From 7fc1107304ac0f3b208c354b3783d497021f9eda Mon Sep 17 00:00:00 2001 From: Konstantin Wohlwend Date: Fri, 13 Feb 2026 18:34:23 -0800 Subject: [PATCH] Update AGENTS.md --- AGENTS.md | 1 + packages/stack-shared/src/sessions.ts | 30 --------------------------- 2 files changed, 1 insertion(+), 30 deletions(-) diff --git a/AGENTS.md b/AGENTS.md index dbcd21042..e102ab9df 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -99,6 +99,7 @@ To see all development ports, refer to the index.html of `apps/dev-launchpad/pub - Do NOT use `as`/`any`/type casts or anything else like that to bypass the type system unless you specifically asked the user about it. Most of the time a place where you would use type casts is not one where you actually need them. Avoid wherever possible. - When writing database migration files, assume that we have >1,000,000 rows in every table (unless otherwise specified). This means you may have to use CONDITIONALLY_REPEAT_MIGRATION_SENTINEL to avoid running the migration and things like concurrent index builds; see the existing migrations for examples. - **When building frontend code, always carefully deal with loading and error states.** Be very explicit with these; some components make this easy, eg. the button onClick already takes an async callback for loading state, but make sure this is done everywhere, and make sure errors are NEVER just silently swallowed. +- Unless very clearly equivalent from types, prefer explicit null/undefinedness checks over boolean checks, eg. `foo == null` instead of `!foo`. ### Code-related - Use ES6 maps instead of records wherever you can. diff --git a/packages/stack-shared/src/sessions.ts b/packages/stack-shared/src/sessions.ts index dd235c3fe..0793d684f 100644 --- a/packages/stack-shared/src/sessions.ts +++ b/packages/stack-shared/src/sessions.ts @@ -309,33 +309,3 @@ export class InternalSession { this._refreshPromise = refreshPromise; } } - -import.meta.vitest?.test("getOrFetchLikelyValidTokens throws when freshly fetched token is already expired", async ({ expect }) => { - const nowSeconds = Math.floor(Date.now() / 1000); - const token = await new jose.SignJWT({ - sub: "test-user-id", - iat: nowSeconds - 60 * 60, - exp: nowSeconds - 30 * 60, - iss: "https://issuer.example", - aud: "project-id", - project_id: "project-id", - branch_id: "main", - refresh_token_id: "refresh-token-id", - role: "authenticated", - name: "Test User", - email: "test@example.com", - email_verified: true, - selected_team_id: null, - is_anonymous: false, - is_restricted: false, - restricted_reason: null, - }).setProtectedHeader({ alg: "HS256" }).sign(new TextEncoder().encode("secret")); - - const session = new InternalSession({ - refreshAccessTokenCallback: async () => AccessToken.createIfValid(token), - refreshToken: "refresh-token", - accessToken: null, - }); - - await expect(session.getOrFetchLikelyValidTokens(20_000, 75_000)).rejects.toThrow(StackAssertionError); -});