Skip to content

fix: group charter login #298

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 14, 2025
Merged

fix: group charter login #298

merged 1 commit into from
Aug 14, 2025

Conversation

sosweetham
Copy link
Member

@sosweetham sosweetham commented Aug 13, 2025
edited by coderabbitai bot
Loading

Description of change

fixes styling of group charter's login screen

Issue Number

294 but doesnt close

Type of change

  • Fix (a change which fixes an issue)

How the change has been tested

manual

Change checklist

  • I have ensured that the CI Checks pass locally
  • I have removed any unnecessary logic
  • My code is well documented
  • I have signed my commits
  • My code follows the pattern of the application
  • I have self reviewed my code

Summary by CodeRabbit

  • New Features
    • Added a branded header on the login screen with logo, prominent title, and subtitle.
  • Style
    • Redesigned login layout to a centered vertical flow for improved readability and responsiveness.
    • Updated login card to a translucent panel for a lighter, modern look.
    • Refined spacing and visual hierarchy for a cleaner experience.
  • Notes
    • Existing login options, including QR/code flow, remain unchanged.

@sosweetham sosweetham requested a review from coodos as a code owner August 13, 2025 12:27
@coderabbitai coderabbitai
Copy link
Contributor

coderabbitai bot commented Aug 13, 2025
edited
Loading

Walkthrough

The login screen component is redesigned with a new vertical layout, adding a header with a logo, title, and subtitle. The login card becomes a translucent panel. Existing login functionality and component exports remain unchanged. Minor formatting and whitespace updates occur; a class vs. className attribute appears in the new header paragraph.

Changes

Cohort / File(s) Summary
Login UI redesign and minor fixes
platforms/group-charter-manager/src/components/auth/login-screen.tsx		 Reworked layout to vertical flex with centered header; added logo.png, “Group Charter” title, and subtitle; login card styled as translucent white; preserved QR/code login flow and exports; whitespace-only handler adjustments; potential JSX issue: paragraph uses class instead of className.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

Suggested reviewers

  • coodos

Poem

I hop through code with whiskers bright,
A logo gleams in gentle light.
A softer card, a clearer view,
One tiny className to pursue.
Thump-thump! I ship with cheerful cheer—
Log in now, the path is clear. 🥕✨

✨ Finishing Touches
  • 📝 Generate Docstrings
🧪 Generate unit tests
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch fix/group-charter-login

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

  • Visit our Status Page to check the current availability of CodeRabbit.
  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

coderabbitai[bot]
coderabbitai bot reviewed Aug 13, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🔭 Outside diff range comments (2)
platforms/group-charter-manager/src/components/auth/login-screen.tsx (2)

38-71: Ensure SSE is closed on unmount to avoid leaks

If the component unmounts before a message/error, the EventSource stays open. Store it in a ref and close in a cleanup function.

Proposed minimal refactor:

-import { useEffect, useState } from "react";
+import { useEffect, useState, useRef } from "react";
@@
   const router = useRouter();
+  const eventSourceRef = useRef<EventSource | null>(null);
@@
   useEffect(() => {
     initializeAuth();
+    return () => {
+      eventSourceRef.current?.close();
+      eventSourceRef.current = null;
+    };
   }, []);
@@
   const watchEventStream = (sessionId: string) => {
@@
-    const eventSource = new EventSource(sseUrl);
+    const eventSource = new EventSource(sseUrl);
+    eventSourceRef.current = eventSource;
@@
-      eventSource.close();
+      eventSource.close();
+      eventSourceRef.current = null;
@@
       console.error('EventSource error:', error);
-      eventSource.close();
+      eventSource.close();
+      eventSourceRef.current = null;

39-41: Require explicit base URL or default to same-origin to avoid mixed-content/CORS issues

Both apiClient.ts and login-screen.tsx currently fall back to http://localhost:3001 when NEXT_PUBLIC_GROUP_CHARTER_BASE_URL is unset. In production on HTTPS, this leads to mixed-content and CORS failures. Please:

  • Remove the hardcoded http://localhost:3001 fallback and default to the same origin (e.g. window.location.origin) or use a relative base path.
  • Document and include NEXT_PUBLIC_GROUP_CHARTER_BASE_URL in .env.example (and README) so it’s always set in prod.

Files to update:

  • platforms/group-charter-manager/src/lib/apiClient.ts (line 15)
  • platforms/group-charter-manager/src/components/auth/login-screen.tsx (lines 39–41)

Suggested diff:

--- a/src/lib/apiClient.ts
- baseURL: process.env.NEXT_PUBLIC_GROUP_CHARTER_BASE_URL || 'http://localhost:3001',
+ baseURL: process.env.NEXT_PUBLIC_GROUP_CHARTER_BASE_URL ?? window.location.origin,

--- a/src/components/auth/login-screen.tsx
- const baseUrl = process.env.NEXT_PUBLIC_GROUP_CHARTER_BASE_URL || 'http://localhost:3001';
+ const baseUrl = process.env.NEXT_PUBLIC_GROUP_CHARTER_BASE_URL ?? window.location.origin;

Add to .env.example:

NEXT_PUBLIC_GROUP_CHARTER_BASE_URL=https://your-domain.com
🧹 Nitpick comments (4)
platforms/group-charter-manager/src/components/auth/login-screen.tsx (4)

93-101: Improve LCP for the logo image

Above-the-fold brand image can be marked as priority to reduce LCP and avoid lazy loading.

Apply this diff:

                 <Image
                     src="/logo.png"
                     alt="Group Charter Manager Logo"
                     width={50}
                     height={50}
+                    priority
                 />

110-112: Avoid multiple H1s on a single page

There are two h1 elements (Lines 102 and 110). Use a single H1 and demote the card title to H2 for better semantics/a11y.

Apply this diff:

-          <h1 className="text-2xl font-bold text-gray-900 mb-2">
+          <h2 className="text-2xl font-bold text-gray-900 mb-2">
             Group Charter Manager
-          </h1>
+          </h2>

Also applies to: 102-102

108-108: Improve legibility of translucent card

Add a backdrop blur to enhance readability over varied backgrounds when using bg-white/50.

Apply this diff:

-      <div className="bg-white/50 p-8 rounded-lg shadow-lg max-w-md w-full">
+      <div className="bg-white/50 backdrop-blur-md p-8 rounded-lg shadow-lg max-w-md w-full">

54-56: Re-evaluate storing tokens in localStorage

Persisting auth tokens in localStorage increases XSS blast radius. Consider HttpOnly, Secure cookies with SameSite and short-lived access tokens + refresh flow.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8b571ab and 1667adc.

📒 Files selected for processing (1)
  • platforms/group-charter-manager/src/components/auth/login-screen.tsx (4 hunks)
🧰 Additional context used
🧬 Code Graph Analysis (1)
platforms/group-charter-manager/src/components/auth/login-screen.tsx (2)
platforms/eVoting/src/lib/authUtils.ts (2)
  • setAuthId (18-20)
  • setAuthToken (5-7)
platforms/pictique/src/lib/types.ts (1)
  • Image (73-76)
🔇 Additional comments (1)
platforms/group-charter-manager/src/components/auth/login-screen.tsx (1)

151-158: LGTM: clear, user-friendly info panel

Nice touch explaining W3DS and data sovereignty. Readable and consistent with the new visual style.

platforms/group-charter-manager/src/components/auth/login-screen.tsx
Comment on lines 47 to 65
eventSource.onmessage = (e) => {
const data = JSON.parse(e.data);
console.log('Auth data received:', data);

const { user, token } = data;

// Set authentication data
setAuthId(user.id);
setAuthToken(token);

// Close the event source
eventSource.close();

// Set authenticating state
setIsAuthenticating(true);

// Force a page refresh to trigger AuthProvider re-initialization
window.location.reload();
};
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Harden SSE handler: guard parsing, validate payload, and close on error

A malformed/heartbeat SSE event will throw on JSON.parse and leave the stream open. Add try/catch and validate the expected shape before using it.

Apply this diff:

-    eventSource.onmessage = (e) => {
-      const data = JSON.parse(e.data);
-      console.log('Auth data received:', data);
-
-      const { user, token } = data;
-
-      // Set authentication data
-      setAuthId(user.id);
-      setAuthToken(token);
-
-      // Close the event source
-      eventSource.close();
-
-      // Set authenticating state
-      setIsAuthenticating(true);
-
-      // Force a page refresh to trigger AuthProvider re-initialization
-      window.location.reload();
-    };
+    eventSource.onmessage = (e) => {
+      try {
+        const data = JSON.parse(e.data);
+        console.log('Auth data received:', data);
+        const { user, token } = data || {};
+        if (!user?.id || !token) {
+          console.warn('Incomplete auth payload, ignoring:', data);
+          return;
+        }
+        setIsAuthenticating(true);
+        setAuthId(user.id);
+        setAuthToken(token);
+        eventSource.close();
+      } catch (err) {
+        console.error('Failed to parse auth event:', err);
+        eventSource.close();
+      }
+      // Force a page refresh to trigger AuthProvider re-initialization
+      window.location.reload();
+    };
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
eventSource.onmessage = (e) => {
const data = JSON.parse(e.data);
console.log('Auth data received:', data);
const { user, token } = data;
// Set authentication data
setAuthId(user.id);
setAuthToken(token);
// Close the event source
eventSource.close();
// Set authenticating state
setIsAuthenticating(true);
// Force a page refresh to trigger AuthProvider re-initialization
window.location.reload();
};
eventSource.onmessage = (e) => {
try {
const data = JSON.parse(e.data);
console.log('Auth data received:', data);
const { user, token } = data || {};
if (!user?.id || !token) {
console.warn('Incomplete auth payload, ignoring:', data);
return;
}
setIsAuthenticating(true);
setAuthId(user.id);
setAuthToken(token);
eventSource.close();
} catch (err) {
console.error('Failed to parse auth event:', err);
eventSource.close();
}
// Force a page refresh to trigger AuthProvider re-initialization
window.location.reload();
};
🤖 Prompt for AI Agents 
In platforms/group-charter-manager/src/components/auth/login-screen.tsx around
lines 47 to 65, the SSE onmessage handler currently calls JSON.parse and assumes
the payload shape which can throw or lead to misuse on malformed/heartbeat
events; wrap parsing in a try/catch, treat empty or non-JSON data as a heartbeat
and ignore it, validate that the parsed object has the expected user and token
properties (user.id and token) before calling setAuthId/setAuthToken, and ensure
eventSource.close() is invoked both on successful authentication and in the
catch/error path; also log parse/validation errors and avoid calling
window.location.reload() unless authentication was successfully set.

platforms/group-charter-manager/src/components/auth/login-screen.tsx
Comment on lines +104 to +106
<p class="text-gray-600">
Coordinate your group in the MetaState
</p>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Fix JSX attribute: use className, not class

React/TSX doesn’t recognize the HTML class attribute. This will error at compile/runtime.

Apply this diff:

-            <p class="text-gray-600">
+            <p className="text-gray-600">
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
<p class="text-gray-600">
Coordinate your group in the MetaState
</p>
<p className="text-gray-600">
Coordinate your group in the MetaState
</p>
🤖 Prompt for AI Agents 
In platforms/group-charter-manager/src/components/auth/login-screen.tsx around
lines 104 to 106, the JSX uses the HTML attribute "class" which React/TSX
doesn't accept; change the attribute to "className" on the <p> element (and any
other JSX elements in that range) so it compiles correctly (e.g., replace
class="text-gray-600" with className="text-gray-600").

@coodos coodos merged commit 144cfc9 into main Aug 14, 2025
2 of 4 checks passed
@coodos coodos deleted the fix/group-charter-login branch August 14, 2025 07:36
@coderabbitai coderabbitai bot mentioned this pull request Sep 10, 2025
Open
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@coodos coodos coodos approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sosweetham @coodos