From 5e165d277edd1118b8e765b7346e77f3a077e2f5 Mon Sep 17 00:00:00 2001 From: Stockboy Steve Date: Tue, 31 Mar 2026 19:23:55 +0000 Subject: [PATCH 1/6] fix(ci): add Chrome sandbox flags and fix CHROME_PATH for Lighthouse Co-Authored-By: Paperclip --- .github/workflows/ci.yml | 2 +- lighthouserc.json | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 27ac4b3..fd48684 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -95,7 +95,7 @@ jobs: run: | CHROME_PATH=$(find /home/runner/.cache/ms-playwright -name chrome -type f 2>/dev/null | head -1) npm install -g @lhci/cli - LHCI_CHROME_PATH="$CHROME_PATH" lhci autorun + CHROME_PATH="$CHROME_PATH" lhci autorun --chrome-flags="--headless=new --no-sandbox" build-and-push: runs-on: runners-cartsnitch diff --git a/lighthouserc.json b/lighthouserc.json index fcc75b7..c839ba7 100644 --- a/lighthouserc.json +++ b/lighthouserc.json @@ -3,7 +3,10 @@ "collect": { "staticDistDir": "./dist", "url": ["http://localhost:4173/"], - "numberOfRuns": 1 + "numberOfRuns": 1, + "settings": { + "chromeFlags": ["--headless=new", "--no-sandbox"] + } }, "assert": { "assertions": { From 361ad3acc266c3848aaa2cdda7e1e2f5a73c0e5f Mon Sep 17 00:00:00 2001 From: Barcode Betty Date: Tue, 31 Mar 2026 21:07:44 +0000 Subject: [PATCH 2/6] fix(ci): add --disable-gpu and --disable-dev-shm-usage to Lighthouse Chrome flags --- .github/workflows/ci.yml | 2 +- lighthouserc.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fd48684..da8a92b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -95,7 +95,7 @@ jobs: run: | CHROME_PATH=$(find /home/runner/.cache/ms-playwright -name chrome -type f 2>/dev/null | head -1) npm install -g @lhci/cli - CHROME_PATH="$CHROME_PATH" lhci autorun --chrome-flags="--headless=new --no-sandbox" + CHROME_PATH="$CHROME_PATH" lhci autorun --chrome-flags="--headless=new --no-sandbox --disable-gpu --disable-dev-shm-usage" build-and-push: runs-on: runners-cartsnitch diff --git a/lighthouserc.json b/lighthouserc.json index c839ba7..525b132 100644 --- a/lighthouserc.json +++ b/lighthouserc.json @@ -5,7 +5,7 @@ "url": ["http://localhost:4173/"], "numberOfRuns": 1, "settings": { - "chromeFlags": ["--headless=new", "--no-sandbox"] + "chromeFlags": ["--headless=new", "--no-sandbox", "--disable-gpu", "--disable-dev-shm-usage"] } }, "assert": { From b21a30b2e7f621af1281667693c856dd5337ce23 Mon Sep 17 00:00:00 2001 From: Barcode Betty Date: Tue, 31 Mar 2026 21:17:32 +0000 Subject: [PATCH 3/6] fix(ci): skip bf-cache audit to prevent Chrome TARGET_CRASHED in CI Co-Authored-By: Paperclip --- lighthouserc.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lighthouserc.json b/lighthouserc.json index 525b132..c974515 100644 --- a/lighthouserc.json +++ b/lighthouserc.json @@ -5,7 +5,8 @@ "url": ["http://localhost:4173/"], "numberOfRuns": 1, "settings": { - "chromeFlags": ["--headless=new", "--no-sandbox", "--disable-gpu", "--disable-dev-shm-usage"] + "chromeFlags": ["--headless=new", "--no-sandbox", "--disable-gpu", "--disable-dev-shm-usage"], + "skipAudits": ["bf-cache"] } }, "assert": { From 983ee2c39844b520c08a2d6cde38593d3a10cc60 Mon Sep 17 00:00:00 2001 From: "cartsnitch-engineer[bot]" <269717931+cartsnitch-engineer[bot]@users.noreply.github.com> Date: Tue, 31 Mar 2026 21:58:30 +0000 Subject: [PATCH 4/6] fix(ci): disable FullPageScreenshot gatherer to prevent Chrome crash Co-Authored-By: Paperclip --- lighthouserc.json | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lighthouserc.json b/lighthouserc.json index c974515..f85a377 100644 --- a/lighthouserc.json +++ b/lighthouserc.json @@ -6,7 +6,8 @@ "numberOfRuns": 1, "settings": { "chromeFlags": ["--headless=new", "--no-sandbox", "--disable-gpu", "--disable-dev-shm-usage"], - "skipAudits": ["bf-cache"] + "skipAudits": ["bf-cache"], + "disableFullPageScreenshot": true } }, "assert": { @@ -20,4 +21,4 @@ "target": "temporary-public-storage" } } -} +} \ No newline at end of file From b637fd9c11a42de8aa23415edf6ed4daec326f91 Mon Sep 17 00:00:00 2001 From: CartSnitch Engineer Bot Date: Tue, 31 Mar 2026 22:11:20 +0000 Subject: [PATCH 5/6] fix(auth): wait for session confirmation before post-auth redirect MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Race condition between signUp/signIn completion and ProtectedRoute's useSession() call caused redirect loops — Better-Auth's session cookie is not immediately visible to useSession() after signUp/signIn resolves. Fix: call authClient.getSession() explicitly after signUp/signIn to synchronize before navigating to protected routes. Fall back to error message if session not confirmed. Also removes dead setAuthenticated() calls that only work in mock mode. Co-Authored-By: Paperclip --- src/pages/Login.tsx | 13 ++++++++----- src/pages/Register.tsx | 14 +++++++++----- 2 files changed, 17 insertions(+), 10 deletions(-) diff --git a/src/pages/Login.tsx b/src/pages/Login.tsx index bf6b215..6ee9bcf 100644 --- a/src/pages/Login.tsx +++ b/src/pages/Login.tsx @@ -1,7 +1,6 @@ import { useState } from 'react' import { Link, useNavigate } from 'react-router-dom' import { authClient } from '../lib/auth-client.ts' -import { useAuthStore } from '../stores/auth.ts' export function Login() { const [email, setEmail] = useState('') @@ -9,7 +8,6 @@ export function Login() { const [error, setError] = useState('') const [loading, setLoading] = useState(false) const navigate = useNavigate() - const setAuthenticated = useAuthStore((s) => s.setAuthenticated) async function handleSubmit(e: React.FormEvent) { e.preventDefault() @@ -31,11 +29,16 @@ export function Login() { throw new Error(authError.message ?? 'Sign in failed') } - setAuthenticated(true) - navigate('/') + // After successful signIn, force a session fetch to confirm the cookie is set + // before navigating to the protected route + const sessionResult = await authClient.getSession() + if (sessionResult.data) { + navigate('/') + } else { + setError('Sign in failed. Please try again.') + } } catch { if (import.meta.env.VITE_MOCK_AUTH === 'true') { - setAuthenticated(true) navigate('/') } else { setError('Invalid email or password. Please try again.') diff --git a/src/pages/Register.tsx b/src/pages/Register.tsx index a65e7b6..a93317d 100644 --- a/src/pages/Register.tsx +++ b/src/pages/Register.tsx @@ -1,7 +1,6 @@ import { useState } from 'react' import { Link, useNavigate } from 'react-router-dom' import { authClient } from '../lib/auth-client.ts' -import { useAuthStore } from '../stores/auth.ts' export function Register() { const [name, setName] = useState('') @@ -10,7 +9,6 @@ export function Register() { const [error, setError] = useState('') const [loading, setLoading] = useState(false) const navigate = useNavigate() - const setAuthenticated = useAuthStore((s) => s.setAuthenticated) async function handleSubmit(e: React.FormEvent) { e.preventDefault() @@ -38,11 +36,17 @@ export function Register() { throw new Error(authError.message ?? 'Registration failed') } - setAuthenticated(true) - navigate('/') + // After successful signUp, force a session fetch to confirm the cookie is set + // before navigating to the protected route + const sessionResult = await authClient.getSession() + if (sessionResult.data) { + navigate('/') + } else { + // Session not established — show success message and link to login + setError('Account created! Please sign in.') + } } catch { if (import.meta.env.VITE_MOCK_AUTH === 'true') { - setAuthenticated(true) navigate('/') } else { setError('Registration failed. Please try again.') From f25044ea7e079cc738f8d4a09d6e0bb5209d4904 Mon Sep 17 00:00:00 2001 From: CartSnitch Engineer Bot Date: Tue, 31 Mar 2026 22:30:05 +0000 Subject: [PATCH 6/6] fix(auth): restore setAuthenticated in mock-auth catch block The try-block getSession() pattern is correct for real auth mode. The mock-auth catch block (VITE_MOCK_AUTH) still needs to set the Zustand flag so ProtectedRoute respects the authenticated state. Co-Authored-By: Paperclip --- src/pages/Login.tsx | 3 +++ src/pages/Register.tsx | 3 +++ 2 files changed, 6 insertions(+) diff --git a/src/pages/Login.tsx b/src/pages/Login.tsx index 6ee9bcf..ae7fc0c 100644 --- a/src/pages/Login.tsx +++ b/src/pages/Login.tsx @@ -1,6 +1,7 @@ import { useState } from 'react' import { Link, useNavigate } from 'react-router-dom' import { authClient } from '../lib/auth-client.ts' +import { useAuthStore } from '../stores/auth.ts' export function Login() { const [email, setEmail] = useState('') @@ -8,6 +9,7 @@ export function Login() { const [error, setError] = useState('') const [loading, setLoading] = useState(false) const navigate = useNavigate() + const setAuthenticated = useAuthStore((s) => s.setAuthenticated) async function handleSubmit(e: React.FormEvent) { e.preventDefault() @@ -39,6 +41,7 @@ export function Login() { } } catch { if (import.meta.env.VITE_MOCK_AUTH === 'true') { + setAuthenticated(true) navigate('/') } else { setError('Invalid email or password. Please try again.') diff --git a/src/pages/Register.tsx b/src/pages/Register.tsx index a93317d..c75e2d6 100644 --- a/src/pages/Register.tsx +++ b/src/pages/Register.tsx @@ -1,6 +1,7 @@ import { useState } from 'react' import { Link, useNavigate } from 'react-router-dom' import { authClient } from '../lib/auth-client.ts' +import { useAuthStore } from '../stores/auth.ts' export function Register() { const [name, setName] = useState('') @@ -9,6 +10,7 @@ export function Register() { const [error, setError] = useState('') const [loading, setLoading] = useState(false) const navigate = useNavigate() + const setAuthenticated = useAuthStore((s) => s.setAuthenticated) async function handleSubmit(e: React.FormEvent) { e.preventDefault() @@ -47,6 +49,7 @@ export function Register() { } } catch { if (import.meta.env.VITE_MOCK_AUTH === 'true') { + setAuthenticated(true) navigate('/') } else { setError('Registration failed. Please try again.')