auth cleanup

Author: stevensJourney

demos/react-convex-todolist/convex/schema.ts

@@ -7,7 +7,7 @@ export default defineSchema({
   lists: defineTable({
     created_at: v.string(),
     name: v.string(),
-    owner_id: v.string(),
+    owner_id: v.id('users'),
     notes: v.optional(v.string()),
     priority: v.optional(v.number()),
     tags: v.optional(v.array(v.string())),

demos/react-convex-todolist/convex/todos.ts

@@ -19,13 +19,20 @@ const findTodoByUuid = async (params: { db: DatabaseReader; uuid: string }) => {
     .first();
 };
 
+/**
+ * Public todo mutations use `list_uuid` from the local-first client and resolve
+ * the Convex `list_id` server-side after checking list ownership. This keeps
+ * callers from directly assigning a todo to an arbitrary Convex list document.
+ */
+const publicTodoValidator = schema.tables.todos.validator.omit('list_id');
+
 /**
  * Create a todo record given its record data.
  * The `list_id` is resolved here on the backend.
  */
 export const create = mutation({
   // This does not include an `id` field. The local uuid is presented in the `uuid` field
-  args: schema.tables.todos.validator.omit('list_id'),
+  args: publicTodoValidator,
   handler: async (ctx, args) => {
     const { db } = ctx;
     const ownerId = await requireOwnerId(ctx);
@@ -48,7 +55,7 @@ export const create = mutation({
  */
 export const update = mutation({
   // The uuid is required, every other field is an optional patch
-  args: v.object({ uuid: v.string() }).extend(schema.tables.todos.validator.partial().fields),
+  args: v.object({ uuid: v.string() }).extend(publicTodoValidator.partial().fields),
   handler: async (ctx, { uuid, ...fields }) => {
     const { db } = ctx;
     const ownerId = await requireOwnerId(ctx);
@@ -62,16 +69,17 @@ export const update = mutation({
     }
     assertListOwner(currentList, ownerId);
 
+    const patch: Partial<typeof matching> = fields;
     if (fields.list_uuid !== undefined) {
       const nextList = await findListByUuid({ db, uuid: fields.list_uuid });
       if (!nextList) {
         throw mutationError(MUTATION_ERROR_CODES.NOT_FOUND, `No matching list found for uuid=${fields.list_uuid}`);
       }
       assertListOwner(nextList, ownerId);
-      fields.list_id = nextList._id;
+      patch.list_id = nextList._id;
     }
 
-    await db.patch(matching._id, fields);
+    await db.patch(matching._id, patch);
   }
 });
 

demos/react-convex-todolist/src/components/providers/SystemProvider.tsx

@@ -5,7 +5,7 @@ import { useAuthToken } from '@convex-dev/auth/react';
 import { CircularProgress } from '@mui/material';
 import { PowerSyncContext } from '@powersync/react';
 import { PowerSyncDatabase } from '@powersync/web';
-import { useConvex } from 'convex/react';
+import { useConvex, useConvexAuth } from 'convex/react';
 import Logger from 'js-logger';
 import React, { Suspense } from 'react';
 
@@ -31,26 +31,24 @@ export const useConnector = () => React.useContext(ConnectorContext);
 
 const AuthAwareSystemProvider = ({ children }: { children: React.ReactNode }) => {
   const authToken = useAuthToken();
+  const { isAuthenticated } = useConvexAuth();
   const convexClient = useConvex();
   const [connector] = React.useState(() => new DemoConnector({ convexClient }));
 
   // Update connector with current auth token
   React.useEffect(() => {
-    if (authToken) {
-      console.log('[Convex] JWT token:', authToken);
-    }
     connector.setAuthToken(authToken);
   }, [authToken, connector]);
 
   React.useEffect(() => {
-    if (authToken) {
+    if (authToken && isAuthenticated) {
       // Connect PowerSync when authenticated
       powerSync.connect(connector);
     } else {
       // Disconnect PowerSync when not authenticated
       powerSync.disconnect();
     }
-  }, [authToken, connector]);
+  }, [authToken, connector, isAuthenticated]);
 
   return (
     <Suspense fallback={<CircularProgress />}>