feat: Fix login, abort all calls on disconnect

[mjadach-iv]

Changelog:

• Fixes the URL-based auto-login so it only runs once on initial page load instead of re-triggering on auth state changes.
• Cancels all in-flight API requests when reconnecting to a node, preventing stale responses from leaking into the new session's state after re-login to a different node.

Summary by CodeRabbit

• Bug Fixes

  • Improved cleanup of pending operations during logout and connection failures for more reliable state resets.
  • Error overlay close now clears failed-login state so users can retry without a full reset.

• Performance

  • Auto-login now runs only once on initial app load to avoid repeated attempts.

• New Features

  • Global tracking and bulk-abort of in-progress network operations to prevent stale requests.

[coderabbitai]

Warning

Rate limit exceeded

@mjadach-iv has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 46 minutes and 24 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 625d0a59-9da3-4aed-8c91-db4f5e0c0506

📥 Commits

Reviewing files that changed from the base of the PR and between 149c243 and 3cd97c9.

📒 Files selected for processing (2)

• src/LayoutEnhanced.tsx
• src/components/ConnectNode/modal.tsx

📝 Walkthrough

Walkthrough

This PR introduces a system to track and abort pending async operations across the application. A new abort registry module provides core infrastructure; Redux middleware automatically registers promise-like abortables; auth state gains a partial reset action; ConnectNode components integrate abort calls on disconnect and reconnect; and LayoutEnhanced restricts URL-driven login to mount-time only.

Changes

Abort Tracking System for Pending Operations

Layer / File(s)	Summary
Abort Registry Foundation src/store/abortRegistry.ts	New module defines a shared pending set to track abortable objects, trackAbortable to register promise-like abortables and remove them on settlement, and abortAllPending to cancel all tracked entries with exception shielding.
Redux Store Middleware Integration src/store/index.ts	Store configuration adds abortTrackingMiddleware that detects dispatch results containing both abort() and then() functions and automatically registers them via trackAbortable, prepended to the default middleware stack.
Auth State Refinement src/store/slices/auth/index.ts	Auth slice gains removeFailedLogin reducer that resets connecting, connected, and error sub-states without full auth reset, enabling targeted cleanup of login failures.
ConnectNode Disconnect and Setup src/components/ConnectNode/index.tsx, src/components/ConnectNode/modal.tsx	ConnectNode components import and call abortAllPending() to cancel pending operations during logout and node reconnection setup. Modal error overlay close now dispatches removeFailedLogin() instead of a full auth reset.
LayoutEnhanced Auto-login Lifecycle src/LayoutEnhanced.tsx	URL-driven auto-login effect is restricted to first component mount via empty dependency array with clarifying comments, preventing repeated execution on credential changes.

🎯 3 (Moderate) | ⏱️ ~25 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately captures both main objectives: fixing login behavior and aborting pending calls on disconnect, which aligns with the changes across all modified files.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch mj/v4-fix-login

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/LayoutEnhanced.tsx (1)

53-160: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Add a ref guard to prevent duplicate login dispatches in React Strict Mode.

In React 19 with StrictMode enabled (as configured in src/index.tsx), a useEffect with an empty dependency array [] and no cleanup function runs twice during development: setup → cleanup → setup. This causes your login dispatches and tracking calls to execute twice unnecessarily.

Use a useRef flag to ensure the effect body runs only once per component lifetime:

Suggested patch

 import { useEffect } from 'react';
+import { useRef } from 'react';
@@
 const LayoutEnhanced = () => {
+  const didRunUrlLoginRef = useRef(false);
@@
   useEffect(() => {
+    if (didRunUrlLoginRef.current) return;
+    didRunUrlLoginRef.current = true;
+
     if (!apiEndpoint) return;
     if (loginData.apiEndpoint === apiEndpoint && loginData.apiToken === apiToken) return;
@@
-    // run only on first mount — URL-driven auto-login
+    // run only once per component lifetime — URL-driven auto-login
   }, []);

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/LayoutEnhanced.tsx` around lines 53 - 160, The effect in
LayoutEnhanced.tsx that performs the URL-driven login (the useEffect containing
the nested useNode async and calls like authActions.useNodeData,
authActionsAsync.loginThunk, and trackGoal) can run twice in React Strict Mode;
add a useRef boolean (e.g., ranRef) at the top of the component and check it at
the start of that useEffect so the body returns immediately if ranRef.current is
true, and set ranRef.current = true the first time the effect runs (so the
subsequent duplicate run is no-op). Ensure the guard covers the entire effect
(including dispatches and trackGoal) so duplicate login dispatches are
prevented.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/components/ConnectNode/modal.tsx`:
- Around line 260-263: There is a dangling identifier token "abortAllPending"
after the call to dispatch(nodeActions.resetState()) which is an
unused-expression and may fail linting; remove that stray token so the code
reads abortAllPending(); dispatch(authActions.resetState());
dispatch(nodeActions.resetState()); (or keep the existing abortAllPending() call
only once) and ensure proper semicolons/line breaks around abortAllPending,
dispatch(authActions.resetState) and dispatch(nodeActions.resetState) to avoid
the leftover identifier.

---

Outside diff comments:
In `@src/LayoutEnhanced.tsx`:
- Around line 53-160: The effect in LayoutEnhanced.tsx that performs the
URL-driven login (the useEffect containing the nested useNode async and calls
like authActions.useNodeData, authActionsAsync.loginThunk, and trackGoal) can
run twice in React Strict Mode; add a useRef boolean (e.g., ranRef) at the top
of the component and check it at the start of that useEffect so the body returns
immediately if ranRef.current is true, and set ranRef.current = true the first
time the effect runs (so the subsequent duplicate run is no-op). Ensure the
guard covers the entire effect (including dispatches and trackGoal) so duplicate
login dispatches are prevented.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 704bfdb4-082c-4414-b652-fe91689674c8

📥 Commits

Reviewing files that changed from the base of the PR and between 0a42679 and e1b7265.

📒 Files selected for processing (6)

• src/LayoutEnhanced.tsx
• src/components/ConnectNode/index.tsx
• src/components/ConnectNode/modal.tsx
• src/store/abortRegistry.ts
• src/store/index.ts
• src/store/slices/auth/index.ts

[github-actions]

🔎 Trivy Security Report

Target	Package	Installed	Severity	CVE
europe-west3-docker.pkg.dev/hoprassociation/docker-images/hopr-admin:4.0.0-rc.1-commit.3cd97c9-linux-amd64 (alpine 3.23.4)	nghttp2-libs	1.68.0-r0	HIGH	CVE-2026-27135