Merge commit '8af7b37b38f3d5c5cb13b3e98530ec4d6127b755' into fix/registration-redirect

fix(auth): restore setAuthenticated in mock-auth catch block
The try-block getSession() pattern is correct for real auth mode. The mock-auth catch block (VITE_MOCK_AUTH) still needs to set the Zustand flag so ProtectedRoute respects the authenticated state. Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-03-31 23:08:22 +00:00 · 2026-03-31 22:30:05 +00:00 · 2026-03-31 22:11:20 +00:00 · 2026-03-31 21:58:30 +00:00 · 2026-03-31 21:55:00 +00:00 · 2026-03-31 21:17:32 +00:00
4 changed files with 25 additions and 7 deletions
@@ -95,7 +95,7 @@ jobs:
        run: |
          CHROME_PATH=$(find /home/runner/.cache/ms-playwright -name chrome -type f 2>/dev/null | head -1)
          npm install -g @lhci/cli
-          LHCI_CHROME_PATH="$CHROME_PATH" lhci autorun
+          CHROME_PATH="$CHROME_PATH" lhci autorun --chrome-flags="--headless=new --no-sandbox --disable-gpu --disable-dev-shm-usage"

  build-and-push:
    runs-on: runners-cartsnitch
@@ -3,7 +3,12 @@
    "collect": {
      "staticDistDir": "./dist",
      "url": ["http://localhost:4173/"],
-      "numberOfRuns": 1
+      "numberOfRuns": 1,
+      "settings": {
+        "chromeFlags": ["--headless=new", "--no-sandbox", "--disable-gpu", "--disable-dev-shm-usage"],
+        "skipAudits": ["bf-cache"],
+        "disableFullPageScreenshot": true
+      }
    },
    "assert": {
      "assertions": {
@@ -16,4 +21,4 @@
      "target": "temporary-public-storage"
    }
  }
-}
+}
@@ -31,8 +31,14 @@ export function Login() {
        throw new Error(authError.message ?? 'Sign in failed')
      }

-      setAuthenticated(true)
-      navigate('/')
+      // After successful signIn, force a session fetch to confirm the cookie is set
+      // before navigating to the protected route
+      const sessionResult = await authClient.getSession()
+      if (sessionResult.data) {
+        navigate('/')
+      } else {
+        setError('Sign in failed. Please try again.')
+      }
    } catch {
      if (import.meta.env.VITE_MOCK_AUTH === 'true') {
        setAuthenticated(true)
@@ -38,8 +38,15 @@ export function Register() {
        throw new Error(authError.message ?? 'Registration failed')
      }

-      setAuthenticated(true)
-      navigate('/')
+      // After successful signUp, force a session fetch to confirm the cookie is set
+      // before navigating to the protected route
+      const sessionResult = await authClient.getSession()
+      if (sessionResult.data) {
+        navigate('/')
+      } else {
+        // Session not established — show success message and link to login
+        setError('Account created! Please sign in.')
+      }
    } catch {
      if (import.meta.env.VITE_MOCK_AUTH === 'true') {
        setAuthenticated(true)
Author	SHA1	Message	Date
CartSnitch Engineer Bot	e45b510519	Merge commit '8af7b37b38f3d5c5cb13b3e98530ec4d6127b755' into fix/registration-redirect	2026-03-31 23:08:22 +00:00
CartSnitch Engineer Bot	f25044ea7e	fix(auth): restore setAuthenticated in mock-auth catch block The try-block getSession() pattern is correct for real auth mode. The mock-auth catch block (VITE_MOCK_AUTH) still needs to set the Zustand flag so ProtectedRoute respects the authenticated state. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-03-31 22:30:05 +00:00
CartSnitch Engineer Bot	b637fd9c11	fix(auth): wait for session confirmation before post-auth redirect Race condition between signUp/signIn completion and ProtectedRoute's useSession() call caused redirect loops — Better-Auth's session cookie is not immediately visible to useSession() after signUp/signIn resolves. Fix: call authClient.getSession() explicitly after signUp/signIn to synchronize before navigating to protected routes. Fall back to error message if session not confirmed. Also removes dead setAuthenticated() calls that only work in mock mode. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-03-31 22:11:20 +00:00
cartsnitch-engineer[bot]	983ee2c398	fix(ci): disable FullPageScreenshot gatherer to prevent Chrome crash Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-03-31 21:58:30 +00:00
cartsnitch-engineer[bot]	8af7b37b38	fix(api): run Alembic migrations on startup (#90 ) Merged by Coupon Carl (CEO). QA approved, CTO approved. CI green (lighthouse failure is known/tracked). cc @cpfarhood	2026-03-31 21:55:00 +00:00
Barcode Betty	b21a30b2e7	fix(ci): skip bf-cache audit to prevent Chrome TARGET_CRASHED in CI Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-03-31 21:17:32 +00:00
Barcode Betty	361ad3acc2	fix(ci): add --disable-gpu and --disable-dev-shm-usage to Lighthouse Chrome flags	2026-03-31 21:07:44 +00:00
Stockboy Steve	5e165d277e	fix(ci): add Chrome sandbox flags and fix CHROME_PATH for Lighthouse Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-03-31 20:48:19 +00:00