Skip to content

chore(web): remove ApiTokenModal and localStorage token handling#240

Merged
CoderCoco merged 2 commits into
mainfrom
claude/issue-162-chore-web---remove-apitokenmodal-and-localstorage
Jun 14, 2026
Merged

chore(web): remove ApiTokenModal and localStorage token handling#240
CoderCoco merged 2 commits into
mainfrom
claude/issue-162-chore-web---remove-apitokenmodal-and-localstorage

Conversation

@CoderCoco

Copy link
Copy Markdown
Owner

Closes #162

Summary

  • Deletes ApiTokenModal component and its test suite — no longer needed now that the renderer communicates over IPC instead of HTTP (no bearer token required)
  • Removes apiToken localStorage read/write, the 401-retry queue, and all Authorization: Bearer header plumbing from api.service.ts and app.component.tsx
  • Cleans up AuthGatePage page-object, auth-gate.spec.ts e2e spec, and the API_TOKEN env var reference from the integration test server config

Changes

app/packages/web/e2e/fixtures/gsd-http-bridge.ts          14 changes   remove auth header injection
app/packages/web/e2e/fixtures/index.ts                     26 deletions  remove authedPage / token fixtures
app/packages/web/e2e/fixtures/server-mocks.ts               9 changes   drop token seeding
app/packages/web/e2e/pages/AuthGatePage.ts                 45 deletions  delete auth-gate page object
app/packages/web/e2e/pages/index.ts                         1 deletion   remove AuthGatePage export
app/packages/web/e2e/specs/auth-gate.spec.ts               26 deletions  delete auth-gate e2e spec
app/packages/web/playwright.integration.config.ts           1 deletion   remove API_TOKEN env var
app/packages/web/src/api.service.test.ts                   72 changes   drop token tests
app/packages/web/src/api.service.ts                        45 deletions  remove auth header + 401 retry
app/packages/web/src/app.component.tsx                     18 changes   remove ApiTokenModal wiring
app/packages/web/src/components/api-token-modal.component.test.tsx  153 deletions  delete component tests
app/packages/web/src/components/api-token-modal.component.tsx       166 deletions  delete component

Test plan

  • npm run app:test — all unit tests pass (api-token-modal.component.test.tsx deleted, remaining web specs pass)
  • npm run app:lint — 0 errors
  • apiToken is not referenced anywhere in app/packages/web/ (grep -r apiToken app/packages/web/src returns nothing)
  • ApiTokenModal component and its test file no longer exist in the repository
  • app.component.tsx renders without any token-modal state or localStorage reads
  • api.service.ts contains no Authorization header construction or 401-retry logic
  • E2E suite passes without auth-gate specs (npm run app:test:e2e)

🤖 Generated with Claude Code

CoderCoco and others added 2 commits June 14, 2026 15:06
The Nest guard and HTTP/bearer transport are gone (#159, #161/#239); the
renderer talks to the main process over the window.gsd IPC bridge, which
has no per-request 401. Remove the now-dead token surface from @hyveon/web:

- delete ApiTokenModal component + test
- drop the modal render, needsToken state, and setUnauthorizedHandler
  wiring from app.component
- remove getStoredApiToken/setStoredApiToken/setUnauthorizedHandler/
  retryPendingAfterAuth/TOKEN_STORAGE_KEY from api.service and their tests
- delete the auth-gate e2e spec + AuthGatePage page object
- strip apiToken/Bearer seeding from the e2e fixtures (gsd-http-bridge,
  server-mocks, index) so calls go out without a token

No apiToken reference remains anywhere in @hyveon/web.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The integration Playwright config still passed API_TOKEN=test-token to the
test Nest server, but ConfigService no longer reads it (the bearer-token
guard was removed). Remove the dead env var so the config doesn't imply the
HTTP shim still enforces token auth.

Refs #162

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings June 14, 2026 19:59

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR completes the web renderer’s transition away from HTTP/bearer-token auth by deleting the ApiTokenModal flow and removing all localStorage token handling and 401-retry plumbing, aligning the web app with the IPC (window.gsd) communication model.

Changes:

  • Deleted ApiTokenModal and its unit tests, and removed its wiring from app.component.tsx.
  • Removed apiToken localStorage helpers and inert auth stubs from api.service.ts plus related unit tests.
  • Simplified Playwright e2e/integration fixtures/specs/config by dropping token seeding and auth-gate coverage.

Reviewed changes

Copilot reviewed 12 out of 12 changed files in this pull request and generated no comments.

Show a summary per file
File Description
app/packages/web/e2e/fixtures/gsd-http-bridge.ts Removes auth header injection from the HTTP bridge used in e2e.
app/packages/web/e2e/fixtures/index.ts Removes auth-gate page object fixture and token seeding from fixtures.
app/packages/web/e2e/fixtures/server-mocks.ts Drops bearer auth headers and token seeding from integration fixtures.
app/packages/web/e2e/pages/AuthGatePage.ts Deletes the auth-gate page object (no longer applicable).
app/packages/web/e2e/pages/index.ts Removes AuthGatePage export.
app/packages/web/e2e/specs/auth-gate.spec.ts Deletes auth-gate e2e spec covering the removed token flow.
app/packages/web/playwright.integration.config.ts Removes API_TOKEN from the integration server env config.
app/packages/web/src/api.service.test.ts Removes tests for token storage and inert auth stubs.
app/packages/web/src/api.service.ts Removes localStorage token helpers and auth/401 retry exports.
app/packages/web/src/app.component.tsx Removes unauthorized handler + token modal rendering.
app/packages/web/src/components/api-token-modal.component.test.tsx Deletes unit tests for the removed modal component.
app/packages/web/src/components/api-token-modal.component.tsx Deletes the modal component implementation.

@CoderCoco CoderCoco merged commit daecf09 into main Jun 14, 2026
13 checks passed
@CoderCoco CoderCoco deleted the claude/issue-162-chore-web---remove-apitokenmodal-and-localstorage branch June 14, 2026 22:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

chore(web): remove ApiTokenModal and localStorage token handling

2 participants