57e754bb27
Three bugs fixed: 1. Phase 30 (auth.ts): After SRP login the encrypted_key_set was returned from the server but the vault key and RSA private key were never unwrapped with the AUK. keyStore.getVaultKey() was always null, causing Tier 1 config-backup diffs to crash with a TypeError. Fix: unwrap vault key and private key using crypto.subtle.unwrapKey after successful SRP verification. Non-fatal: warns to console if decryption fails so login always succeeds. 2. Token refresh (auth.py): The /refresh endpoint required refresh_token in the request body, but the frontend never stored or sent it. After the 15- minute access token TTL, all authenticated API calls would fail silently because the interceptor sent an empty body and received 422 (not 401), so the retry loop never fired. Fix: login/srpVerify now set an httpOnly refresh_token cookie scoped to /api/auth/refresh. The refresh endpoint now accepts the token from either cookie (preferred) or body (legacy). Logout clears both cookies. RefreshRequest.refresh_token is now Optional to allow empty-body calls. 3. Silent token rotation: the /refresh endpoint now also rotates the refresh token cookie on each use (issues a fresh token), reducing the window for stolen refresh token replay.
React + TypeScript + Vite
This template provides a minimal setup to get React working in Vite with HMR and some ESLint rules.
Currently, two official plugins are available:
- @vitejs/plugin-react uses Babel (or oxc when used in rolldown-vite) for Fast Refresh
- @vitejs/plugin-react-swc uses SWC for Fast Refresh
React Compiler
The React Compiler is not enabled on this template because of its impact on dev & build performances. To add it, see this documentation.
Expanding the ESLint configuration
If you are developing a production application, we recommend updating the configuration to enable type-aware lint rules:
export default defineConfig([
globalIgnores(['dist']),
{
files: ['**/*.{ts,tsx}'],
extends: [
// Other configs...
// Remove tseslint.configs.recommended and replace with this
tseslint.configs.recommendedTypeChecked,
// Alternatively, use this for stricter rules
tseslint.configs.strictTypeChecked,
// Optionally, add this for stylistic rules
tseslint.configs.stylisticTypeChecked,
// Other configs...
],
languageOptions: {
parserOptions: {
project: ['./tsconfig.node.json', './tsconfig.app.json'],
tsconfigRootDir: import.meta.dirname,
},
// other options...
},
},
])
You can also install eslint-plugin-react-x and eslint-plugin-react-dom for React-specific lint rules:
// eslint.config.js
import reactX from 'eslint-plugin-react-x'
import reactDom from 'eslint-plugin-react-dom'
export default defineConfig([
globalIgnores(['dist']),
{
files: ['**/*.{ts,tsx}'],
extends: [
// Other configs...
// Enable lint rules for React
reactX.configs['recommended-typescript'],
// Enable lint rules for React DOM
reactDom.configs.recommended,
],
languageOptions: {
parserOptions: {
project: ['./tsconfig.node.json', './tsconfig.app.json'],
tsconfigRootDir: import.meta.dirname,
},
// other options...
},
},
])