stack

mirror of https://github.com/stack-auth/stack.git synced 2026-06-30 21:01:54 +08:00

History

Mantra 63d0eeefe9 fix(dashboard,backend): impersonation without logout + fix OAuth routing (#1617 ) ## Summary Two fixes: 1. Impersonation no longer requires logout — The generated JS snippet now clears all auth cookie variants (`hexclave-refresh-{pid}`, `stack-refresh-{pid}`, access tokens) and sets the token in the structured `hexclave-refresh-{pid}--default` format the SDK reads first. Previously the snippet only set the legacy cookie, which was ignored when a structured cookie already existed. 2. Fix OAuth + other deeply nested API routes returning 404 in dev — Moved the API 404 handler from file-based `api/[...notFoundPath]/route.ts` into the middleware (`proxy.tsx`). The catch-all at the `api/` level was shadowing dynamic routes 7+ segments deep (e.g. `auth/oauth/authorize/[provider_id]`) in Turbopack dev mode (Next.js 16.2.7). The middleware already has `routes` + `SmartRouter`, so it checks for a match before rewriting and returns the custom 404 directly when nothing matches. Link to Devin session: https://app.devin.ai/sessions/d9dcb2d203aa4a6ea36c8cdd2a4a42c2 Requested by: @mantrakp04 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * Documentation * Updated the user impersonation dialog to explicitly state that the pasted console snippet will replace your current session with the impersonated user’s session. * Refactor * Standardized the impersonation console snippet generation to use a shared token-based approach, including proper expiration handling. * Bug Fixes * Improved reliability of the impersonation flow by failing when the required refresh token is unavailable, preventing incomplete snippet generation. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Co-authored-by: mantra <mantra@stack-auth.com>		2026-06-18 17:13:06 -07:00
..
public	Add 6/12/26 changelog entry (#1589 )	2026-06-16 16:44:03 -07:00
scripts	Support local dashboard in remote SSH and GH Codespaces (#1538 )	2026-06-04 16:36:17 -07:00
src	fix(dashboard,backend): impersonation without logout + fix OAuth routing (#1617 )	2026-06-18 17:13:06 -07:00
.env	feat(hexclave): PR 2 — visible rebrand (Hexclave brand goes public) (#1481 )	2026-05-26 19:18:20 -07:00
.env.development	feat(hexclave): PR 1 — wire compatibility layer (invisible) (#1475 )	2026-05-23 17:24:55 -07:00
.eslintrc.cjs	Config sources (#1083 )	2026-01-21 18:08:35 -08:00
.gitignore	Support local dashboard in remote SSH and GH Codespaces (#1538 )	2026-06-04 16:36:17 -07:00
.npmrc	Split backend and dashboard (#83 )	2024-06-18 15:49:31 +02:00
components.json	Split backend and dashboard (#83 )	2024-06-18 15:49:31 +02:00
DESIGN-GUIDE.md	feat(hexclave): PR 3 — native @hexclave/* source rename + delete dual-publish wiring (#1482 )	2026-05-29 15:21:59 -07:00
instrumentation-client.ts	feat(hexclave): PR 3 — native @hexclave/* source rename + delete dual-publish wiring (#1482 )	2026-05-29 15:21:59 -07:00
LICENSE	Split backend and dashboard (#83 )	2024-06-18 15:49:31 +02:00
next.config.mjs	fix: disable source maps in RDE dashboard build (#1611 )	2026-06-16 16:29:15 -07:00
package.json	chore: update package versions	2026-06-17 20:31:22 +00:00
postcss.config.js	Split backend and dashboard (#83 )	2024-06-18 15:49:31 +02:00
tailwind.config.ts	feat(hexclave): PR 3 — native @hexclave/* source rename + delete dual-publish wiring (#1482 )	2026-05-29 15:21:59 -07:00
tsconfig.json	Support local dashboard in remote SSH and GH Codespaces (#1538 )	2026-06-04 16:36:17 -07:00
vitest.config.ts	In-source unit tests (#429 )	2025-02-14 11:47:52 -08:00