Upgrade @objectstack to 2.0.4, add local dev server for auth testing#36
Upgrade @objectstack to 2.0.4, add local dev server for auth testing#36
Conversation
- Upgrade @objectstack/client and @objectstack/client-react from ^2.0.1 to ^2.0.4 - Add server-side devDependencies: @objectstack/core, plugin-hono-server, plugin-auth, objectql, driver-memory, tsx - Create server/dev.ts following the authentication guide - Create server/test-auth.ts for auth flow smoke testing - Add server:dev and server:test npm scripts Co-authored-by: hotlong <50353452+hotlong@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Upgrades the mobile app’s ObjectStack SDK dependencies and adds a lightweight local ObjectStack dev server + auth smoke test to validate the authentication flow during development.
Changes:
- Bumped
@objectstack/clientand@objectstack/client-reactto^2.0.4. - Added a local ObjectStack dev server (
server/dev.ts) using in-memory storage + auth plugin. - Added an auth smoke-test script (
server/test-auth.ts) and correspondingpnpmscripts.
Reviewed changes
Copilot reviewed 3 out of 4 changed files in this pull request and generated 5 comments.
| File | Description |
|---|---|
| server/dev.ts | New local ObjectStack dev server bootstrapping kernel + Hono server + auth plugin. |
| server/test-auth.ts | New auth flow smoke test (register → logout → login → session). |
| package.json | Adds server:dev / server:test scripts and devDependencies for the local server. |
| pnpm-lock.yaml | Lockfile updates for ObjectStack upgrades and new server-related dependencies (incl. tsx). |
Files not reviewed (1)
- pnpm-lock.yaml: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| const reg = await client.auth.register({ | ||
| email: "test@example.com", | ||
| password: "SecurePassword123!", | ||
| name: "Test User", | ||
| }); | ||
|
|
||
| if (reg.data?.user) { | ||
| console.log(" ✅ Registered:", reg.data.user.email); | ||
| } | ||
|
|
||
| // 2. Logout | ||
| console.log("🚪 Logging out…"); | ||
| await client.auth.logout(); | ||
| console.log(" ✅ Logged out"); | ||
|
|
||
| // 3. Login | ||
| console.log("🔐 Logging in…"); | ||
| const login = await client.auth.login({ | ||
| type: "email", | ||
| email: "test@example.com", | ||
| password: "SecurePassword123!", | ||
| }); | ||
|
|
||
| if (login.data?.user) { | ||
| console.log(" ✅ Logged in:", login.data.user.email); | ||
| } | ||
|
|
||
| // 4. Session | ||
| console.log("👤 Getting session…"); | ||
| const session = await client.auth.me(); | ||
|
|
||
| if (session.data?.user) { | ||
| console.log(" ✅ Session user:", session.data.user.email); | ||
| } | ||
|
|
||
| console.log("\n✨ All authentication tests passed!\n"); | ||
| } |
There was a problem hiding this comment.
testAuthFlow() always prints "All authentication tests passed" even if reg/login/session don't contain a user (the if blocks only log on success but never fail on missing data). Consider asserting expected success (e.g., throw when the response indicates an error or when data.user is missing) so this smoke test can't silently pass on partial failures.
| const reg = await client.auth.register({ | ||
| email: "test@example.com", | ||
| password: "SecurePassword123!", | ||
| name: "Test User", | ||
| }); |
There was a problem hiding this comment.
This smoke test uses a fixed email/password (test@example.com). Running it multiple times against the same long-lived dev server can become stateful/non-deterministic (e.g., the account may already exist, or multiple accounts could be created depending on server behavior). Consider generating a unique email per run (timestamp/UUID) or adding a cleanup step so repeated runs are reliable.
| } | ||
|
|
||
| testAuthFlow().catch((err) => { | ||
| console.error("\n❌ Auth test failed:", err.message); |
There was a problem hiding this comment.
The catch handler assumes err is an Error (err.message). If a non-Error value is thrown/rejected, this will log undefined and lose useful debugging info. Consider logging err directly (or normalizing to an Error) before accessing .message.
| console.error("\n❌ Auth test failed:", err.message); | |
| const message = err instanceof Error ? err.message : String(err); | |
| console.error("\n❌ Auth test failed:", message); |
| new AuthPlugin({ | ||
| secret: AUTH_SECRET, | ||
| baseUrl: `http://localhost:${PORT}`, | ||
| }) | ||
| ); |
There was a problem hiding this comment.
AuthPlugin is configured with baseUrl: http://localhost:${PORT}. If the server is accessed via a different hostname/IP (e.g., device on LAN, 127.0.0.1 vs localhost, reverse proxy), auth cookie/session behavior can break due to baseUrl mismatch. Consider deriving baseUrl from an env var (e.g., BASE_URL) with a localhost default, and log the effective baseUrl on startup.
| process.on("SIGINT", async () => { | ||
| console.log("\n🛑 Shutting down…"); | ||
| await kernel.shutdown(); | ||
| process.exit(0); | ||
| }); |
There was a problem hiding this comment.
The SIGINT handler is async and awaits kernel.shutdown(), but any shutdown error will become an unhandled rejection (and process.exit(0) will still run if an exception isn't caught). Consider wrapping the shutdown in try/catch, setting a non-zero exit code on failure, and ensuring shutdown is only invoked once.
Upgrade all
@objectstackpackages to latest and scaffold a local ObjectStack server with authentication, per the protocol authentication guide.Package upgrades
@objectstack/client,@objectstack/client-react:^2.0.1→^2.0.4Server test environment
New devDependencies for running a local ObjectStack server with in-memory storage:
@objectstack/core,plugin-hono-server,plugin-auth,objectql,driver-memory,tsxserver/dev.ts— BootsObjectKernel+HonoServerPlugin+AuthPluginon port 3000 withInMemoryDriver(zero external deps)server/test-auth.ts— Smoke test: register → logout → login → session viaObjectStackClientWarning
Firewall rules blocked me from connecting to one or more addresses (expand for details)
I tried to connect to the following addresses, but was blocked by firewall rules:
protocol.objectstack.ai/home/REDACTED/work/_temp/ghcca-node/node/bin/node /home/REDACTED/work/_temp/ghcca-node/node/bin/node --enable-source-maps /home/REDACTED/work/_temp/copilot-developer-action-main/dist/index.js(dns block)If you need me to access, download, or install something from one of these locations, you can either:
✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.