kevin/baron-sso
1
0
Fork 0
forked from baron/baron-sso
Code Pull Requests Activity

fix(auth): add sessionStorage fallback for web auto-login

Browse Source 
- add shared token store backend with local/session/memory fallback
- cover fallback behavior with flutter unit tests
- add wasm e2e coverage for sessionStorage login state
- document mobile installed webapp auto-login policy
This commit is contained in:
Lectom C Han
2026-03-30 18:02:34 +09:00
parent 2f893a6d9e
commit 72551e5f9d
6 changed files with 344 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

113
userfront/lib/core/services/auth_token_store_backend.dart Normal file
View File

@@ -0,0 +1,113 @@
abstract class AuthTokenStorageTarget {
String? read(String key);
void write(String key, String value);
void remove(String key);
}
class AuthTokenStoreBackend {
AuthTokenStoreBackend({
required AuthTokenStorageTarget localTarget,
required AuthTokenStorageTarget sessionTarget,
}) : _targets = [
localTarget,
sessionTarget,
_MemoryStorageTarget(),
];
static const _tokenKey = 'baron_auth_token';
static const _providerKey = 'baron_auth_provider';
static const _cookieModeKey = 'baron_auth_cookie_mode';
static const _pendingProviderKey = 'baron_auth_pending_provider';
final List<AuthTokenStorageTarget> _targets;
String? getToken() => _readFirst(_tokenKey);
String? getProvider() => _readFirst(_providerKey);
bool usesCookie() => _readFirst(_cookieModeKey) == '1';
void setToken(String token, {String? provider}) {
_writeAll(_tokenKey, token);
_removeAll(_cookieModeKey);
if (provider != null) {
_writeAll(_providerKey, provider);
}
}
void setCookieMode({String? provider}) {
_writeAll(_cookieModeKey, '1');
_removeAll(_tokenKey);
if (provider != null) {
_writeAll(_providerKey, provider);
}
}
String? getPendingProvider() => _readFirst(_pendingProviderKey);
void setPendingProvider(String? provider) {
if (provider == null || provider.isEmpty) {
_removeAll(_pendingProviderKey);
return;
}
_writeAll(_pendingProviderKey, provider);
}
void clear() {
_removeAll(_tokenKey);
_removeAll(_providerKey);
_removeAll(_cookieModeKey);
_removeAll(_pendingProviderKey);
}
String? _readFirst(String key) {
for (final target in _targets) {
try {
final value = target.read(key);
if (value != null && value.isNotEmpty) {
return value;
}
} catch (_) {
continue;
}
}
return null;
}
void _writeAll(String key, String value) {
for (final target in _targets) {
try {
target.write(key, value);
} catch (_) {
continue;
}
}
}
void _removeAll(String key) {
for (final target in _targets) {
try {
target.remove(key);
} catch (_) {
continue;
}
}
}
}
class _MemoryStorageTarget implements AuthTokenStorageTarget {
final Map<String, String> _memory = {};
@override
String? read(String key) => _memory[key];
@override
void remove(String key) {
_memory.remove(key);
}
@override
void write(String key, String value) {
_memory[key] = value;
}
}

97
userfront/lib/core/services/auth_token_store_web.dart
View File

@@ -1,10 +1,14 @@
// ignore_for_file: avoid_web_libraries_in_flutter
import 'dart:js_interop';
import 'auth_token_store_backend.dart';
@JS('window.localStorage')
external _JSStorage get _localStorage;
@JS('window.sessionStorage')
external _JSStorage get _sessionStorage;
@JS()
extension type _JSStorage(JSObject _) implements JSObject {
external String? getItem(String key);
@@ -12,83 +16,32 @@ extension type _JSStorage(JSObject _) implements JSObject {
external void removeItem(String key);
}
class AuthTokenStore {
static const _tokenKey = 'baron_auth_token';
static const _providerKey = 'baron_auth_provider';
static const _cookieModeKey = 'baron_auth_cookie_mode';
static const _pendingProviderKey = 'baron_auth_pending_provider';
class AuthTokenStore extends AuthTokenStoreBackend {
AuthTokenStore()
: super(
localTarget: _JsStorageTarget(_localStorage),
sessionTarget: _JsStorageTarget(_sessionStorage),
);
}
String? getToken() {
try {
return _localStorage.getItem(_tokenKey);
} catch (_) {
return null;
}
class _JsStorageTarget implements AuthTokenStorageTarget {
_JsStorageTarget(this._storage);
final _JSStorage _storage;
@override
String? read(String key) {
return _storage.getItem(key);
}
String? getProvider() {
try {
return _localStorage.getItem(_providerKey);
} catch (_) {
return null;
}
@override
void remove(String key) {
_storage.removeItem(key);
}
bool usesCookie() {
try {
return _localStorage.getItem(_cookieModeKey) == '1';
} catch (_) {
return false;
}
}
void setToken(String token, {String? provider}) {
try {
_localStorage.setItem(_tokenKey, token);
_localStorage.removeItem(_cookieModeKey);
if (provider != null) {
_localStorage.setItem(_providerKey, provider);
}
} catch (e) {
// ignore
}
}
void setCookieMode({String? provider}) {
try {
_localStorage.setItem(_cookieModeKey, '1');
_localStorage.removeItem(_tokenKey);
if (provider != null) {
_localStorage.setItem(_providerKey, provider);
}
} catch (_) {}
}
String? getPendingProvider() {
try {
return _localStorage.getItem(_pendingProviderKey);
} catch (_) {
return null;
}
}
void setPendingProvider(String? provider) {
try {
if (provider == null || provider.isEmpty) {
_localStorage.removeItem(_pendingProviderKey);
return;
}
_localStorage.setItem(_pendingProviderKey, provider);
} catch (_) {}
}
void clear() {
try {
_localStorage.removeItem(_tokenKey);
_localStorage.removeItem(_providerKey);
_localStorage.removeItem(_cookieModeKey);
_localStorage.removeItem(_pendingProviderKey);
} catch (_) {}
@override
void write(String key, String value) {
_storage.setItem(key, value);
}
}

95
userfront/test/auth_token_store_backend_test.dart Normal file
View File

@@ -0,0 +1,95 @@
import 'package:flutter_test/flutter_test.dart';
import 'package:userfront/core/services/auth_token_store_backend.dart';
void main() {
group('AuthTokenStoreBackend', () {
test('local 저장소가 실패하면 session 저장소에서 토큰을 읽는다', () {
final local = _FakeTarget(throwsOnRead: true);
final session = _FakeTarget(readSeed: {'baron_auth_token': 'session-jwt'});
final store = AuthTokenStoreBackend(
localTarget: local,
sessionTarget: session,
);
expect(store.getToken(), 'session-jwt');
});
test('local 저장소가 실패하면 session 저장소에 토큰을 저장한다', () {
final local = _FakeTarget(throwsOnWrite: true);
final session = _FakeTarget();
final store = AuthTokenStoreBackend(
localTarget: local,
sessionTarget: session,
);
store.setToken('new-token', provider: 'ory');
expect(session.read('baron_auth_token'), 'new-token');
expect(session.read('baron_auth_provider'), 'ory');
});
test('clear 호출 시 local/session/memory 모두 정리된다', () {
final local = _FakeTarget(
readSeed: {
'baron_auth_token': 'local-token',
'baron_auth_provider': 'ory',
},
);
final session = _FakeTarget(
readSeed: {
'baron_auth_token': 'session-token',
'baron_auth_provider': 'ory',
'baron_auth_cookie_mode': '1',
},
);
final store = AuthTokenStoreBackend(
localTarget: local,
sessionTarget: session,
);
store.clear();
expect(local.read('baron_auth_token'), isNull);
expect(local.read('baron_auth_provider'), isNull);
expect(session.read('baron_auth_token'), isNull);
expect(session.read('baron_auth_provider'), isNull);
expect(session.read('baron_auth_cookie_mode'), isNull);
expect(store.getToken(), isNull);
expect(store.getProvider(), isNull);
expect(store.usesCookie(), isFalse);
});
});
}
class _FakeTarget implements AuthTokenStorageTarget {
_FakeTarget({
this.throwsOnRead = false,
this.throwsOnWrite = false,
Map<String, String>? readSeed,
}) : _data = {...?readSeed};
final bool throwsOnRead;
final bool throwsOnWrite;
final Map<String, String> _data;
@override
String? read(String key) {
if (throwsOnRead) {
throw Exception('read failed');
}
return _data[key];
}
@override
void remove(String key) {
_data.remove(key);
}
@override
void write(String key, String value) {
if (throwsOnWrite) {
throw Exception('write failed');
}
_data[key] = value;
}
}