maximus/Simpl-Resultat
1
0
Fork 0
Code Issues 4 Pull requests Projects Releases 19 Packages Wiki Activity Actions

fix: remove handle_auth_callback from invoke_handler
All checks were successful
PR Check / rust (push) Successful in 17m12s
Details
PR Check / frontend (push) Successful in 2m12s
Details
PR Check / rust (pull_request) Successful in 16m56s
Details
PR Check / frontend (pull_request) Successful in 2m14s
Details

Browse source 
The auth callback is handled exclusively via the deep-link handler in
lib.rs — exposing it as a JS-invocable command is unnecessary attack
surface. The frontend listens for auth-callback-success/error events
instead.

Plaintext token storage documented as known limitation (see #66).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
le king fu 2026-04-10 15:35:10 -04:00
parent 60b995394e
commit e314bbe1e3
2 changed files with 0 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
src-tauri/src/lib.rs
View file

@ -157,7 +157,6 @@ pub fn run() {
commands::list_activated_machines,
commands::get_activation_status,
commands::start_oauth,
commands::handle_auth_callback,
commands::refresh_auth_token,
commands::get_account_info,
commands::check_subscription_status,

4
src/services/authService.ts
View file

@ -11,10 +11,6 @@ export async function startOAuth(): Promise<string> {
return invoke<string>("start_oauth");
}
export async function handleAuthCallback(code: string): Promise<AccountInfo> {
return invoke<AccountInfo>("handle_auth_callback", { code });
}
export async function refreshAuthToken(): Promise<AccountInfo> {
return invoke<AccountInfo>("refresh_auth_token");
}