fix: delete web sessions on CLI logout; refactor onboarding/auth

Author: brandonkachen

web/src/app/api/auth/[...nextauth]/auth-options.ts

@@ -2,7 +2,10 @@ import { DrizzleAdapter } from '@auth/drizzle-adapter'
 import { processAndGrantCredit } from '@codebuff/billing'
 import { trackEvent } from '@codebuff/common/analytics'
 import { AnalyticsEvent } from '@codebuff/common/constants/analytics-events'
-import { DEFAULT_FREE_CREDITS_GRANT } from '@codebuff/common/old-constants'
+import {
+  DEFAULT_FREE_CREDITS_GRANT,
+  SESSION_MAX_AGE_SECONDS,
+} from '@codebuff/common/old-constants'
 import { getNextQuotaReset } from '@codebuff/common/util/dates'
 import { generateCompactId } from '@codebuff/common/util/string'
 import { loops } from '@codebuff/internal'
@@ -143,7 +146,7 @@ export const authOptions: NextAuthOptions = {
   ],
   session: {
     strategy: 'database',
-    maxAge: 30 * 24 * 60 * 60, // 30 days
+    maxAge: SESSION_MAX_AGE_SECONDS,
   },
   callbacks: {
     async session({ session, user }) {

web/src/app/api/auth/cli/code/route.ts

@@ -13,7 +13,8 @@ export async function POST(req: Request) {
     fingerprintId: z.string(),
     referralCode: z.string().optional(),
   })
-  const result = reqSchema.safeParse(await req.json())
+  const requestBody = await req.json()
+  const result = reqSchema.safeParse(requestBody)
   if (!result.success) {
     return NextResponse.json({ error: 'Invalid request body' }, { status: 400 })
   }

web/src/app/api/auth/cli/logout/__tests__/helpers.test.ts

@@ -0,0 +1,42 @@
+import { describe, expect, test } from 'bun:test'
+
+import { shouldUnclaim } from '../_helpers'
+
+describe('logout/_helpers', () => {
+  describe('shouldUnclaim', () => {
+    describe('when fingerprintMatchFound is true', () => {
+      test('returns true regardless of hash values', () => {
+        expect(shouldUnclaim(true, 'stored-hash', 'provided-hash')).toBe(true)
+        expect(shouldUnclaim(true, null, 'provided-hash')).toBe(true)
+        expect(shouldUnclaim(true, undefined, 'provided-hash')).toBe(true)
+        expect(shouldUnclaim(true, 'any-hash', 'different-hash')).toBe(true)
+      })
+    })
+
+    describe('when fingerprintMatchFound is false', () => {
+      test('returns true when stored hash matches provided hash', () => {
+        expect(shouldUnclaim(false, 'matching-hash', 'matching-hash')).toBe(true)
+      })
+
+      test('returns false when stored hash does not match provided hash', () => {
+        expect(shouldUnclaim(false, 'stored-hash', 'different-hash')).toBe(false)
+      })
+
+      test('returns false when stored hash is null', () => {
+        expect(shouldUnclaim(false, null, 'provided-hash')).toBe(false)
+      })
+
+      test('returns false when stored hash is undefined', () => {
+        expect(shouldUnclaim(false, undefined, 'provided-hash')).toBe(false)
+      })
+
+      test('returns false when stored hash is empty string but provided is not', () => {
+        expect(shouldUnclaim(false, '', 'provided-hash')).toBe(false)
+      })
+
+      test('returns true when both hashes are empty strings', () => {
+        expect(shouldUnclaim(false, '', '')).toBe(true)
+      })
+    })
+  })
+})