groombook/app
Archived
13
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(gro-56): guard dev login page behind import.meta.env.DEV

Browse Source 
The DevLoginSelector page (including the "Continue as default dev user"
button) was rendering in production when AUTH_DISABLED=true. This guards
the /login route so the page only renders in Vite development mode
(import.meta.env.DEV). Also removes the skip-login button entirely since
it bypassed user selection without any identity assertion.

- Guard /login route with import.meta.env.DEV in App.tsx
- Remove skipLogin button from DevLoginSelector.tsx
- Add vite/client types to web tsconfig
- Remove corresponding e2e test

Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Flea Flicker
2026-03-27 01:10:34 +00:00
parent eeda5099be
commit cd5feb1a14
4 changed files with 4 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apps/e2e/tests/login.spec.ts
-8
View File
@@ -55,14 +55,6 @@ test.describe("DevLoginSelector", () => {
expect(JSON.parse(devUser!)).toMatchObject({ type: "client", id: "client-1", name: "Carol Client" }); expect(JSON.parse(devUser!)).toMatchObject({ type: "client", id: "client-1", name: "Carol Client" });
}); });
test("skip login removes dev-user and navigates to /admin", async ({ page }) => {
await page.goto("/login");
await page.getByText("Continue as default dev user").click();
await expect(page).toHaveURL("/admin");
const devUser = await page.evaluate(() => localStorage.getItem("dev-user"));
expect(devUser).toBeNull();
});
test("no users available shows empty sections", async ({ page }) => { test("no users available shows empty sections", async ({ page }) => {
await page.route("**/api/dev/users", (route) => await page.route("**/api/dev/users", (route) =>
route.fulfill({ json: { staff: [], clients: [] } }) route.fulfill({ json: { staff: [], clients: [] } })
apps/web/src/App.tsx
+2 -2
View File
@@ -141,8 +141,8 @@ export function App() {
.catch(() => setAuthDisabled(false)); .catch(() => setAuthDisabled(false));
}, []); }, []);
// Show login selector page // Show login selector page (only in development)
if (location.pathname === "/login") { if (import.meta.env.DEV && location.pathname === "/login") {
return <DevLoginSelector />; return <DevLoginSelector />;
} }
apps/web/src/pages/DevLoginSelector.tsx
-20
View File
@@ -36,11 +36,6 @@ export function DevLoginSelector() {
navigate(type === "staff" ? "/admin" : "/"); navigate(type === "staff" ? "/admin" : "/");
} }
function skipLogin() {
localStorage.removeItem("dev-user");
navigate("/admin");
}
if (loading) { if (loading) {
return ( return (
<div style={containerStyle}> <div style={containerStyle}>
@@ -94,11 +89,6 @@ export function DevLoginSelector() {
))} ))}
</div> </div>
<div style={{ marginTop: "1.5rem", textAlign: "center" }}>
<button onClick={skipLogin} style={skipButtonStyle}>
Continue as default dev user
</button>
</div>
</div> </div>
</div> </div>
); );
@@ -157,13 +147,3 @@ const userButtonStyle: React.CSSProperties = {
textAlign: "left", textAlign: "left",
transition: "border-color 0.15s, background 0.15s", transition: "border-color 0.15s, background 0.15s",
}; };
const skipButtonStyle: React.CSSProperties = {
padding: "0.5rem 1.25rem",
border: "1px solid #d1d5db",
borderRadius: 6,
background: "transparent",
cursor: "pointer",
fontSize: 13,
color: "#6b7280",
};
apps/web/tsconfig.json
+2 -1
View File
@@ -7,7 +7,8 @@
"jsx": "react-jsx", "jsx": "react-jsx",
"strict": true, "strict": true,
"noUncheckedIndexedAccess": true, "noUncheckedIndexedAccess": true,
"skipLibCheck": true "skipLibCheck": true,
"types": ["vite/client"]
}, },
"include": ["src"] "include": ["src"]
} }