feat(auth): complete profile and matching request flow#27
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: b6b6106795
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
|
||
| export function verifyEmail(payload: VerifyEmailRequest) { | ||
| return apiRequest<VerifyEmailResponse>("/auth/email-verifications/confirm", { | ||
| return apiRequest<LoginResponse>("/users/sign-in", { |
There was a problem hiding this comment.
This login client now posts to /users/sign-in and assumes the response is a raw session object, but openapi/openapi.yaml still defines /auth/login with a LoginResponse shaped as { user, session }. In real API mode this will either hit a missing route or persist an invalid session (e.g., missing accessToken at the top level), which breaks authenticated flows right after login. Please keep the client aligned with the documented contract (or update the OpenAPI contract in the same change).
Useful? React with 👍 / 👎.
| onSuccess: () => { | ||
| clearAuthSession(); | ||
| }, |
There was a problem hiding this comment.
On password-change success we clear local auth storage but do not clear ['users','me'] query data. Because useCurrentUserQuery is only disabled via enabled and not removed, TanStack Query can continue serving cached profile data after the forced redirect to login, so a signed-out user can still see stale /me data. Mirror the delete flow by removing/resetting the current-user query when the session is cleared.
Useful? React with 👍 / 👎.
|
@codex 반영완료. 리뷰 |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 282604e03f
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| return apiRequest<void>("/users/sign-up", { | ||
| json: { | ||
| email: payload.email.trim(), | ||
| level: payload.level, |
There was a problem hiding this comment.
The client now submits sign-up to /users/sign-up as JSON, but the repository’s OpenAPI contract still defines sign-up as POST /users with multipart/form-data (see openapi/openapi.yaml under /users). If the backend follows that contract, this call will fail with 404/415 and new user registration will not work in production.
Useful? React with 👍 / 👎.
| export function getCurrentUser() { | ||
| return apiRequest<CurrentUserResponse>("/users/me"); | ||
| return apiRequest<UserProfile>("/users/me"); |
There was a problem hiding this comment.
getCurrentUser now assumes the API returns a raw UserProfile, but the documented contract for GET /users/me returns an object with a user field (GetCurrentUserResponse in openapi/openapi.yaml). With the documented backend, query data shape will be wrong and profile UI fields will read undefined values instead of the actual user profile.
Useful? React with 👍 / 👎.
| return apiRequest<void>("/users/me", { | ||
| json: { | ||
| description: payload.description.trim() || null, | ||
| level: payload.level, |
There was a problem hiding this comment.
The profile update request was changed to PUT /users/me with JSON, but the OpenAPI file still defines PATCH /users/me with multipart/form-data (UpdateCurrentUserRequest). If the backend is implemented from that contract, profile edits (including image updates) will be rejected and users will be unable to save account changes.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 61271cf83b
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| return apiRequest<void>("/users/me/password", { | ||
| json: payload, | ||
| method: "PUT", |
There was a problem hiding this comment.
This mutation calls PUT /users/me/password, but openapi/openapi.yaml only defines GET|PUT|DELETE /users/me and has no /users/me/password path or request schema. In real API mode against a backend implemented from the documented contract, password-change requests will fail (typically 404), so users cannot complete this flow.
Useful? React with 👍 / 👎.
| queryClient.removeQueries({ | ||
| queryKey: authQueryKeys.currentUser, | ||
| }); |
There was a problem hiding this comment.
On password-change success we clear local auth and only remove ['users','me'], leaving the ['match','status'] query cached. Because useProjectRequestStatusQuery is merely disabled when signed out, cached status can still be read, and MatchRequestView renders status before its signed-out branch, so previous-session WAITING/MATCHING state can appear after logout (and for the next user until refetch).
Useful? React with 👍 / 👎.
1 participant
Summary
Validation
pnpm tsc --noEmit: passpnpm biome lint .: passpnpm build: pass (Vite chunk-size warning only)Closes #26