kevin/baron-sso
1
0
Fork 0
forked from baron/baron-sso
Code Pull Requests Activity

fix(auth): add sessionStorage fallback for web auto-login

Browse Source 
- add shared token store backend with local/session/memory fallback
- cover fallback behavior with flutter unit tests
- add wasm e2e coverage for sessionStorage login state
- document mobile installed webapp auto-login policy
This commit is contained in:
Lectom C Han
2026-03-30 18:02:34 +09:00
parent 2f893a6d9e
commit 72551e5f9d
6 changed files with 344 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

113
userfront/lib/core/services/auth_token_store_backend.dart Normal file
View File

@@ -0,0 +1,113 @@
abstract class AuthTokenStorageTarget {
String? read(String key);
void write(String key, String value);
void remove(String key);
}
class AuthTokenStoreBackend {
AuthTokenStoreBackend({
required AuthTokenStorageTarget localTarget,
required AuthTokenStorageTarget sessionTarget,
}) : _targets = [
localTarget,
sessionTarget,
_MemoryStorageTarget(),
];
static const _tokenKey = 'baron_auth_token';
static const _providerKey = 'baron_auth_provider';
static const _cookieModeKey = 'baron_auth_cookie_mode';
static const _pendingProviderKey = 'baron_auth_pending_provider';
final List<AuthTokenStorageTarget> _targets;
String? getToken() => _readFirst(_tokenKey);
String? getProvider() => _readFirst(_providerKey);
bool usesCookie() => _readFirst(_cookieModeKey) == '1';
void setToken(String token, {String? provider}) {
_writeAll(_tokenKey, token);
_removeAll(_cookieModeKey);
if (provider != null) {
_writeAll(_providerKey, provider);
}
}
void setCookieMode({String? provider}) {
_writeAll(_cookieModeKey, '1');
_removeAll(_tokenKey);
if (provider != null) {
_writeAll(_providerKey, provider);
}
}
String? getPendingProvider() => _readFirst(_pendingProviderKey);
void setPendingProvider(String? provider) {
if (provider == null || provider.isEmpty) {
_removeAll(_pendingProviderKey);
return;
}
_writeAll(_pendingProviderKey, provider);
}
void clear() {
_removeAll(_tokenKey);
_removeAll(_providerKey);
_removeAll(_cookieModeKey);
_removeAll(_pendingProviderKey);
}
String? _readFirst(String key) {
for (final target in _targets) {
try {
final value = target.read(key);
if (value != null && value.isNotEmpty) {
return value;
}
} catch (_) {
continue;
}
}
return null;
}
void _writeAll(String key, String value) {
for (final target in _targets) {
try {
target.write(key, value);
} catch (_) {
continue;
}
}
}
void _removeAll(String key) {
for (final target in _targets) {
try {
target.remove(key);
} catch (_) {
continue;
}
}
}
}
class _MemoryStorageTarget implements AuthTokenStorageTarget {
final Map<String, String> _memory = {};
@override
String? read(String key) => _memory[key];
@override
void remove(String key) {
_memory.remove(key);
}
@override
void write(String key, String value) {
_memory[key] = value;
}
}

97
userfront/lib/core/services/auth_token_store_web.dart
View File

@@ -1,10 +1,14 @@
// ignore_for_file: avoid_web_libraries_in_flutter
import 'dart:js_interop';
import 'auth_token_store_backend.dart';
@JS('window.localStorage')
external _JSStorage get _localStorage;
@JS('window.sessionStorage')
external _JSStorage get _sessionStorage;
@JS()
extension type _JSStorage(JSObject _) implements JSObject {
external String? getItem(String key);
@@ -12,83 +16,32 @@ extension type _JSStorage(JSObject _) implements JSObject {
external void removeItem(String key);
}
class AuthTokenStore {
static const _tokenKey = 'baron_auth_token';
static const _providerKey = 'baron_auth_provider';
static const _cookieModeKey = 'baron_auth_cookie_mode';
static const _pendingProviderKey = 'baron_auth_pending_provider';
class AuthTokenStore extends AuthTokenStoreBackend {
AuthTokenStore()
: super(
localTarget: _JsStorageTarget(_localStorage),
sessionTarget: _JsStorageTarget(_sessionStorage),
);
}
String? getToken() {
try {
return _localStorage.getItem(_tokenKey);
} catch (_) {
return null;
}
class _JsStorageTarget implements AuthTokenStorageTarget {
_JsStorageTarget(this._storage);
final _JSStorage _storage;
@override
String? read(String key) {
return _storage.getItem(key);
}
String? getProvider() {
try {
return _localStorage.getItem(_providerKey);
} catch (_) {
return null;
}
@override
void remove(String key) {
_storage.removeItem(key);
}
bool usesCookie() {
try {
return _localStorage.getItem(_cookieModeKey) == '1';
} catch (_) {
return false;
}
}
void setToken(String token, {String? provider}) {
try {
_localStorage.setItem(_tokenKey, token);
_localStorage.removeItem(_cookieModeKey);
if (provider != null) {
_localStorage.setItem(_providerKey, provider);
}
} catch (e) {
// ignore
}
}
void setCookieMode({String? provider}) {
try {
_localStorage.setItem(_cookieModeKey, '1');
_localStorage.removeItem(_tokenKey);
if (provider != null) {
_localStorage.setItem(_providerKey, provider);
}
} catch (_) {}
}
String? getPendingProvider() {
try {
return _localStorage.getItem(_pendingProviderKey);
} catch (_) {
return null;
}
}
void setPendingProvider(String? provider) {
try {
if (provider == null || provider.isEmpty) {
_localStorage.removeItem(_pendingProviderKey);
return;
}
_localStorage.setItem(_pendingProviderKey, provider);
} catch (_) {}
}
void clear() {
try {
_localStorage.removeItem(_tokenKey);
_localStorage.removeItem(_providerKey);
_localStorage.removeItem(_cookieModeKey);
_localStorage.removeItem(_pendingProviderKey);
} catch (_) {}
@override
void write(String key, String value) {
_storage.setItem(key, value);
}
}