chore: avatar update#171
Conversation
WalkthroughRefactors the ticket page’s “Show more” click handling to call a new handler that triggers haptic feedback and increments the counter. Updates server auth middleware to skip authentication for paths starting with /api/avatar while leaving other flows intact. Changes
Sequence Diagram(s)sequenceDiagram
autonumber
actor User
participant UI as Ticket Page UI
participant Feedback as useFeedback.vibrate
participant State as shownMessages
User->>UI: Click "Show more"
UI->>UI: handleClickShowMore()
UI->>Feedback: vibrate()
Feedback-->>UI: done
UI->>State: shownMessages += 10
sequenceDiagram
autonumber
participant Client
participant MW as Auth Middleware
participant Session as getUserFromSession
participant Handler as Route Handler
Client->>MW: HTTP Request
alt OPTIONS preflight
MW-->>Client: 200 (preflight)
else Path starts with /api/avatar
MW->>Handler: bypass auth
Handler-->>Client: Response
else Other routes
MW->>Session: getUserFromSession()
alt No user
MW-->>Client: 401 Unauthorized
else User found
MW->>Handler: attach user to context
Handler-->>Client: Response
end
end
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Possibly related PRs
Poem
Pre-merge checks and finishing touches✅ Passed checks (3 passed)
✨ Finishing touches
🧪 Generate unit tests
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (3)
apps/atrium-telegram/app/pages/ticket/[ticketId]/index.vue (2)
40-41: Bind the method directly to avoid an unnecessary wrapper callMinor template nit: no need for parentheses.
- @click="handleClickShowMore()" + @click="handleClickShowMore"
81-84: Clamp shownMessages to total count to avoid overshootPrevents overshooting when fewer than 10 messages remain.
-function handleClickShowMore() { - vibrate() - shownMessages.value += 10 -} +function handleClickShowMore() { + vibrate() + shownMessages.value = Math.min( + shownMessages.value + 10, + ticket.value?.messages.length ?? shownMessages.value + 10 + ) +}apps/web-app/server/middleware/01.auth.ts (1)
27-29: Restrict /api/avatar to read methods (GET/HEAD) and remove it from the public routes listapps/web-app/server/middleware/01.auth.ts currently includes '/api/avatar' in routesWithoutAuth and uses startsWith('/api/avatar') (making the whole prefix public). I searched apps//server/api/ and found no exported POST/PUT/PATCH/DELETE handlers for avatar, but gate the prefix by method to prevent future regressions.
- if (!event.path.startsWith('/api') || event.path.startsWith('/api/avatar') || routesWithoutAuth.includes(event.path)) { - return - } + if (!event.path.startsWith('/api')) { + return + } + // Public avatars: allow only GET/HEAD without auth + if ( + (event.path === '/api/avatar' || event.path.startsWith('/api/avatar/')) && + (event.method === 'GET' || event.method === 'HEAD') + ) { + return + } + if (routesWithoutAuth.includes(event.path)) { + return + }Also remove '/api/avatar' from routesWithoutAuth in the same file to keep a single source of truth.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (2)
apps/atrium-telegram/app/pages/ticket/[ticketId]/index.vue(3 hunks)apps/web-app/server/middleware/01.auth.ts(1 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: build
🔇 Additional comments (1)
apps/atrium-telegram/app/pages/ticket/[ticketId]/index.vue (1)
69-69: Nice UX touch: extracted handler + haptic feedback look goodThe composable usage and the dedicated handler are clean and readable.
Also applies to: 81-84
1 participant
Summary by CodeRabbit
New Features
Refactor