Skip to content

Feat: add qr code plugin and allow hosts and origins in dev#728

Open
JeanneGrenet wants to merge 2 commits into
mainfrom
feat/dev-qr-code
Open

Feat: add qr code plugin and allow hosts and origins in dev#728
JeanneGrenet wants to merge 2 commits into
mainfrom
feat/dev-qr-code

Conversation

@JeanneGrenet

@JeanneGrenet JeanneGrenet commented Mar 18, 2026

Copy link
Copy Markdown
Contributor

Summary by CodeRabbit

  • Chores
    • Added QR code support to the development build pipeline.
    • Simplified the development start process to first generate build info, then launch the dev server.
    • Development authentication now accepts dynamic hosts/origins to ease local testing.

@JeanneGrenet JeanneGrenet self-assigned this Mar 18, 2026
@vercel

vercel Bot commented Mar 18, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
start-ui-web-v3 Ready Ready Preview, Comment Apr 28, 2026 7:46am

Request Review

@JeanneGrenet JeanneGrenet requested review from ivan-dalmet and yoannfleurydev and removed request for ivan-dalmet March 18, 2026 14:35
@coderabbitai

coderabbitai Bot commented Mar 18, 2026

Copy link
Copy Markdown
Contributor

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 3d78a27a-ee76-4884-aef4-d175f2d3f39e

📥 Commits

Reviewing files that changed from the base of the PR and between 182cfb6 and e568131.

⛔ Files ignored due to path filters (1)
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
📒 Files selected for processing (3)
  • package.json
  • src/server/auth.tsx
  • vite.config.ts
✅ Files skipped from review due to trivial changes (1)
  • vite.config.ts
🚧 Files skipped from review as they are similar to previous changes (1)
  • src/server/auth.tsx

Walkthrough

Replace the dev multiprocess script with a direct build-info generation and Vite start; add a Vite QR code plugin; and in DEV widen auth allowedHosts to ['*'] and set trustedOrigins to derive from the incoming request Origin header (production behavior unchanged).

Changes

Cohort / File(s) Summary
Package & Dev Scripts
package.json
Removed dev:app; updated dev from run-p env dev:* to pnpm gen:build-info && vite dev; added vite-plugin-qrcode to devDependencies.
Vite config / Dev tooling
vite.config.ts
Imported vite-plugin-qrcode and appended qrcode() to the Vite plugins array.
Server auth config
src/server/auth.tsx
In DEV, set baseURL.allowedHosts to ['*'] (previously host-based) and changed trustedOrigins to a DEV-only function that returns the request Origin header if present; production behavior still uses envServer.AUTH_TRUSTED_ORIGINS.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

Suggested reviewers

  • ivan-dalmet
  • ntatoud
  • HugoPerard
🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the main changes: adding the QR code plugin and loosening host/origin restrictions in dev mode for authentication.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feat/dev-qr-code

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/server/auth.tsx`:
- Around line 36-41: DEV branch currently echoes any request Origin which
disables origin validation; change the DEV implementation of trustedOrigins so
it only accepts origins that resolve to local addresses (e.g., hostnames
matching localhost, 127.0.0.1, ::1) instead of returning any origin header, and
add a brief inline comment documenting this DEV-only behavior and its relation
to baseURL.allowedHosts; update the anonymous function assigned to
trustedOrigins (the import.meta.env.DEV branch) to parse the origin header,
validate the host against localhost patterns, and return [origin] only if it
matches, otherwise return []; keep production branch using
envServer.AUTH_TRUSTED_ORIGINS unchanged.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 61313a0b-1a6b-406d-858b-3cae8ecbed7c

📥 Commits

Reviewing files that changed from the base of the PR and between 82ed630 and 0b2b95a.

⛔ Files ignored due to path filters (1)
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
📒 Files selected for processing (3)
  • package.json
  • src/server/auth.tsx
  • vite.config.ts

Comment thread src/server/auth.tsx
@sonarqubecloud

Copy link
Copy Markdown

@sonarqubecloud

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants