apps/blog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Auth Package Extraction And Auth Flow Refactor #2

Merged
aetos merged 5 commits from auth-package into main 2025-12-28 14:47:38 +00:00
Conversation 0 Commits 5 Files Changed 20 +393 -324
aetos commented 2025-12-28 14:44:49 +00:00
Owner
Copy Link

Decouple authentication into reusable @local/auth package and unify auth flow

Summary

This merge request extracts authentication concerns into a standalone @local/auth package and refactors the blog application to consume it as a dependency. Login and registration are unified into a single AuthPage, token handling is centralized, and the blog app’s auth lifecycle is now driven entirely by the shared auth service.

The primary objective is to enforce a clear separation between authentication (identity, tokens, session state) and application-level user models (Author), enabling reuse across future frontends and services.

Key Changes

1. New @local/auth package

  • Introduces a reusable authentication library with:

    • AuthProvider and useAuth hook
    • Centralized token persistence via tokenStore
    • Axios client factory with automatic auth interceptors
    • Typed AuthUser model shared across apps

  • Packaged with explicit React peer dependencies for safe consumption.

2. Unified Auth UI (AuthPage)

  • Replaces separate Login and Register pages with a single AuthPage component.
  • Supports explicit mode switching (login / register).
  • Fully controlled via props (no internal auth assumptions), making it reusable and host-driven.
  • Automatically returns to the previous view once authentication succeeds.

3. Centralized token & API handling

  • Removes ad-hoc token management from the blog app.

  • All API clients are now created via a shared Axios factory with:

    • Automatic Authorization header injection
    • Automatic token invalidation on 401 responses

  • Blog and Auth services now use the same, consistent client behavior.

4. Blog app refactor to consume auth package

  • Blog app now wraps itself with the shared AuthProvider.

  • Existing AuthorProvider is refactored to:

    • Treat the auth service as the source of truth for identity fields
    • Hydrate application-specific Author data (/authors/me) on auth state changes

  • Removes login/register/logout logic from the blog domain entirely.

5. Routing and view simplification

  • Removes legacy login and register views.
  • Introduces a single auth view with explicit mode handling.
  • Navigation logic updated to support open_auth(mode) semantics.

6. Type model alignment

  • AuthorModel now extends AuthUser instead of duplicating identity fields.
  • Eliminates inconsistencies between auth service responses and blog domain models.

Why this change

  • Prevents auth logic duplication across applications.
  • Enforces a strict boundary between identity/auth and domain-specific user data.
  • Makes authentication portable, testable, and independently evolvable.
  • Simplifies future app onboarding to the same auth backend.

Migration Notes

  • Consumers must wrap their app with AuthProvider from @local/auth and provide authBaseUrl.
  • Blog-level auth actions (login, register, logout) are no longer available and should not be referenced.
  • Routing now uses auth instead of login / register.

Risk & Impact

  • Medium impact due to auth lifecycle changes.
  • No backend API changes required.
  • Token handling behavior is preserved but centralized.

Follow-ups (out of scope)

  • Add refresh-token support in @local/auth.
  • Extract AuthPage styles into a themeable layer.
  • Introduce E2E auth flow tests.
# Decouple authentication into reusable `@local/auth` package and unify auth flow ## Summary This merge request extracts authentication concerns into a standalone `@local/auth` package and refactors the blog application to consume it as a dependency. Login and registration are unified into a single `AuthPage`, token handling is centralized, and the blog app’s auth lifecycle is now driven entirely by the shared auth service. The primary objective is to enforce a clear separation between **authentication (identity, tokens, session state)** and **application-level user models (Author)**, enabling reuse across future frontends and services. --- ## Key Changes ### 1. New `@local/auth` package * Introduces a reusable authentication library with: * `AuthProvider` and `useAuth` hook * Centralized token persistence via `tokenStore` * Axios client factory with automatic auth interceptors * Typed `AuthUser` model shared across apps * Packaged with explicit React peer dependencies for safe consumption. ### 2. Unified Auth UI (`AuthPage`) * Replaces separate Login and Register pages with a single `AuthPage` component. * Supports explicit `mode` switching (`login` / `register`). * Fully controlled via props (no internal auth assumptions), making it reusable and host-driven. * Automatically returns to the previous view once authentication succeeds. ### 3. Centralized token & API handling * Removes ad-hoc token management from the blog app. * All API clients are now created via a shared Axios factory with: * Automatic `Authorization` header injection * Automatic token invalidation on `401` responses * Blog and Auth services now use the same, consistent client behavior. ### 4. Blog app refactor to consume auth package * Blog app now wraps itself with the shared `AuthProvider`. * Existing `AuthorProvider` is refactored to: * Treat the auth service as the source of truth for identity fields * Hydrate application-specific `Author` data (`/authors/me`) on auth state changes * Removes login/register/logout logic from the blog domain entirely. ### 5. Routing and view simplification * Removes legacy `login` and `register` views. * Introduces a single `auth` view with explicit mode handling. * Navigation logic updated to support `open_auth(mode)` semantics. ### 6. Type model alignment * `AuthorModel` now extends `AuthUser` instead of duplicating identity fields. * Eliminates inconsistencies between auth service responses and blog domain models. --- ## Why this change * Prevents auth logic duplication across applications. * Enforces a strict boundary between identity/auth and domain-specific user data. * Makes authentication portable, testable, and independently evolvable. * Simplifies future app onboarding to the same auth backend. --- ## Migration Notes * Consumers must wrap their app with `AuthProvider` from `@local/auth` and provide `authBaseUrl`. * Blog-level auth actions (`login`, `register`, `logout`) are no longer available and should not be referenced. * Routing now uses `auth` instead of `login` / `register`. --- ## Risk & Impact * Medium impact due to auth lifecycle changes. * No backend API changes required. * Token handling behavior is preserved but centralized. --- ## Follow-ups (out of scope) * Add refresh-token support in `@local/auth`. * Extract `AuthPage` styles into a themeable layer. * Introduce E2E auth flow tests.
aetos added 5 commits 2025-12-28 14:44:50 +00:00
refactor(auth): extract auth into shared package and unify auth flow 2c18c7258b 
- Introduce new @local/auth package with token store, axios helpers, auth client, and AuthPage UI
- Unify login/register into a single AuthPage with mode switching
- Centralize JWT handling via tokenStore and axios interceptors
- Remove direct localStorage token access from blog app
- Replace blog Login/Register views with single auth view
- Update router (View, VIEW_TREE, VIEW_URL) to support unified auth view
- Fix hook usage by lifting useAuth() to top-level and passing via props
- Refactor Blog view navigation to support auth mode routing
- Clean up ArticleProvider to rely on auth state, not tokens
- Align AuthProvider to delegate token management to auth package
- Remove legacy Login/Register components and props
- Normalize API client creation via shared createApiClient
- Improve type safety and state consistency across auth/article flows
AuthUser as model 5f6ae489fa
refactor(auth): separate auth and author responsibilities and centralize auth client creation bb9c411c92 
- Replace manual axios auth client with createApiClient in auth context
- Decouple domain author logic from auth provider
- Make AuthorModel extend AuthUser explicitly
- Route login/register/logout exclusively through auth package
- Derive application-level currentUser from auth identity
- Fix provider hierarchy and hook usage across Blog and Profile
- Align main.jsx to use base AuthProvider + AuthorProvider layering
cleanup 86101a1b1c
auto login after register 99c2477ae8
aetos changed title from auth-package to Auth Package Extraction And Auth Flow Refactor 2025-12-28 14:46:53 +00:00
aetos merged commit 226a6a651c into main 2025-12-28 14:47:38 +00:00
aetos deleted branch auth-package 2025-12-28 14:47:38 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
aetos
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: apps/blog#2
No description provided.
Delete Branch "auth-package"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?