|
|
d09e50af55
|
Phase 3.7: paid pairing flow + returning chat + extension flip
- Backend: payment_sessions + pairing_failures tables; payment.service.js
and pairing-failure.service.js (new); rewritten pairing.service.js
(payment-gated blast + targeted "Curhat lagi" + cancel + fallback);
rewritten extension.service.js (data-driven auto-approve with offline
safeguard, charge-at-approval); pricing.service.js (extension tiers
without free trial); mitra-status.service.js (countAvailableMitras
cached path); 60s sweeper for stale payment sessions
- Backend routes: client.payment.routes, client.mitra-availability.routes,
internal/failed-pairings.routes; client.chat.routes rewritten for
payment-gated start + /returning + /cancel + /fallback-to-blast;
internal/config.routes adds 4 new keys with Valkey invalidate publish
- client_app: mitra-availability poll, payment screen + notifier, pairing
notifier rewrite (PairingTargetedWaiting + PairingFailed states),
targeted-waiting overlay + bestie-unavailable dialog, "Curhat lagi"
CTA, failed-pairing terminal, extension via payment-session
- mitra_app: PairingRequestType enum, returning-chat 20s countdown
auto-dismiss, extension card "otomatis disetujui" copy
- control_center: 4 new config rows in Settings, Failed Pairings page
(filter + paginate + action menu), sidebar + route registered
- Test infrastructure: Vitest backend (7/7 pass), Playwright CC (4/4
pass), Maestro mobile scaffold (CLI install pending)
- Bugs found via Playwright + fixed: LoginPage labels not associated
with inputs (a11y); backend internal CORS missing PATCH/PUT/DELETE
in allow-methods (silent settings breakage in browsers since Stage 4)
- Docs: phase3.7.md PRD, phase3.7-plan.md, phase3.7-questions.md (Q&A),
phase3.7-testing.md (E2E checklist), phase3.7-test-run-2026-05-03.md
(today's run results)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
2026-05-03 23:02:49 +08:00 |
|
|
|
4a796277b8
|
Phase 3.4: control_center self-managed auth cutover
Replaces Firebase Auth with the new JWT + httpOnly-cookie refresh flow.
Smoke-tested end-to-end via curl (login → /me → refresh rotation → logout).
- Remove firebase dep + firebase.js
- New token-bridge decouples api-client from AuthContext and de-dupes
concurrent 401 refreshes
- AuthContext: in-memory access token (useRef), bootstrap via
/internal/auth/refresh, login/logout/refresh methods
- api-client: withCredentials, Bearer attach, auto-retry once on 401
- LoginPage: handle INVALID_CREDENTIALS / ACCOUNT_LOCKED / VALIDATION_ERROR
- Layout: self-service "Ganti password" form
- UsersPage: initial password field on create + per-row admin-forced reset
- .env / .env.example: drop VITE_FIREBASE_* vars
- backend/CLAUDE.md + control_center/CLAUDE.md: describe new auth (were
stale on Firebase)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
2026-04-24 15:32:32 +08:00 |
|
|
|
a7a2a32d27
|
Phase 1 scaffold: auth for all apps
- Backend: Fastify with two listeners (public + internal), routes, services, DB migration + seed
- client_app: Flutter with BLoC, all auth screens (welcome, display name, register, OTP, force-register)
- mitra_app: Flutter with BLoC, OTP-only login
- control_center: React + Vite, email/password login, mitra/user management, anonymity settings
- Docs: phase1 plan, API contract, client app mockup
- CLAUDE.md and shared memory for all subprojects
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
2026-04-05 10:08:42 +08:00 |
|
