npm - @cytario/web - Versions diffs - 2.1.4 → 2.1.5 - Mend

@cytario/web 2.1.4 → 2.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (202) hide show

package/README.md CHANGED Viewed

@@ -15,16 +15,16 @@ For the hosted product, see [cytario.com](https://www.cytario.com).
 ## Architecture
-| Layer | Technology |
-|-------|------------|
-| Framework | React Router v7 (SSR), React 19, Vite 6 |
-| Language | TypeScript (strict mode) |
-| Visualization | deck.gl, Viv, DuckDB-WASM, Apache Arrow |
-| Styling | Tailwind CSS, [@cytario/design](https://github.com/cytario/cytario-design) |
-| Auth | OAuth 2.0 via Keycloak, STS for S3 credentials |
-| Database | PostgreSQL (Prisma ORM), Redis/Valkey (sessions) |
-| Cloud | AWS SDK v3 (S3, STS), presigned URLs |
-| CI/CD | GitHub Actions, semantic-release, GHCR |
+| Layer         | Technology                                                                 |
+| ------------- | -------------------------------------------------------------------------- |
+| Framework     | React Router v7 (SSR), React 19, Vite 6                                    |
+| Language      | TypeScript (strict mode)                                                   |
+| Visualization | deck.gl, Viv, DuckDB-WASM, Apache Arrow                                    |
+| Styling       | Tailwind CSS, [@cytario/design](https://github.com/cytario/cytario-design) |
+| Auth          | OAuth 2.0 via Keycloak, STS for S3 credentials                             |
+| Database      | PostgreSQL (Prisma ORM), Redis/Valkey (sessions)                           |
+| Cloud         | AWS SDK v3 (S3, STS), presigned URLs                                       |
+| CI/CD         | GitHub Actions, semantic-release, GHCR                                     |
 ## Plugin model
@@ -133,11 +133,11 @@ package's default export must satisfy the
 ### CLI
-| Command | Behaviour |
-|---|---|
+| Command             | Behaviour                                                                                                |
+| ------------------- | -------------------------------------------------------------------------------------------------------- |
 | `cytario-web build` | Codegen (Vite plugin reads `CYTARIO_PLUGINS`) + `react-router build` against the installed package root. |
-| `cytario-web dev` | Codegen + `react-router dev`. Extra args (`--port`, `--host`, …) are forwarded. |
-| `cytario-web start` | `NODE_ENV=production node server.ts` against the bundled `build/server/index.js`. |
+| `cytario-web dev`   | Codegen + `react-router dev`. Extra args (`--port`, `--host`, …) are forwarded.                          |
+| `cytario-web start` | `NODE_ENV=production node server.ts` against the bundled `build/server/index.js`.                        |
 All subcommands operate against `@cytario/web`'s own install directory;
 the consumer never needs to know the on-disk layout.
@@ -213,12 +213,12 @@ cd devenv
 podman kube play local-deployment.yaml
 ```
-| Service | Port | Description |
-|---------|------|-------------|
-| Keycloak | 8080 | Identity provider (admin/admin) |
-| MinIO | 9000, 9001 | S3-compatible object storage |
-| PostgreSQL | 5433 | Application database |
-| Valkey | 6379 | Session cache (Redis-compatible) |
+| Service    | Port       | Description                      |
+| ---------- | ---------- | -------------------------------- |
+| Keycloak   | 8080       | Identity provider (admin/admin)  |
+| MinIO      | 9000, 9001 | S3-compatible object storage     |
+| PostgreSQL | 5433       | Application database             |
+| Valkey     | 6379       | Session cache (Redis-compatible) |
 To stop: `podman kube down devenv/local-deployment.yaml`

package/app/.server/auth/README.md CHANGED Viewed

@@ -2,11 +2,11 @@
 OAuth 2.0 Authorization Code Flow against Keycloak. Session cookies are httpOnly, secure, SameSite=Lax; session data lives in Redis/Valkey. STS `AssumeRoleWithWebIdentity` mints per-connection S3 credentials using the user's Keycloak idToken.
-| Module | Responsibility |
-|---|---|
-| `sessionMiddleware.ts` | Resolve session cookie → session store entry. |
-| `authMiddleware.ts` | Refresh tokens if needed; populate `authContext` for downstream loaders. |
-| `getSessionCredentials.ts` | Mint STS credentials per connection. |
-| `verifyIdToken.ts` | JWKS-based idToken signature/expiry verification. |
-| `getS3Client.ts` | Build an SDK-v3 S3 client with the connection's signed credentials. |
-| `keycloakAdmin/` | Service-account-backed admin API for user/group management. |
+| Module                     | Responsibility                                                           |
+| -------------------------- | ------------------------------------------------------------------------ |
+| `sessionMiddleware.ts`     | Resolve session cookie → session store entry.                            |
+| `authMiddleware.ts`        | Refresh tokens if needed; populate `authContext` for downstream loaders. |
+| `getSessionCredentials.ts` | Mint STS credentials per connection.                                     |
+| `verifyIdToken.ts`         | JWKS-based idToken signature/expiry verification.                        |
+| `getS3Client.ts`           | Build an SDK-v3 S3 client with the connection's signed credentials.      |
+| `keycloakAdmin/`           | Service-account-backed admin API for user/group management.              |

package/app/.server/auth/authMiddleware.ts CHANGED Viewed

@@ -4,11 +4,7 @@ import { getSessionData } from "./getSession";
 import { getAllSessionCredentials } from "./getSessionCredentials";
 import { refreshAccessTokenWithLock } from "./refreshAuthTokens";
 import { sessionContext } from "./sessionMiddleware";
-import {
-  type CytarioSession,
-  type SessionData,
-  sessionStorage,
-} from "./sessionStorage";
+import { type CytarioSession, type SessionData, sessionStorage } from "./sessionStorage";
 import { verifyIdToken } from "./verifyIdToken";
 import { ConnectionConfig } from "~/.generated/client";
 import { createLabel } from "~/.server/logging";
@@ -52,10 +48,7 @@ const fetchAllCredentials = async (
 ): Promise<{ sessionData: SessionData; connectionConfigs: ConnectionConfig[] }> => {
   const connectionConfigs = await listConnections(sessionData.user);
-  const newCredentials = await getAllSessionCredentials(
-    sessionData,
-    connectionConfigs,
-  );
+  const newCredentials = await getAllSessionCredentials(sessionData, connectionConfigs);
   return {
     sessionData: {
@@ -72,18 +65,13 @@ const fetchAllCredentials = async (
  * Sets validated session data in authContext for downstream use.
  * Export this from protected routes that require authentication.
  */
-export const authMiddleware: MiddlewareFunction = async (
-  { request, context },
-  next,
-) => {
+export const authMiddleware: MiddlewareFunction = async ({ request, context }, next) => {
   console.info(`${label} ${request.method} ${request.url}`);
   const session = context.get(sessionContext);
   if (!session) {
-    throw new Error(
-      "Session not found in context. Ensure sessionMiddleware runs first.",
-    );
+    throw new Error("Session not found in context. Ensure sessionMiddleware runs first.");
   }
   const sessionData = await getSessionData(session);
@@ -116,10 +104,7 @@ export const authMiddleware: MiddlewareFunction = async (
       let newAuthTokens;
       try {
-        newAuthTokens = await refreshAccessTokenWithLock(
-          session.id,
-          authTokens.refreshToken,
-        );
+        newAuthTokens = await refreshAccessTokenWithLock(session.id, authTokens.refreshToken);
       } catch (error) {
         console.error(`${label} Token refresh failed:`, error);
       }
@@ -127,11 +112,10 @@ export const authMiddleware: MiddlewareFunction = async (
       if (newAuthTokens) {
         session.set("authTokens", newAuthTokens);
-        const { sessionData: withCredentials, connectionConfigs } =
-          await fetchAllCredentials({
-            ...updatedSessionData,
-            authTokens: newAuthTokens,
-          });
+        const { sessionData: withCredentials, connectionConfigs } = await fetchAllCredentials({
+          ...updatedSessionData,
+          authTokens: newAuthTokens,
+        });
         updatedSessionData = withCredentials;
         session.set("credentials", updatedSessionData.credentials);

package/app/.server/auth/exchangeAuthCode.ts CHANGED Viewed

@@ -19,9 +19,7 @@ export const exchangeAuthCode = async (
       method: "POST",
       headers: {
         "Content-Type": "application/x-www-form-urlencoded",
-        Authorization: `Basic ${Buffer.from(
-          `${clientId}:${clientSecret}`,
-        ).toString("base64")}`,
+        Authorization: `Basic ${Buffer.from(`${clientId}:${clientSecret}`).toString("base64")}`,
       },
       body: new URLSearchParams({
         grant_type: "authorization_code",
@@ -32,9 +30,7 @@ export const exchangeAuthCode = async (
     });
     if (!tokenResponse.ok) {
-      throw new Error(
-        `Token exchange failed: ${tokenResponse.status}`,
-      );
+      throw new Error(`Token exchange failed: ${tokenResponse.status}`);
     }
     const json = await tokenResponse.json();

package/app/.server/auth/getS3Client.ts CHANGED Viewed

@@ -24,17 +24,11 @@ const s3ClientCache = new LRUCache<string, CacheEntry>({
 /**
  * Creates a unique cache key scoped to user, bucket, and credential identity.
  */
-const createCacheKey = (
-  userId: string,
-  bucketName: string,
-  credentials: Credentials,
-): string => {
+const createCacheKey = (userId: string, bucketName: string, credentials: Credentials): string => {
   // Hash credentials to detect when they change (e.g., after refresh)
   const credHash = crypto
     .createHash("sha256")
-    .update(
-      `${credentials.AccessKeyId}:${credentials.SecretAccessKey}:${credentials.SessionToken}`,
-    )
+    .update(`${credentials.AccessKeyId}:${credentials.SecretAccessKey}:${credentials.SessionToken}`)
     .digest("hex")
     .substring(0, 16);
@@ -89,10 +83,7 @@ export const getS3Client = async (
 };
 /** Remove all cached S3 clients for a given user + bucket (e.g. after config change). */
-export const invalidateS3ClientsForBucket = (
-  userId: string,
-  bucketName: string,
-): void => {
+export const invalidateS3ClientsForBucket = (userId: string, bucketName: string): void => {
   for (const key of s3ClientCache.keys()) {
     const entry = s3ClientCache.peek(key);
     if (entry && entry.userId === userId && entry.bucketName === bucketName) {
@@ -100,4 +91,3 @@ export const invalidateS3ClientsForBucket = (
     }
   }
 };

package/app/.server/auth/getSessionCredentials.ts CHANGED Viewed

@@ -1,22 +1,13 @@
-import {
-  AssumeRoleWithWebIdentityCommand,
-  Credentials,
-  STSClient,
-} from "@aws-sdk/client-sts";
-import {
-  type ConnectionsCredentials,
-  type SessionData,
-} from "./sessionStorage";
+import { AssumeRoleWithWebIdentityCommand, Credentials, STSClient } from "@aws-sdk/client-sts";
+import { type ConnectionsCredentials, type SessionData } from "./sessionStorage";
 import { ConnectionConfig } from "~/.generated/client";
 import { createLabel } from "~/.server/logging";
 import { getS3ProviderConfig } from "~/utils/s3Provider";
 const label = createLabel("credentials", "cyan");
-export const isValidCredentials = (
-  credentials?: { Expiration?: Date },
-): boolean => {
+export const isValidCredentials = (credentials?: { Expiration?: Date }): boolean => {
   if (!credentials?.Expiration) return false;
   // Check if credentials are expired (with 5 minute buffer)
@@ -91,9 +82,7 @@ export const getAllSessionCredentials = async (
     return sessionData.credentials;
   }
-  console.info(
-    `${label} Fetching credentials for ${stale.length} connection(s)`,
-  );
+  console.info(`${label} Fetching credentials for ${stale.length} connection(s)`);
   const roleSessionName = sanitizeRoleSessionName(sessionData.user.name);
@@ -114,10 +103,7 @@ export const getAllSessionCredentials = async (
     if (result.status === "fulfilled") {
       newCredentials[result.value.name] = result.value.credentials;
     } else {
-      console.warn(
-        `${label} Failed to fetch credentials for a connection:`,
-        result.reason,
-      );
+      console.warn(`${label} Failed to fetch credentials for a connection:`, result.reason);
     }
   }

package/app/.server/auth/getUserInfo.ts CHANGED Viewed

@@ -48,9 +48,7 @@ function enrichUserProfile(raw: UserProfileRaw): UserProfile {
 }
 /** Retrieves and enriches user profile data from Keycloak. */
-export const getUserInfo = async (
-  accessToken: string,
-): Promise<UserProfile> => {
+export const getUserInfo = async (accessToken: string): Promise<UserProfile> => {
   try {
     const wellKnownEndpoints = await getWellKnownEndpoints();
     const { userinfo_endpoint } = wellKnownEndpoints;
@@ -63,9 +61,7 @@ export const getUserInfo = async (
     if (!response.ok) {
       const errorText = await response.text();
-      throw new Error(
-        `UserInfo fetch failed: ${response.status} - ${errorText}`,
-      );
+      throw new Error(`UserInfo fetch failed: ${response.status} - ${errorText}`);
     }
     const rawUserProfile = await response.json();

package/app/.server/auth/keycloakAdmin/client.ts CHANGED Viewed

@@ -27,16 +27,9 @@ export class KeycloakAdminError extends Error {
   }
 }
-const adminApiBaseUrl = cytarioConfig.auth.baseUrl.replace(
-  "/realms/",
-  "/admin/realms/",
-);
+const adminApiBaseUrl = cytarioConfig.auth.baseUrl.replace("/realms/", "/admin/realms/");
-async function adminRequest(
-  method: string,
-  path: string,
-  body?: unknown,
-): Promise<Response> {
+async function adminRequest(method: string, path: string, body?: unknown): Promise<Response> {
   const accessToken = await getAdminToken();
   const response = await fetch(`${adminApiBaseUrl}${path}`, {

package/app/.server/auth/keycloakAdmin/groups.ts CHANGED Viewed

@@ -61,9 +61,7 @@ export function flattenGroups(groups: KeycloakGroup[]): string[] {
  * For each admin scope, finds the exact group by path and flattens its descendants.
  * Uses findGroupByPath instead of search to avoid returning unrelated groups.
  */
-export async function getManageableScopes(
-  user: UserProfile,
-): Promise<string[]> {
+export async function getManageableScopes(user: UserProfile): Promise<string[]> {
   if (user.adminScopes.length === 0) return [];
   const allScopes = new Set<string>();
@@ -78,10 +76,7 @@ export async function getManageableScopes(
         }
       }
     } catch (error) {
-      console.warn(
-        `Failed to fetch group tree for admin scope "${adminScope}":`,
-        error,
-      );
+      console.warn(`Failed to fetch group tree for admin scope "${adminScope}":`, error);
     }
   }
@@ -91,9 +86,7 @@ export async function getManageableScopes(
 /**
  * Finds a Keycloak group by its normalized path (e.g. "cytario/lab").
  */
-export async function findGroupByPath(
-  scope: string,
-): Promise<KeycloakGroup | undefined> {
+export async function findGroupByPath(scope: string): Promise<KeycloakGroup | undefined> {
   const topLevel = scope.split("/")[0];
   const groups = await fetchGroups(topLevel);
   const targetPath = `/${scope}`;
@@ -185,11 +178,7 @@ export async function createGroup(
     throw new KeycloakAdminError(404, `Parent group not found: ${parentScope}`);
   }
-  const response = await adminMutate(
-    "POST",
-    `/groups/${parent.id}/children`,
-    { name },
-  );
+  const response = await adminMutate("POST", `/groups/${parent.id}/children`, { name });
   const location = response.headers.get("location");
   if (!location) {
@@ -202,11 +191,9 @@ export async function createGroup(
   let adminsGroupId: string;
   try {
-    const adminsResponse = await adminMutate(
-      "POST",
-      `/groups/${newGroupId}/children`,
-      { name: "admins" },
-    );
+    const adminsResponse = await adminMutate("POST", `/groups/${newGroupId}/children`, {
+      name: "admins",
+    });
     const adminsLocation = adminsResponse.headers.get("location");
     adminsGroupId = adminsLocation?.split("/").pop() ?? "";
     if (!adminsGroupId) {
@@ -232,9 +219,7 @@ export async function createGroup(
 /**
  * Fetches members for a group and all its sub-groups, returning the tree structure.
  */
-export async function getGroupWithMembers(
-  scope: string,
-): Promise<GroupWithMembers | undefined> {
+export async function getGroupWithMembers(scope: string): Promise<GroupWithMembers | undefined> {
   const group = await findGroupByPath(scope);
   if (!group) return undefined;
@@ -243,9 +228,7 @@ export async function getGroupWithMembers(
   await Promise.all(
     allIds.map(async (id) => {
-      const members = await adminFetch<KeycloakUser[]>(
-        `/groups/${id}/members?max=500`,
-      );
+      const members = await adminFetch<KeycloakUser[]>(`/groups/${id}/members?max=500`);
       membersByGroupId.set(id, members);
     }),
   );

package/app/.server/auth/keycloakAdmin/users.ts CHANGED Viewed

@@ -1,9 +1,4 @@
-import {
-  adminFetch,
-  adminMutate,
-  KeycloakAdminError,
-  type KeycloakUser,
-} from "./client";
+import { adminFetch, adminMutate, KeycloakAdminError, type KeycloakUser } from "./client";
 import { findGroupByPath } from "./groups";
 import { cytarioConfig } from "~/config";
@@ -18,24 +13,15 @@ export async function updateUser(
   await adminMutate("PUT", `/users/${userId}`, data);
 }
-export async function addUserToGroup(
-  userId: string,
-  groupId: string,
-): Promise<void> {
+export async function addUserToGroup(userId: string, groupId: string): Promise<void> {
   await adminMutate("PUT", `/users/${userId}/groups/${groupId}`);
 }
-export async function removeUserFromGroup(
-  userId: string,
-  groupId: string,
-): Promise<void> {
+export async function removeUserFromGroup(userId: string, groupId: string): Promise<void> {
   await adminMutate("DELETE", `/users/${userId}/groups/${groupId}`);
 }
-export async function setUserEnabled(
-  userId: string,
-  enabled: boolean,
-): Promise<void> {
+export async function setUserEnabled(userId: string, enabled: boolean): Promise<void> {
   await adminMutate("PUT", `/users/${userId}`, { enabled });
 }
@@ -84,10 +70,8 @@ export async function inviteUser(
       client_id: cytarioConfig.auth.clientId,
       redirect_uri: cytarioConfig.endpoints.webapp,
     });
-    await adminMutate(
-      "PUT",
-      `/users/${userId}/execute-actions-email?${params}`,
-      ["UPDATE_PASSWORD"],
-    );
+    await adminMutate("PUT", `/users/${userId}/execute-actions-email?${params}`, [
+      "UPDATE_PASSWORD",
+    ]);
   }
 }

package/app/.server/auth/oauthState.ts CHANGED Viewed

@@ -23,8 +23,7 @@ export interface OAuthStateResult {
  * Generates a PKCE code verifier (RFC 7636 §4.1).
  * 43-char base64url string from 32 random bytes.
  */
-export const generateCodeVerifier = (): string =>
-  randomBytes(32).toString("base64url");
+export const generateCodeVerifier = (): string => randomBytes(32).toString("base64url");
 /**
  * Generates a PKCE code challenge (S256) from a code verifier (RFC 7636 §4.2).
@@ -59,9 +58,7 @@ export const validateRedirectTo = (redirectTo?: string): string => {
  * and stores it in the cache store (Redis/Valkey) with a short expiry time.
  * Returns state, codeChallenge, and nonce for the authorization URL.
  */
-export const generateOAuthState = async (
-  redirectTo?: string,
-): Promise<OAuthStateResult> => {
+export const generateOAuthState = async (redirectTo?: string): Promise<OAuthStateResult> => {
   const state = randomBytes(32).toString("hex");
   const codeVerifier = generateCodeVerifier();
   const codeChallenge = generateCodeChallenge(codeVerifier);
@@ -75,11 +72,7 @@ export const generateOAuthState = async (
     nonce,
   };
-  await redis.setex(
-    `${STATE_PREFIX}${state}`,
-    STATE_EXPIRY_SECONDS,
-    JSON.stringify(stateData),
-  );
+  await redis.setex(`${STATE_PREFIX}${state}`, STATE_EXPIRY_SECONDS, JSON.stringify(stateData));
   return { state, codeChallenge, nonce };
 };
@@ -89,9 +82,7 @@ export const generateOAuthState = async (
  * Returns the state data if valid, or null if invalid/expired.
  * Uses atomic GETDEL to prevent reuse (requires Redis 6.2+ / Valkey).
  */
-export const validateOAuthState = async (
-  state: string,
-): Promise<OAuthState | null> => {
+export const validateOAuthState = async (state: string): Promise<OAuthState | null> => {
   const key = `${STATE_PREFIX}${state}`;
   const stateJson = await redis.getdel(key);

package/app/.server/auth/redirectIfAuthenticated.ts CHANGED Viewed

@@ -5,9 +5,7 @@ import { getSession, getSessionData } from "~/.server/auth/getSession";
 /**
  * Redirects the user to the profile page if they are already authenticated.
  */
-export const redirectIfAuthenticated = async ({
-  request,
-}: LoaderFunctionArgs): Promise<void> => {
+export const redirectIfAuthenticated = async ({ request }: LoaderFunctionArgs): Promise<void> => {
   const session = await getSession(request);
   const { user } = await getSessionData(session);

package/app/.server/auth/refreshAuthTokens.ts CHANGED Viewed

@@ -18,9 +18,7 @@ export interface AuthTokensResponse {
 /**
  * Refreshes the access token using the provided refresh token.
  */
-export async function refreshAccessToken(
-  refreshToken: string,
-): Promise<AuthTokens> {
+export async function refreshAccessToken(refreshToken: string): Promise<AuthTokens> {
   const wellKnownEndpoints = await getWellKnownEndpoints();
   const response = await fetch(wellKnownEndpoints.token_endpoint, {
@@ -34,8 +32,7 @@ export async function refreshAccessToken(
     }),
   });
   if (!response.ok) throw new Error("Failed to refresh token");
-  const { access_token, id_token, refresh_token } =
-    (await response.json()) as AuthTokensResponse;
+  const { access_token, id_token, refresh_token } = (await response.json()) as AuthTokensResponse;
   const authTokens: AuthTokens = {
     accessToken: access_token,
@@ -69,9 +66,7 @@ const delay = (ms: number) => new Promise((resolve) => setTimeout(resolve, ms));
  * Reads the current session auth tokens directly from Redis,
  * bypassing the in-memory LRU cache to get the freshest data.
  */
-async function readSessionTokensFromStore(
-  sessionId: string,
-): Promise<AuthTokens | null> {
+async function readSessionTokensFromStore(sessionId: string): Promise<AuthTokens | null> {
   const data = await redis.hget(sessionId, "data");
   if (!data) return null;
@@ -96,13 +91,7 @@ export async function refreshAccessTokenWithLock(
   const lockValue = randomUUID();
   for (let attempt = 0; attempt < MAX_RETRIES; attempt++) {
-    const acquired = await redis.set(
-      lockKey,
-      lockValue,
-      "EX",
-      LOCK_TTL_SECONDS,
-      "NX",
-    );
+    const acquired = await redis.set(lockKey, lockValue, "EX", LOCK_TTL_SECONDS, "NX");
     if (acquired === "OK") {
       try {
@@ -110,10 +99,7 @@ export async function refreshAccessTokenWithLock(
         // by a previous lock holder (handles refresh token rotation)
         const currentTokens = await readSessionTokensFromStore(sessionId);
-        if (
-          currentTokens &&
-          currentTokens.refreshToken !== refreshToken
-        ) {
+        if (currentTokens && currentTokens.refreshToken !== refreshToken) {
           return currentTokens;
         }

package/app/.server/auth/sessionMiddleware.ts CHANGED Viewed

@@ -9,10 +9,7 @@ export const sessionContext = createContext<CytarioSession>();
  * Middleware that retrieves the session from the request
  * and sets it in the context for downstream use.
  */
-export const sessionMiddleware: MiddlewareFunction = async (
-  { request, context },
-  next
-) => {
+export const sessionMiddleware: MiddlewareFunction = async ({ request, context }, next) => {
   const session = await getSession(request);
   context.set(sessionContext, session);
   return next();

package/app/.server/auth/sessionStorage.ts CHANGED Viewed

@@ -47,10 +47,7 @@ const sessionCache = new LRUCache<string, SessionData>({
   ttl: 5000, // 5 seconds TTL - short enough to keep data fresh
 });
-export const sessionStorage = createSessionStorage<
-  SessionData,
-  SessionFlashData
->({
+export const sessionStorage = createSessionStorage<SessionData, SessionFlashData>({
   cookie: {
     name: "__session",
     ...cookie,

package/app/.server/auth/verifyIdToken.ts CHANGED Viewed

@@ -20,9 +20,7 @@ const getJwks = async () => {
  * behavior varies by client configuration. Add after confirming the actual
  * `aud` claim value in production tokens.
  */
-export const verifyIdToken = async (
-  token: string,
-): Promise<JWTPayload | null> => {
+export const verifyIdToken = async (token: string): Promise<JWTPayload | null> => {
   try {
     const jwks = await getJwks();
     const { issuer } = await getWellKnownEndpoints();

package/app/.server/auth/wellKnownEndpoints.ts CHANGED Viewed

@@ -32,10 +32,7 @@ const fetchWellKnownEndpoints = async (): Promise<WellKnownEndpoints> => {
     cacheExpiresAt = Date.now() + CACHE_TTL_MS;
     return data;
   } catch (error) {
-    console.error(
-      `Error fetching well-known endpoints from ${endpointUrl}:`,
-      error,
-    );
+    console.error(`Error fetching well-known endpoints from ${endpointUrl}:`, error);
     cachedEndpoints = null;
     cacheExpiresAt = 0;
     throw error;

package/app/.server/db/redis.ts CHANGED Viewed

@@ -59,6 +59,10 @@ redis.on("error", (err) => {
 });
 redis.on("connect", () => {
-  const authInfo = username ? ` (authenticated as ${username})` : password ? " (authenticated)" : "";
+  const authInfo = username
+    ? ` (authenticated as ${username})`
+    : password
+      ? " (authenticated)"
+      : "";
   console.log(`Connected to Redis/Valkey at ${host}:${port}${authInfo}`);
 });

package/app/.server/logging.ts CHANGED Viewed

@@ -9,8 +9,5 @@ const ansiColors = {
   gray: "\x1b[90m",
 };
-export const createLabel = (
-  str: string,
-  color: keyof typeof ansiColors = "white"
-) =>
+export const createLabel = (str: string, color: keyof typeof ansiColors = "white") =>
   `${ansiColors[color]}[${str.slice(0, 10).toUpperCase().padEnd(10, " ")}]\x1b[0m`;

package/app/.server/requestDurationMiddleware.ts CHANGED Viewed

@@ -8,10 +8,7 @@ const label = createLabel("duration", "red");
  * Middleware that logs request duration for debugging performance.
  * Export this from routes where you want to measure request timing.
  */
-export const requestDurationMiddleware: MiddlewareFunction = async (
-  { request },
-  next
-) => {
+export const requestDurationMiddleware: MiddlewareFunction = async ({ request }, next) => {
   const startTime = performance.now();
   const url = new URL(request.url);
   const path = url.pathname + url.search;