Login logout flow#7
Conversation
|
Cursor Agent can help with this pull request. Just |
| OAUTH_KV: KVNamespace; | ||
| APP_DB: D1Database; | ||
| ASSETS: Fetcher; | ||
| COOKIE_SECRET: string; |
There was a problem hiding this comment.
@cursoragent I think this got removed because you did not cp .env.example to .env. That should be in the instructions and you should do that when creating a new environment before starting any work. Could you please update the instructions to do this? Don't update any scripts. Just make sure the instructions are clear that this needs to be done upon setup of the environment.
There was a problem hiding this comment.
Summary
- Clarified agent setup to copy
.env.exampleto.envbefore dev/tests.【F:AGENTS.md†L10-L18】 - Strengthened local dev instructions to copy
.env.examplebefore starting work.【F:docs/agents/setup.md†L14-L22】
Testing
⚠️ Not run (documentation-only change).
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
|
Bugbot Autofix prepared fixes for 1 of the 1 bugs found in the latest run.
|
| OAUTH_KV: KVNamespace; | ||
| APP_DB: D1Database; | ||
| ASSETS: Fetcher; | ||
| COOKIE_SECRET: string; |
There was a problem hiding this comment.
COOKIE_SECRET removed from worker environment types
High Severity
The COOKIE_SECRET binding was accidentally removed from Cloudflare.Env and the NodeJS.ProcessEnv extension was also removed. The codebase relies on COOKIE_SECRET in server/handler.ts via appEnv.COOKIE_SECRET, and the Zod schema in types/env-schema.ts still validates its presence. This breaks TypeScript type safety — code accessing the cookie secret will now have type errors or lose type checking. As noted in the PR discussion, this happened because .env.example wasn't copied to .env before running wrangler types.
| ## Agent setup | ||
|
|
||
| - Install dependencies with `bun install`. | ||
| - Copy `.env.example` to `.env` before running dev or tests. |
There was a problem hiding this comment.
@cursor, great job, now do this and undo your changes to the worker-configuration.d.ts file.
There was a problem hiding this comment.
Bugbot Autofix prepared fixes for 1 of the 1 bugs found in the latest run.
- ✅ Fixed: COOKIE_SECRET removed from worker environment types
- Regenerated the Wrangler types with COOKIE_SECRET present, restoring the Cloudflare.Env and NodeJS.ProcessEnv declarations.
Co-authored-by: Kent C. Dodds <me+github@kentcdodds.com>
Co-authored-by: Kent C. Dodds <me+github@kentcdodds.com>
Co-authored-by: Kent C. Dodds <me+github@kentcdodds.com>
kentcdodds
force-pushed
the
cursor/login-logout-flow-b166
branch
from
4441336 to
0e30adf
Compare
2 participants
Implement session-aware homepage navigation, enforce authentication redirects for account/login/signup pages, and add a functional logout feature.
Note
Medium Risk
Touches authentication/session cookie handling and redirect behavior; mistakes could cause open redirects, broken login routing, or sessions not clearing correctly.
Overview
Adds session-aware auth flow across client and worker. The client
Appnow fetches/sessionto render nav links as eitherLogin/Signupor the signed-in email linking to/account, and the login form honors a saferedirectToquery param after successful auth.On the server, introduces
/loginand/signuphandlers that redirect authenticated users to/account, adds a/sessionJSON endpoint, and adds a POST/logoutthat clears the auth cookie. Unauthenticated/accountrequests now redirect to/loginwith a validatedredirectToback to the originally requested path, and Playwright E2E coverage is added for redirect + logout behavior.Written by Cursor Bugbot for commit 0e30adf. This will update automatically on new commits. Configure here.