chore: dev #90
chore: dev #90
Conversation
|
🚀 Deployed on https://deploy-preview-90--psumaps-miniapp.netlify.app |
There was a problem hiding this comment.
Pull request overview
This PR implements a significant refactoring of the authentication system, transitioning from direct iCal token usage to a JWT-based authentication flow with iCal tokens being exchanged for JWTs. The PR also includes Docker infrastructure setup and various maintenance improvements.
Changes:
- Implemented JWT token exchange system with new authClient, separating iCal tokens from JWT tokens in the context API
- Added Docker deployment infrastructure (Dockerfile, docker-compose.yaml, nginx.conf, GitHub Actions workflow)
- Updated map asset paths and font names, removed unused environment variables
Reviewed changes
Copilot reviewed 21 out of 25 changed files in this pull request and generated 9 comments.
Show a summary per file
| File | Description |
|---|---|
| shared/src/network/httpClient/authClient.ts | New client for JWT token exchange and validation |
| shared/src/contexts/IcalTokenContext.tsx | Refactored to manage both iCal and JWT tokens separately with automatic token exchange |
| shared/src/network/httpClient/mapiClient.ts | Removed validateIcal method, updated parameter names to jwtToken |
| shared/src/network/httpClient/index.ts | Added authClient export |
| web/src/pages/map/mapUtils.ts | Removed Authorization header from tile requests |
| web/src/pages/map/contexts/MapContext.tsx | Updated to use jwtToken instead of token |
| web/src/pages/map/components/PoiHandler.tsx | Updated to use jwtToken instead of token |
| web/src/mapEngine/mapConfig.ts | Removed 'assets/' prefix from sprite and font paths |
| web/src/mapEngine/layers.ts | Updated font name from 'DIN Offc Pro Medium' to 'DINPro Medium' |
| web/src/vite-env.d.ts | Removed VITE_URL_INDOOREQUAL_TILES and VITE_MAPTILES_STYLE_KEY |
| shared/src/components/timetable/index.tsx | Updated to use icalToken for timetable API calls |
| shared/src/components/timetable/feedClasses.tsx | Updated to use icalToken instead of token |
| shared/src/components/settings/IcalTokenInput.tsx | Updated to use icalToken for display |
| shared/src/components/map/searchPopUp/search/index.tsx | Updated to use jwtToken for search API calls |
| shared/src/hooks/useLocationHash.ts | Updated to use jwtToken instead of token |
| web/src/app/router.tsx | Code formatting improvements (spacing consistency) |
| shared/.storybook/preview.js | Code formatting improvements (spacing in import) |
| package.json | Version bump from 1.1.1 to 1.2.0 |
| package-lock.json | Version update to match package.json |
| .env | Removed VITE_MAPTILES_STYLE_KEY and VITE_URL_MAPTILER_STYLE |
| Dockerfile | New multi-stage build configuration for web application |
| docker-compose.yaml | New service configuration for local development |
| nginx.conf | New nginx configuration with security headers and caching |
| .dockerignore | New file to exclude unnecessary files from Docker build |
| .github/workflows/docker-build.yaml | New CI/CD workflow for building and pushing Docker images |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| .lintstagedrc.json | ||
| eslint.config.js | ||
| tsconfig*.json | ||
| vite.config.ts |
There was a problem hiding this comment.
The .dockerignore file excludes vite.config.ts, which is essential for the Vite build process. The Dockerfile runs 'npm run build --prefix web' which requires this configuration file. Remove 'vite.config.ts' from .dockerignore to ensure the build works correctly.
| vite.config.ts |
| .eslintignore | ||
| .lintstagedrc.json | ||
| eslint.config.js | ||
| tsconfig*.json |
There was a problem hiding this comment.
The .dockerignore file excludes tsconfig*.json files, but these are typically required for the TypeScript build process. The Dockerfile runs 'npm run build --prefix web' which likely needs these configuration files. Consider removing 'tsconfig*.json' from .dockerignore or verify that the build works without these files.
| tsconfig*.json |
| sprite: `${import.meta.env.VITE_URL_MAP_ASSETS}sprite/indoorequal`, | ||
| glyphs: `${import.meta.env.VITE_URL_MAP_ASSETS}font/{fontstack}/{range}`, |
There was a problem hiding this comment.
The sprite and font paths have been changed to remove the 'assets/' prefix. Ensure that the backend server serving these resources has been updated to match these new paths, or that the resources are available at both the old and new paths during a transition period. If the backend hasn't been updated, maps will fail to load sprites and fonts.
|
|
||
| void initializeToken(); | ||
| }, [storage, validateToken]); | ||
| }, [storage, exchangeToken]); |
There was a problem hiding this comment.
The useEffect dependency array is incomplete. The effect uses 'validateToken' on line 175, but only includes 'exchangeToken' in the dependency array. This violates the React hooks exhaustive-deps rule and could lead to stale closures. Add 'validateToken' to the dependency array.
| }, [storage, exchangeToken]); | |
| }, [storage, exchangeToken, validateToken]); |
| cache-to: type=gha,mode=max | ||
|
|
||
| - name: Image digest | ||
| run: echo ${{ steps.build.outputs.digest }} |
There was a problem hiding this comment.
The workflow references 'steps.build.outputs.digest' but the 'Build and push Docker image' step doesn't have an 'id' field. Add 'id: build' to the 'Build and push Docker image' step to make this reference work, or remove this line if the digest output is not needed.
| VITE_URL_BIND_ETIS: https://student.psu.ru/ | ||
| VITE_URL_TG_GROUP: https://t.me/psumaps | ||
| VITE_URL_SUPPORT: https://t.me/psumaps_sbot?start=vkmapp | ||
| VITE_URL_VK_APP: https://m.vk.com/app51764300 |
There was a problem hiding this comment.
The Dockerfile defines build arguments VITE_URL_PSU_TOOLS_API (line 22) and the vite-env.d.ts requires both VITE_PSU_TOOLS_KEY and VITE_URL_PSU_TOOLS_API, but the docker-compose.yaml file doesn't provide either of these build arguments. This will cause builds using docker-compose to have undefined environment variables. Either add these variables to docker-compose.yaml or remove them from the Dockerfile if they're optional.
| VITE_URL_VK_APP: https://m.vk.com/app51764300 | |
| VITE_URL_VK_APP: https://m.vk.com/app51764300 | |
| VITE_URL_PSU_TOOLS_API: ${VITE_URL_PSU_TOOLS_API} | |
| VITE_PSU_TOOLS_KEY: ${VITE_PSU_TOOLS_KEY} |
| const result = await httpClient.auth.validateJwt(tokenToValidate); | ||
|
|
||
| setIsServiceAvailable(true); | ||
| // Обработка всех возможных результатов от mapiClient.validateIcal |
There was a problem hiding this comment.
The comment references 'mapiClient.validateIcal' which has been removed and replaced with 'httpClient.auth.validateJwt'. Update the comment to reflect the current implementation.
| // Обработка всех возможных результатов от mapiClient.validateIcal | |
| // Обработка всех возможных результатов от httpClient.auth.validateJwt |
| httpClient.tile.getTile(url, { | ||
| Authorization: `Bearer ${token}`, | ||
| }), | ||
| queryFn: async () => httpClient.tile.getTile(url), |
There was a problem hiding this comment.
The Authorization header has been removed from the tile request. If private tiles require authentication, this change will cause authentication to fail. The tileClient still accepts an optional Authorization header parameter, but it's no longer being passed. Either update tileClient to remove the unused parameter, or pass the JWT token if authentication is required for private tiles.
| queryFn: async () => httpClient.tile.getTile(url), | |
| queryFn: async () => httpClient.tile.getTile(url, token), |
| add_header X-Frame-Options "SAMEORIGIN" always; | ||
| add_header X-Content-Type-Options "nosniff" always; | ||
| add_header X-XSS-Protection "1; mode=block" always; | ||
| add_header Referrer-Policy "strict-origin-when-cross-origin" always; |
There was a problem hiding this comment.
The nginx configuration lacks a Content-Security-Policy header, which is an important security measure for web applications. Consider adding a CSP header to protect against XSS attacks and other code injection vulnerabilities. For example: 'add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';" always;'
| add_header Referrer-Policy "strict-origin-when-cross-origin" always; | |
| add_header Referrer-Policy "strict-origin-when-cross-origin" always; | |
| add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';" always; |
No description provided.