@salesforce/webapp-template-app-react-template-vibe-experimental 1.44.0 → 1.45.1

package/dist/force-app/main/default/webapplications/appreacttemplatevibe/package.json

@@ -14,10 +14,7 @@
     "graphql:schema": "node scripts/get-graphql-schema.mjs"
   },
   "dependencies": {
-    "@radix-ui/react-label": "^2.1.8",
-    "@radix-ui/react-select": "^2.2.6",
-    "@radix-ui/react-slot": "^1.2.4",
-    "@salesforce/agentforce-conversation-client": "^1.43.1",
+    "@salesforce/agentforce-conversation-client": "^1.45.0",
     "@salesforce/sdk-data": "^1.11.2",
     "@salesforce/webapp-experimental": "*",
     "@tailwindcss/vite": "^4.1.17",
@@ -25,6 +22,7 @@
     "class-variance-authority": "^0.7.1",
     "clsx": "^2.1.1",
     "lucide-react": "^0.562.0",
+    "radix-ui": "^1.4.3",
     "react": "^19.2.0",
     "react-dom": "^19.2.0",
     "react-router": "^7.10.1",

package/dist/force-app/main/default/webapplications/appreacttemplatevibe/src/app.tsx

@@ -1,16 +1,13 @@
 import { createBrowserRouter, RouterProvider } from "react-router";
-import { routes } from "@/routes";
+import { routes } from "./routes";
 import { StrictMode } from "react";
 import { createRoot } from "react-dom/client";
-import { AuthProvider } from "./context/AuthContext";
 import "./styles/global.css";
 
 const router = createBrowserRouter(routes);
 
 createRoot(document.getElementById("root")!).render(
 	<StrictMode>
-		<AuthProvider>
-			<RouterProvider router={router} />
-		</AuthProvider>
+		<RouterProvider router={router} />
 	</StrictMode>,
 );

package/dist/force-app/main/default/webapplications/appreacttemplatevibe/src/components/auth/authHelpers.ts

@@ -0,0 +1,73 @@
+import { AUTH_REDIRECT_PARAM } from "./authenticationConfig";
+import { z } from "zod";
+
+/** Email field validation */
+export const emailSchema = z.string().trim().email("Please enter a valid email address");
+
+/** Password field validation (minimum 8 characters) */
+export const passwordSchema = z.string().min(8, "Password must be at least 8 characters");
+
+/**
+ * Shared schema for new password + confirmation fields.
+ * Validates password length and matching confirmation.
+ */
+export const newPasswordSchema = z
+	.object({
+		newPassword: passwordSchema,
+		confirmPassword: z.string().min(1, "Please confirm your password"),
+	})
+	.refine((data) => data.newPassword === data.confirmPassword, {
+		message: "Passwords do not match",
+		path: ["confirmPassword"],
+	});
+
+/**
+ *
+ * Extracts the startUrl from URLSearchParams, defaulting to '/'.
+ *
+ * SECURITY NOTE: This function strictly validates the URL to prevent
+ * Open Redirect vulnerabilities. It allows only relative paths.
+ *
+ * @param searchParams - The URLSearchParams object from useSearchParams()
+ * @returns The start URL for post-authentication redirect
+ */
+export function getStartUrl(searchParams: URLSearchParams): string {
+	// 1. Check for the standard redirect parameter
+	const url = searchParams.get(AUTH_REDIRECT_PARAM);
+	// 2. Security Check: Validation Logic
+	if (url && isValidRedirect(url)) {
+		return url;
+	}
+	// 3. Fallback: Default to root
+	return "/";
+}
+
+/**
+ * [Dev Note] Security: Validates that the redirect URL is a relative path
+ * to prevent Open Redirect vulnerabilities.
+ *
+ * Security Checks:
+ * 1. Rejects protocol-relative URLs (//)
+ * 2. Rejects backslash usage which some browsers treat as slashes (/\)
+ * 3. Rejects control characters
+ */
+function isValidRedirect(url: string): boolean {
+	// Basic structure check
+	if (!url.startsWith("/") || url.startsWith("//")) return false;
+	// Security: Reject backslashes to prevent /\example.com bypasses
+	if (url.includes("\\")) return false;
+	// Robustness: Ensure it doesn't contain whitespace/control characters
+	if (/[^\u0021-\u00ff]/.test(url)) return false;
+	return true;
+}
+
+/**
+ * Shared response type for authentication endpoints (login/register).
+ * Success responses contain `success: true` and `redirectUrl`.
+ * Error responses contain `errors` array.
+ */
+export interface AuthResponse {
+	success?: boolean;
+	redirectUrl?: string | null;
+	errors?: string[];
+}

package/dist/force-app/main/default/webapplications/appreacttemplatevibe/src/{utils → components/auth}/authenticationConfig.ts

@@ -30,6 +30,15 @@ export const ROUTES = {
 	},
 } as const;
 
+/**
+ * [Dev Note] Centralized configuration for API endpoints.
+ * These are server-side endpoints, not client-side routes.
+ */
+export const API_ROUTES = {
+	// W-21253864: Logout URL integration is not currently supported
+	LOGOUT: "/secur/logout.jsp",
+} as const;
+
 /**
  * [Dev Note] Query parameter key used to store the return URL.
  * e.g. /login?startUrl=/profile

package/dist/force-app/main/default/webapplications/appreacttemplatevibe/src/components/auth/{authentication-route.tsx → authenticationRouteLayout.tsx}

@@ -1,6 +1,6 @@
 import { Navigate, Outlet, useSearchParams } from "react-router";
 import { useAuth } from "../../context/AuthContext";
-import { getStartUrl } from "../../utils/helpers";
+import { getStartUrl } from "./authHelpers";
 import { CardSkeleton } from "../layout/card-skeleton";
 
 /**

package/dist/force-app/main/default/webapplications/appreacttemplatevibe/src/components/auth/{private-route.tsx → privateRouteLayout.tsx}

@@ -1,6 +1,6 @@
 import { Navigate, Outlet, useLocation } from "react-router";
 import { useAuth } from "../../context/AuthContext";
-import { AUTH_REDIRECT_PARAM, ROUTES } from "../../utils/authenticationConfig";
+import { AUTH_REDIRECT_PARAM, ROUTES } from "./authenticationConfig";
 import { CardSkeleton } from "../layout/card-skeleton";
 
 /**