feat(api): sync Client with Server API contract#48
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 5fb5a1e578
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| /> | ||
| ) : null} | ||
|
|
||
| {isSignedIn && projectGroupQuery.error ? ( |
There was a problem hiding this comment.
This error branch runs whenever projectGroupQuery.error is set, even if projectGroupQuery.data still exists from a previous successful fetch. In TanStack Query, background refetch failures can leave stale data in cache, so this renders a contradictory UI (활성 팀 스페이스가 없습니다 plus a populated team panel) and misleads signed-in users during transient API errors. Gate this notice on !projectGroupQuery.data (or initial error state) to avoid false negatives.
Useful? React with 👍 / 👎.
| ); | ||
| } | ||
|
|
||
| if (!isDeleteEmailVerified) { |
There was a problem hiding this comment.
Account deletion is authorized by a single process-wide boolean (isDeleteEmailVerified), and this check does not verify which user completed the email-code validation. If one account validates the code and then currentUser changes (e.g., OAuth login/signup handler sets a different user), the next user can delete without re-validating. Track verification per user (or reset it whenever currentUser/currentUserId changes) to prevent cross-user state leakage in the mock API.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 838aef0a81
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| /> | ||
| ) : null} | ||
|
|
||
| {projectGroupQuery.data ? ( |
There was a problem hiding this comment.
This branch renders the full team-space payload whenever projectGroupQuery.data exists, even when isSignedIn is false. Because useMyProjectGroupQuery is only disabled (not cleared) for signed-out users, cached data from a prior authenticated session can still be returned and shown, exposing previous user team metadata after logout (or during account switching in the same tab). Gate this render path with isSignedIn (or ensure the query is cleared on auth changes) to prevent cross-session data leakage.
Useful? React with 👍 / 👎.
|
|
||
| export const projectGroupQueryKeys = { | ||
| all: ["project-groups"] as const, | ||
| me: ["project-groups", "me"] as const, |
There was a problem hiding this comment.
The me query key is static even though /project-groups/me is user-scoped, so cache entries are reused across different authenticated users in the same client. In account-switch flows, this can surface the previous user's project-group data until a refetch completes (and persists when the query is disabled), which creates stale/cross-user UI state. Include a user/session discriminator in the key or clear this key whenever auth identity changes.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: a528241191
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| let activeMatchId: number | null = null; | ||
| let activeMatchMembers: MatchMemberResponse["members"] = []; | ||
| let activeMatchProject: MatchProjectResponse | null = null; | ||
| let activeProjectGroup: MyProjectGroup | null = createMockProjectGroup(); |
There was a problem hiding this comment.
activeProjectGroup is initialized once from the startup currentUser/currentUserId and never refreshed when those auth values change (for example in the OAuth login and signup handlers). As a result, GET /project-groups/me can return a project group whose currentUserId and member profile data belong to a previous user, so the Team Space view shows cross-user stale data in mock mode during account-switch flows. Recompute activeProjectGroup whenever currentUser or currentUserId is reassigned (or derive it on demand in the GET handler).
Useful? React with 👍 / 👎.
1 participant
Summary
Validation
Closes #47