Multi-Hoster-Upload

Administrator/Multi-Hoster-Upload

Fork 0

Commit Graph

Author	SHA1	Message	Date
Administrator	e26b7ea8ed	fix(accounts): never persist unverified creds + dedupe-proof modal + label + perf User reported three coupled bugs in account add/edit: (1) Invalid logins still create the account (2) Doodstream gets created multiple times when "Prüfen & Anlegen" is double-clicked or repeatedly OTP-retried (3) Add/Delete in the accounts panel feel laggy Plus a UX/feature request: account label + two-step "Prüfen → Anlegen" flow. Map (workflow wf44zpud4, 3 parallel subagents + adversarial verify) confirmed: - saveAccount() persisted to disk BEFORE the health check (lines 3407-3409) - saveBtn.disabled was set AFTER two awaited IPC roundtrips → 5-100ms race window - OTP-retry path generated a new accountId on every click (editingAccountId stayed null in ADD mode) → DETERMINISTIC duplication on every OTP attempt - runHealthCheck IPC required the account to be already persisted → that's why the old code wrote-first-check-second Fix architecture (advisor: Option A — make the invariant real, not cleanup-based): - main.js + preload.js: NEW `validate-credentials` IPC. Accepts ephemeral {hoster, authType, username, password, apiKey, otp} payload, builds an ephemeral hosterConfig, runs the same per-hoster checker via a shared _dispatchHealthCheck helper. Nothing touches config.hosters. - renderer: two-step modal state machine. - "Prüfen" click → validateCredentials (ephemeral) → green flips button to "Anlegen"/"Speichern" AND caches a snapshot of the validated creds. - "Anlegen"/"Speichern" click → only fires if cached snapshot matches the currently-typed credential-identity (username+password or apiKey; label and OTP are not part of the snapshot key). - Input listeners on the identity fields drop the snapshot the moment any cred is edited post-green → user can't sneak unverified creds through. - _accountModalBusy is set SYNCHRONOUSLY at the top of the click handler, before any await, so a double-click is a no-op. - _accountModalSession token bumps on every modal reset → a stale late response from a closed-and-reopened modal can't stomp the new session's busy flag or UI (lens-2 review fix). - Edit mode flows through the same path → bad edits never reach disk before being validated (fixes the silent good-creds clobber). - closeAccountModal cancels the auto-close timer + clears modal state so a stale 600 ms timer can't close a freshly-reopened modal. - Label field (new): persisted on the account, shown in the card subtitle as "Label: XYZ • API: ABC… — API Key gültig" so identical-looking API accounts are disambiguable. Excluded from snapshot key on purpose — label is metadata. - Perf: drop the redundant `await getConfig()` round-trip in commit+delete (in-memory state was already the source of truth and the old reload was the main lag source). deleteAccount fires-and-forgets the saveConfig and closes the modal synchronously. Commit path uses updateAccountCard for the single-card edit case instead of a 4-panel cascade. Multi-lens review (workflow wyoc3iq4k, 3 reviewers): OTP-correctness SHIP, race-guard SHIP-WITH-FIXES (session-id token + busy-inside-try applied), edit-mode+label SHIP. No blockers. Tests: 6 new regression tests (tests/validate-credentials.test.js) covering the three reported bugs as executable spec: (a) failed validation persists nothing to config.hosters (b) second click with guard set persists exactly one entry (c) OTP-required persists nothing; OTP retry re-validates ephemerally plus snapshot-key identity, post-validation edit invalidation, and the ephemeral hosterConfig shape contract. 210/210 green, lint clean. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-07 03:11:13 +02:00

Author

SHA1

Message

Date

Administrator

e26b7ea8ed

fix(accounts): never persist unverified creds + dedupe-proof modal + label + perf

User reported three coupled bugs in account add/edit:
  (1) Invalid logins still create the account
  (2) Doodstream gets created multiple times when "Prüfen & Anlegen" is
      double-clicked or repeatedly OTP-retried
  (3) Add/Delete in the accounts panel feel laggy
Plus a UX/feature request: account label + two-step "Prüfen → Anlegen" flow.

Map (workflow wf44zpud4, 3 parallel subagents + adversarial verify) confirmed:
- saveAccount() persisted to disk BEFORE the health check (lines 3407-3409)
- saveBtn.disabled was set AFTER two awaited IPC roundtrips → 5-100ms race window
- OTP-retry path generated a new accountId on every click (editingAccountId
  stayed null in ADD mode) → DETERMINISTIC duplication on every OTP attempt
- runHealthCheck IPC required the account to be already persisted → that's
  why the old code wrote-first-check-second

Fix architecture (advisor: Option A — make the invariant real, not cleanup-based):
- main.js + preload.js: NEW `validate-credentials` IPC. Accepts ephemeral
  {hoster, authType, username, password, apiKey, otp} payload, builds an
  ephemeral hosterConfig, runs the same per-hoster checker via a shared
  _dispatchHealthCheck helper. Nothing touches config.hosters.
- renderer: two-step modal state machine.
    - "Prüfen" click → validateCredentials (ephemeral) → green flips button to
      "Anlegen"/"Speichern" AND caches a snapshot of the validated creds.
    - "Anlegen"/"Speichern" click → only fires if cached snapshot matches the
      currently-typed credential-identity (username+password or apiKey;
      label and OTP are not part of the snapshot key).
    - Input listeners on the identity fields drop the snapshot the moment any
      cred is edited post-green → user can't sneak unverified creds through.
    - _accountModalBusy is set SYNCHRONOUSLY at the top of the click handler,
      before any await, so a double-click is a no-op.
    - _accountModalSession token bumps on every modal reset → a stale late
      response from a closed-and-reopened modal can't stomp the new session's
      busy flag or UI (lens-2 review fix).
    - Edit mode flows through the same path → bad edits never reach disk
      before being validated (fixes the silent good-creds clobber).
    - closeAccountModal cancels the auto-close timer + clears modal state so
      a stale 600 ms timer can't close a freshly-reopened modal.
- Label field (new): persisted on the account, shown in the card subtitle as
  "Label: XYZ • API: ABC… — API Key gültig" so identical-looking API accounts
  are disambiguable. Excluded from snapshot key on purpose — label is metadata.
- Perf: drop the redundant `await getConfig()` round-trip in commit+delete
  (in-memory state was already the source of truth and the old reload was the
  main lag source). deleteAccount fires-and-forgets the saveConfig and closes
  the modal synchronously. Commit path uses updateAccountCard for the
  single-card edit case instead of a 4-panel cascade.

Multi-lens review (workflow wyoc3iq4k, 3 reviewers): OTP-correctness SHIP,
race-guard SHIP-WITH-FIXES (session-id token + busy-inside-try applied),
edit-mode+label SHIP. No blockers.

Tests: 6 new regression tests (tests/validate-credentials.test.js) covering
the three reported bugs as executable spec:
  (a) failed validation persists nothing to config.hosters
  (b) second click with guard set persists exactly one entry
  (c) OTP-required persists nothing; OTP retry re-validates ephemerally
plus snapshot-key identity, post-validation edit invalidation, and the
ephemeral hosterConfig shape contract. 210/210 green, lint clean.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-06-07 03:11:13 +02:00

1 Commits