Skip to content

fix(manager): stop validating JWT against Strapi on every page load#653

Open
tataihono wants to merge 1 commit intomainfrom
worktree-agent-a5019f66
Open

fix(manager): stop validating JWT against Strapi on every page load#653
tataihono wants to merge 1 commit intomainfrom
worktree-agent-a5019f66

Conversation

@tataihono
Copy link
Copy Markdown
Contributor

@tataihono tataihono commented Apr 4, 2026

Summary

  • Removes the requireAuth() call from the dashboard layout that hit Strapi's /api/users/me on every page navigation
  • Transient Strapi failures (timeouts, Railway network blips) were causing users to get redirected to /login despite having a valid session
  • Auth is still enforced by middleware (cookie presence → redirect) and API routes (JWT validated against Strapi). The layout no longer makes network calls.
  • User display info (username, email) is now read from a manager-user cookie set at login time

Test plan

  • Log in to manager — verify both strapi-jwt and manager-user cookies are set
  • Navigate between dashboard pages — no Strapi calls in server logs, no unexpected logouts
  • Log out — verify both cookies are cleared
  • Access /dashboard without cookies — redirects to /login
  • API routes still return 401 for invalid/missing JWT

🤖 Generated with Claude Code

@tataihono @claude
fix(manager): stop validating JWT against Strapi on every page load
85ac8fe 
The dashboard layout called requireAuth() which hit Strapi's /api/users/me
on every navigation, causing spurious logouts during transient Strapi
failures. The middleware already guards cookie presence and API routes
validate JWTs independently.

Replace the Strapi round-trip with a local display-only cookie
(manager-user) set at login time, and delete require-auth.ts.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@railway-app
Copy link
Copy Markdown

railway-app Bot commented Apr 4, 2026
edited
Loading

🚅 Deployed to the forge-pr-653 environment in forge

Service Status Web Updated (UTC)
@forge/manager ✅ Success (View Logs) Apr 4, 2026 at 11:26 am
@forge/cms ✅ Success (View Logs) Apr 4, 2026 at 11:25 am
1 service not affected by this PR
  • @forge/web

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tataihono