-
-
Notifications
You must be signed in to change notification settings - Fork 1
fix: enhance error handling and user feedback in authentication flow #214
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,20 +1,19 @@ | ||
| <script lang="ts"> | ||
| // Components and style | ||
| import "../app.css"; | ||
| import Navbar from "$lib/components/layout/navbar.svelte"; | ||
| import { Toaster } from "svelte-sonner"; | ||
| import { toast, Toaster } from "svelte-sonner"; | ||
| import { SvelteKitTopLoader } from "sveltekit-top-loader"; | ||
| import ClientErrorReporter from "$lib/components/misc/clientErrorReporter.svelte"; | ||
| import ScrollToTop from "$lib/components/misc/scrollToTop.svelte"; | ||
| import BottomNav from "$lib/components/layout/bottomNav.svelte"; | ||
| import type { ResolvedMeta } from "$lib/types/meta.types"; | ||
| import type { ResolvedPathname } from "$app/types"; | ||
| import { page } from "$app/state"; | ||
| import { NuqsAdapter } from "nuqs-svelte/adapters/svelte-kit"; | ||
|
|
||
| let { data, children } = $props(); | ||
|
|
||
| // Keeping user fresh in the browser | ||
| import { invalidate } from "$app/navigation"; | ||
| import { goto, invalidate } from "$app/navigation"; | ||
| import { onMount } from "svelte"; | ||
|
|
||
| let { session, supabase, profile, isDevelopmentEnvironment } = $derived(data); | ||
|
|
@@ -24,6 +23,29 @@ | |
| invalidate("supabase:auth"); | ||
| } | ||
| }); | ||
|
|
||
| const toastError = page.url.searchParams.get("toast_error"); | ||
| const toastSuccess = page.url.searchParams.get("toast_success"); | ||
|
|
||
| const removeToastParam = (newUrl: URL) => | ||
| goto((newUrl.pathname + newUrl.search) as ResolvedPathname, { | ||
| replaceState: true, | ||
| keepFocus: true, | ||
| noScroll: true, | ||
| }); | ||
|
|
||
| if (toastError) { | ||
| toast.error(toastError); | ||
| const newUrl = new URL(page.url); | ||
| newUrl.searchParams.delete("toast_error"); | ||
| removeToastParam(newUrl); | ||
| } else if (toastSuccess) { | ||
| toast.success(toastSuccess); | ||
| const newUrl = new URL(page.url); | ||
| newUrl.searchParams.delete("toast_success"); | ||
| removeToastParam(newUrl); | ||
|
Comment on lines
+27
to
+46
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🔒 Security & Privacy | 🟠 Major | 🏗️ Heavy lift Don’t render raw toast text from query params. This now lets any crafted link inject arbitrary success/error copy into a trusted site toast. Please switch the URL contract to an allowlisted toast code (for example 🤖 Prompt for AI AgentsSource: Coding guidelines |
||
| } | ||
|
|
||
| return () => data.subscription.unsubscribe(); | ||
| }); | ||
|
|
||
|
|
@@ -142,7 +164,7 @@ | |
|
|
||
| <Banner /> | ||
|
|
||
| <Toaster /> | ||
| <Toaster richColors /> | ||
| <ClientErrorReporter /> | ||
|
|
||
| <div class="pb-16 md:pb-0"> | ||
|
|
||
Uh oh!
There was an error while loading. Please reload this page.