chore(web): remove ApiTokenModal and localStorage token handling#240
Merged
CoderCoco merged 2 commits intoJun 14, 2026
Merged
Conversation
The Nest guard and HTTP/bearer transport are gone (#159, #161/#239); the renderer talks to the main process over the window.gsd IPC bridge, which has no per-request 401. Remove the now-dead token surface from @hyveon/web: - delete ApiTokenModal component + test - drop the modal render, needsToken state, and setUnauthorizedHandler wiring from app.component - remove getStoredApiToken/setStoredApiToken/setUnauthorizedHandler/ retryPendingAfterAuth/TOKEN_STORAGE_KEY from api.service and their tests - delete the auth-gate e2e spec + AuthGatePage page object - strip apiToken/Bearer seeding from the e2e fixtures (gsd-http-bridge, server-mocks, index) so calls go out without a token No apiToken reference remains anywhere in @hyveon/web. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The integration Playwright config still passed API_TOKEN=test-token to the test Nest server, but ConfigService no longer reads it (the bearer-token guard was removed). Remove the dead env var so the config doesn't imply the HTTP shim still enforces token auth. Refs #162 Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR completes the web renderer’s transition away from HTTP/bearer-token auth by deleting the ApiTokenModal flow and removing all localStorage token handling and 401-retry plumbing, aligning the web app with the IPC (window.gsd) communication model.
Changes:
- Deleted
ApiTokenModaland its unit tests, and removed its wiring fromapp.component.tsx. - Removed
apiTokenlocalStorage helpers and inert auth stubs fromapi.service.tsplus related unit tests. - Simplified Playwright e2e/integration fixtures/specs/config by dropping token seeding and auth-gate coverage.
Reviewed changes
Copilot reviewed 12 out of 12 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| app/packages/web/e2e/fixtures/gsd-http-bridge.ts | Removes auth header injection from the HTTP bridge used in e2e. |
| app/packages/web/e2e/fixtures/index.ts | Removes auth-gate page object fixture and token seeding from fixtures. |
| app/packages/web/e2e/fixtures/server-mocks.ts | Drops bearer auth headers and token seeding from integration fixtures. |
| app/packages/web/e2e/pages/AuthGatePage.ts | Deletes the auth-gate page object (no longer applicable). |
| app/packages/web/e2e/pages/index.ts | Removes AuthGatePage export. |
| app/packages/web/e2e/specs/auth-gate.spec.ts | Deletes auth-gate e2e spec covering the removed token flow. |
| app/packages/web/playwright.integration.config.ts | Removes API_TOKEN from the integration server env config. |
| app/packages/web/src/api.service.test.ts | Removes tests for token storage and inert auth stubs. |
| app/packages/web/src/api.service.ts | Removes localStorage token helpers and auth/401 retry exports. |
| app/packages/web/src/app.component.tsx | Removes unauthorized handler + token modal rendering. |
| app/packages/web/src/components/api-token-modal.component.test.tsx | Deletes unit tests for the removed modal component. |
| app/packages/web/src/components/api-token-modal.component.tsx | Deletes the modal component implementation. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #162
Summary
ApiTokenModalcomponent and its test suite — no longer needed now that the renderer communicates over IPC instead of HTTP (no bearer token required)apiTokenlocalStorage read/write, the 401-retry queue, and allAuthorization: Bearerheader plumbing fromapi.service.tsandapp.component.tsxAuthGatePagepage-object,auth-gate.spec.tse2e spec, and theAPI_TOKENenv var reference from the integration test server configChanges
Test plan
npm run app:test— all unit tests pass (api-token-modal.component.test.tsxdeleted, remaining web specs pass)npm run app:lint— 0 errorsapiTokenis not referenced anywhere inapp/packages/web/(grep -r apiToken app/packages/web/srcreturns nothing)ApiTokenModalcomponent and its test file no longer exist in the repositoryapp.component.tsxrenders without any token-modal state or localStorage readsapi.service.tscontains noAuthorizationheader construction or 401-retry logicnpm run app:test:e2e)🤖 Generated with Claude Code