Files
Momento/memento-mobile/lib/store.ts
Antigravity df2b9c2c7b
All checks were successful
CI / Lint, Unit Tests & Build (push) Successful in 5m21s
CI / Deploy production (on server) (push) Successful in 23s
fix(audit): mobile critique + sécurité mobile + verifyMobileToken async
Mobile fixes (CRITIQUE):
- theme.ts: C.surface + emerald/blue/amber/purple ajoutés (crash Révision fix)
- note/[id].tsx: édition préserve le HTML (titre seulement, contenu read-only)
  + message explicatif 'utilisez la version web'
- store.ts: logout appelle POST /api/mobile/auth/logout avant clearToken

Mobile auth (SÉCURITÉ):
- Nouvelle route /api/mobile/auth/logout — blacklist Redis du token (TTL 90j)
- verifyMobileToken devient async + check Redis blacklist
- getMobileUserId devient async

Note: Publication IA mode + templates déjà dans note-editor-toolbar.tsx (pas manquant)
Note: Structured Views Wizard déjà branché via StructuredViewsIntro (pas orphelin)
2026-07-05 16:30:01 +00:00

64 lines
1.6 KiB
TypeScript

import { create } from 'zustand'
import { apiFetch, setToken, clearToken, getToken } from '@/lib/api'
import { ENDPOINTS } from '@/lib/config'
interface User {
id: string
name: string | null
email: string
tier: string
}
interface AuthState {
user: User | null
loading: boolean
login: (email: string, password: string) => Promise<void>
loginWithToken: (token: string, user: User) => Promise<void>
logout: () => Promise<void>
restore: () => Promise<void>
}
export const useAuthStore = create<AuthState>((set) => ({
user: null,
loading: true,
login: async (email, password) => {
const res = await fetch(ENDPOINTS.login, {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ email, password }),
})
if (!res.ok) {
const data = await res.json().catch(() => ({}))
throw new Error(data.error || 'Identifiants invalides')
}
const { token, user } = await res.json()
await setToken(token)
set({ user })
},
loginWithToken: async (token, user) => {
await setToken(token)
set({ user })
},
logout: async () => {
try { await apiFetch(ENDPOINTS.logout, { method: 'POST' }) } catch {}
await clearToken()
set({ user: null })
},
restore: async () => {
try {
const token = await getToken()
if (!token) { set({ loading: false }); return }
const res = await apiFetch(ENDPOINTS.me)
if (!res.ok) { await clearToken(); set({ loading: false, user: null }); return }
const user = await res.json()
set({ user, loading: false })
} catch {
set({ loading: false, user: null })
}
},
}))