stack
stack copied to clipboard
stack-auth
feat: add OTP/MFA page to auth flow
This replaces the use of prompt() with a redirect to a nicer OTP input page.
@willothy is attempting to deploy a commit to the Stack Team on Vercel.
A member of the Team first needs to authorize it.
![vercel[bot] avatar](https://avatars.githubusercontent.com/in/8329?v=4 "Published by a pub.dev verified publisher"){kind=small}
😱 Found 1 issue. Time to roll up your sleeves! 😱
🗒️ View all ignored comments in this repo
- The constraint 'TokenStoreType extends string' is too restrictive. It should likely be 'TokenStoreType extends string | object' to match the condition check in line 113 where TokenStoreType is checked against {}
- Return type mismatch - the interface declares useUsers() returning ServerUser[] but the Team interface that this extends declares useUsers() returning TeamUser[]
- There is a syntax error in the super constructor call due to the ellipsis operator used incorrectly. Objects aren't being merged correctly. This syntax usage can lead to runtime errors when trying to pass the merged object to 'super()'. Verify that the intended alterations to the object occur before or outside of the super() call if needed.
- Throwing an error when no active span is found is too aggressive. The log function should gracefully fallback to console.log or another logging mechanism when there's no active span, since not all execution contexts will have an active span. This makes the code less resilient and could break functionality in non-traced environments.
- Function sets backendContext with a new configuration but doesn't pass 'defaultProjectKeys'. Since defaultProjectKeys is required in the type definition and cannot be updated (throws error if tried to set), this will cause a type error.
- The schema is using array syntax for pick() which is incorrect for Yup schemas. The pick() method in Yup expects individual arguments, not an array. Should be changed to: emailConfigSchema.pick('type', 'host', 'port', 'username', 'sender_name', 'sender_email')
- Creating a refresh token with current timestamp as expiration means it expires immediately. Should set a future date for token expiration.
- The 'tools' object is initialized as an empty object, even though 'tools' is presumably expected to contain tool definitions. This could cause the server capabilities to lack necessary tool configurations, thus potentially impacting functionalities that depend on certain tool setups.
- 'STACK_SECRET_SERVER_KEY' is potentially being included in every request header without checking its existence again here. Although it's checked during initialization, this could lead to security issues as it's exposed in all communications where the header is logged or captured.
- When adding 'use client' directive at the beginning, it doesn't check if file.text already contains the 'use client' directive. This could lead to duplicate 'use client' directives if the file already has one.
![recurseml[bot] avatar](https://avatars.githubusercontent.com/in/1054195?v=4 "Published by a pub.dev verified publisher"){kind=small}
Some new issue(s) might be present. Please use the following link(s) to view them:
https://zeropath.com/app/issues/44b7bd4d-5bca-4e26-9b9b-555c289ce3b0
Reply to this PR with @zeropath-ai followed by a description of what change you want and we'll auto-submit a change to this PR to implement it.
![zeropath-ai[bot] avatar](https://avatars.githubusercontent.com/in/921241?v=4 "Published by a pub.dev verified publisher"){kind=small}
Some new issue(s) might be present. Please use the following link(s) to view them:
https://zeropath.com/app/issues/25126b92-fadf-4fa3-9d5e-19f7b00e8734
Reply to this PR with @zeropath-ai followed by a description of what change you want and we'll auto-submit a change to this PR to implement it.