Skip to content

mashlib: await xlogin ready before booting shell#7

Merged
melvincarvalho merged 2 commits into
gh-pagesfrom
feature/mashlib-await-xlogin
May 3, 2026
Merged

mashlib: await xlogin ready before booting shell#7
melvincarvalho merged 2 commits into
gh-pagesfrom
feature/mashlib-await-xlogin

Conversation

@melvincarvalho
Copy link
Copy Markdown
Contributor

@melvincarvalho melvincarvalho commented May 3, 2026

Closes #6.

Problem

On hard reload of an authenticated page, panes that need a WebID (e.g. sharing-pane) sometimes 401. xlogin is injected from mashlib.js and starts session restore async; if the shell boots before restore settles, panes capture an unrestored auth state.

Fix

Wait in mashlib.js (the consumer that already injects xlogin) for:

  1. The xlogin <script> to finish loading (load/error).
  2. window.xlogin.ready (Promise published in xlogin@0.0.9), if present.

Then import the shell.

This keeps losos/shell.js generic — the framework stays free of auth-library awareness. Older xlogin versions without .ready degrade gracefully (the second await is skipped).

Diff

mashlib.js only — 9 lines added across two hunks. No losos/ changes.

Test plan

  • Hard reload an authenticated pod page → sharing-pane shows ACL controls (no 401)
  • Anonymous page still loads (xlogin script error path resolves the promise)
  • Tab switching unaffected

@melvincarvalho
mashlib: await xlogin ready before booting shell (#6)
e3a3f48 
Hard-reload race: panes mounted before xlogin restored the session,
so authenticated requests (e.g. sharing-pane) 401'd on first paint.

Wait for the script to load and, when present, for window.xlogin.ready
before importing the shell. Keeps losos/shell.js generic (no auth-library
awareness in the framework).
@melvincarvalho melvincarvalho requested a review from Copilot May 3, 2026 07:08
Copilot AI reviewed May 3, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR addresses a hard-reload race where panes (e.g. sharing-pane) may issue unauthenticated requests (401s) because the LOSOS shell boots before xlogin finishes restoring session state.

Changes:

  • Add a xloginLoaded promise that resolves on the xlogin <script> load/error event.
  • Await xloginLoaded, then await window.xlogin.ready when available, before importing losos/shell.js.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread mashlib.js Outdated
Comment on lines +88 to +91
// Wait for xlogin script to load + finish session restore so panes
// don't capture an unrestored auth state and 401 on hard reload.
await xloginLoaded
if (window.xlogin && window.xlogin.ready) await window.xlogin.ready
Copy link
Copy Markdown
Contributor Author

@melvincarvalho melvincarvalho May 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Both branches are already covered, declining to add code:

  • xloginLoaded resolves on both load and error — blocked / 404 / CSP-rejected all fire error, so the await unblocks.
  • window.xlogin.ready is a Promise published by xlogin@0.0.9 with a try/finally resolver — it cannot reject. The version guard (if (window.xlogin && window.xlogin.ready)) covers older versions that lack it.

Keeping the patch at 9 lines.

@melvincarvalho melvincarvalho merged commit 1171bc1 into gh-pages May 3, 2026
@melvincarvalho melvincarvalho deleted the feature/mashlib-await-xlogin branch May 3, 2026 07:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Hard-reload race — sharing-pane 401s before xlogin restore settles

2 participants

@melvincarvalho