/UnifiedMap/UnifiedMap.tsx	TileLayer switches between Stadia dark/light endpoints by mapTheme; recommended-store and target-store markers use new SVG/icon sizing; city-mode macro route rendered as two overlapping solid polylines instead of single dashed; user-location marker icon varies by transportMode.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• P2P-Shopping/web#63: Modifies Dashboard item-import logic and bulk import path handling, overlapping with this PR's per-list import initiation and target-picker modal.
• P2P-Shopping/web#33: Extends getMacroEstimates routing function; main PR further extends it with optional store coordinates.
• P2P-Shopping/web#31: Centralizes ListCard UI; main PR extends it with onImport action and adjusts button layout.

Suggested reviewers

• iuliaaa20
• Bianca-Alexandru
• R4R35

Poem

🐰 A rabbit hops through OAuth's gate,
Lists now import at quicker rate,
Maps shine brighter, dark and light,
Routes find coordinates just right! 🗺️✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'idek' is vague and non-descriptive, providing no meaningful information about the extensive changes spanning Google OAuth integration, list import functionality, map theme switching, and routing service updates.	Replace with a descriptive title summarizing the main changes, such as 'Add Google OAuth integration and list import functionality' or 'Implement OAuth, import flows, and map theme switching'.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch oauth-bettermap-betterui-newicons-mergelisting

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[driedpampas]

@coderabbitai cancel

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/pages/UnifiedMap/UnifiedMap.tsx (1)

1563-1570: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Pass target coordinates during session restore route fetch.

The restore path still calls fetchMacroRoute(targetStoreId) without coordinates even though targetStoreLocation is already available. That leaves this path out of the coordinate-aware refactor and can fail to restore custom/candidate-store routes reliably after refresh.

Suggested fix

-        if (
-            navigationMode === "city" &&
-            targetStoreLocation &&
-            targetStoreId &&
-            macroRouteGeometry.length === 0
-        ) {
-            void fetchMacroRoute(targetStoreId);
-        }
+        if (
+            navigationMode === "city" &&
+            targetStoreLocation &&
+            macroRouteGeometry.length === 0
+        ) {
+            void fetchMacroRoute(
+                targetStoreId ?? null,
+                targetStoreLocation.lat,
+                targetStoreLocation.lng,
+            );
+        }

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/pages/UnifiedMap/UnifiedMap.tsx` around lines 1563 - 1570, The restore
path calls fetchMacroRoute without coordinates which breaks the coordinate-aware
refactor; update the conditional branch that checks navigationMode,
targetStoreLocation, targetStoreId, and macroRouteGeometry to call
fetchMacroRoute with the target coordinates (e.g., pass targetStoreLocation or
its lat/lng) instead of only targetStoreId, and ensure the fetchMacroRoute
function signature (and any callers) accept and use those coordinates so
restored routes for custom/candidate stores rebuild correctly.

🧹 Nitpick comments (2)

src/pages/RegistrationPage/RegistrationPage.tsx (1)

7-8: ⚡ Quick win

Consolidate Google auth handling to one source of truth.

This flow duplicates auth-store mutation after googleLoginRequest and relies on as string. Let the service own auth-setting, then remove local setAuth wiring from this page.

Proposed refactor

-import { useStore } from "../../context/useStore";
 import { googleLoginRequest, registerRequest } from "../../services/authService";
...
-    const setAuth = useStore((state) => state.setAuth);
...
         onSuccess: async (tokenResponse) => {
             try {
-                const result = await googleLoginRequest(tokenResponse.access_token);
-                setAuth(result, result.token as string);
+                await googleLoginRequest(tokenResponse.access_token);
                 toast.success("Welcome!");
                 navigate("/dashboard");
             } catch {
                 setError("Google login failed. Please try again.");
             }

Also applies to: 22-22, 27-30

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/pages/RegistrationPage/RegistrationPage.tsx` around lines 7 - 8, The page
currently duplicates auth mutations by calling setAuth from useStore after
googleLoginRequest/registerRequest and uses unsafe casts (as string); instead,
move auth-setting into the service and remove local wiring: update
googleLoginRequest and registerRequest to be the single source of truth that
sets auth state (or return a fully typed auth result), stop calling setAuth
inside RegistrationPage (remove setAuth usage and the as string casts), and
clean up imports (remove useStore if no longer used); locate references to
googleLoginRequest, registerRequest, and setAuth in RegistrationPage.tsx and
remove the local post-request setAuth logic so the component relies on the
service-managed auth state.

src/pages/LoginPage/LoginPage.tsx (1)

20-23: ⚡ Quick win

Remove duplicate auth-state write in Google success handler.

googleLoginRequest already updates auth store; re-calling setAuth here with result.token as string duplicates side effects and keeps an unsafe cast on this path.

Proposed refactor

     const handleGoogleSuccess = async (credential: string) => {
         try {
-            const result = await googleLoginRequest(credential);
-            setAuth(result, result.token as string);
+            await googleLoginRequest(credential);
             toast.success("Welcome!");
             navigate("/dashboard");
         } catch {
             setError("Google login failed. Please try again.");
         }
     };

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/pages/LoginPage/LoginPage.tsx` around lines 20 - 23, The
googleLoginRequest success handler currently calls setAuth(result, result.token
as string) which duplicates auth-store writes and uses an unsafe cast; remove
the duplicate setAuth(...) call and the cast, and rely on googleLoginRequest to
update auth state; keep the toast.success("Welcome!") and navigate("/dashboard")
behavior, and if you need the token later use a safe access (e.g., check
result.token) instead of casting.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/main.tsx`:
- Line 8: Replace the hardcoded GOOGLE_CLIENT_ID constant with the
environment-configured value so the Google auth provider uses
import.meta.env.VITE_GOOGLE_CLIENT_ID (or the existing VITE_GOOGLE_CLIENT_ID
reference) at runtime; update the GOOGLE_CLIENT_ID declaration and the
GoogleProvider/clientId usage (look for GOOGLE_CLIENT_ID and GoogleProvider) to
read the env variable instead of the literal string and guard/throw an error if
the env value is missing.

In `@src/services/authService.ts`:
- Around line 64-75: The function googleLoginRequest should fail fast when the
Google auth response lacks a usable token: after extracting token from
response.data, verify token is a non-empty string and if not, throw an Error (or
return a rejected Promise) with a clear message so callers don’t treat this as
success; only call useStore.getState().setAuth(userData, token) when the token
check passes and then return response.data on success.

---

Outside diff comments:
In `@src/pages/UnifiedMap/UnifiedMap.tsx`:
- Around line 1563-1570: The restore path calls fetchMacroRoute without
coordinates which breaks the coordinate-aware refactor; update the conditional
branch that checks navigationMode, targetStoreLocation, targetStoreId, and
macroRouteGeometry to call fetchMacroRoute with the target coordinates (e.g.,
pass targetStoreLocation or its lat/lng) instead of only targetStoreId, and
ensure the fetchMacroRoute function signature (and any callers) accept and use
those coordinates so restored routes for custom/candidate stores rebuild
correctly.

---

Nitpick comments:
In `@src/pages/LoginPage/LoginPage.tsx`:
- Around line 20-23: The googleLoginRequest success handler currently calls
setAuth(result, result.token as string) which duplicates auth-store writes and
uses an unsafe cast; remove the duplicate setAuth(...) call and the cast, and
rely on googleLoginRequest to update auth state; keep the
toast.success("Welcome!") and navigate("/dashboard") behavior, and if you need
the token later use a safe access (e.g., check result.token) instead of casting.

In `@src/pages/RegistrationPage/RegistrationPage.tsx`:
- Around line 7-8: The page currently duplicates auth mutations by calling
setAuth from useStore after googleLoginRequest/registerRequest and uses unsafe
casts (as string); instead, move auth-setting into the service and remove local
wiring: update googleLoginRequest and registerRequest to be the single source of
truth that sets auth state (or return a fully typed auth result), stop calling
setAuth inside RegistrationPage (remove setAuth usage and the as string casts),
and clean up imports (remove useStore if no longer used); locate references to
googleLoginRequest, registerRequest, and setAuth in RegistrationPage.tsx and
remove the local post-request setAuth logic so the component relies on the
service-managed auth state.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: d292965c-0af7-4e4a-9483-3e5d354796e8

📥 Commits

Reviewing files that changed from the base of the PR and between 73c9267 and 83c783f.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (9)

• package.json
• src/components/Card/ListCard.tsx
• src/main.tsx
• src/pages/Dashboard/Dashboard.tsx
• src/pages/LoginPage/LoginPage.tsx
• src/pages/RegistrationPage/RegistrationPage.tsx
• src/pages/UnifiedMap/UnifiedMap.tsx
• src/services/authService.ts
• src/services/routingService.ts

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Use environment-configured Google client ID for the provider.

Line 8 hardcodes the client ID while Line 16 reads VITE_GOOGLE_CLIENT_ID; the provider (Line 20) should use the env value to avoid environment-specific OAuth breakage.

Proposed fix

-const GOOGLE_CLIENT_ID = "1011433342347-l9445a7d8f14e06rcog3npas9uvsos96.apps.googleusercontent.com"
+const GOOGLE_CLIENT_ID = import.meta.env.VITE_GOOGLE_CLIENT_ID;
+if (!GOOGLE_CLIENT_ID) {
+    throw new Error("Missing VITE_GOOGLE_CLIENT_ID");
+}
...
-console.log("CLIENT ID:", import.meta.env.VITE_GOOGLE_CLIENT_ID);

Also applies to: 16-16, 20-20

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/main.tsx` at line 8, Replace the hardcoded GOOGLE_CLIENT_ID constant with
the environment-configured value so the Google auth provider uses
import.meta.env.VITE_GOOGLE_CLIENT_ID (or the existing VITE_GOOGLE_CLIENT_ID
reference) at runtime; update the GOOGLE_CLIENT_ID declaration and the
GoogleProvider/clientId usage (look for GOOGLE_CLIENT_ID and GoogleProvider) to
read the env variable instead of the literal string and guard/throw an error if
the env value is missing.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Fail fast when Google auth response has no usable token.

googleLoginRequest currently returns success even if token is absent/empty, which can push callers down a success navigation path without a valid authenticated session.

Proposed fix

 export const googleLoginRequest = async (credential: string) => {
     const response = await api.post<AuthResponse>(
         "/api/auth/google",
         { credential },
         { headers: { "X-Return-Token": "true" } },
     );
     const { token, ...userData } = response.data;
-    if (token) {
-        useStore.getState().setAuth(userData, token);
-    }
+    if (typeof token !== "string" || token.trim().length === 0) {
+        throw new Error("Invalid response from server. No token received.");
+    }
+    useStore.getState().setAuth(userData, token);
     return response.data;
 };

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/services/authService.ts` around lines 64 - 75, The function
googleLoginRequest should fail fast when the Google auth response lacks a usable
token: after extracting token from response.data, verify token is a non-empty
string and if not, throw an Error (or return a rejected Promise) with a clear
message so callers don’t treat this as success; only call
useStore.getState().setAuth(userData, token) when the token check passes and
then return response.data on success.

[coderabbitai]

@driedpampas Sure, I'll cancel the review.

✅ Action performed

Reviews paused.

[sonarqubecloud]

Quality Gate passed

Issues
4 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud