Skip to content

Session-based authentification #610

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 11 commits into
base: master
Choose a base branch
from
Open

Session-based authentification #610

wants to merge 11 commits into from

Conversation

MNassimM
Copy link
Collaborator

  • Kind: feature / refactor / BREAKING CHANGE

Description

This PR introduces Learn-OCaml v2.0 session-based authentication while preserving backward compatibility for existing CLI users:

  • adds a full set of “*_ssession endpoints on both the server and the client;
  • all token → session relationships are stored in a session.json file within the sync directory
  • keeps the original token endpoints, but marks them Upto v"2.0" so old (≤ 1.x) CLI clients continue to use them;
  • the front side now stores only sync-session in the local storage;
  • provides a one-shot migrate_from_legacy_token helper in the front-end that detects an old sync-token, logs in via the new /login route, stores the returned session, fetches the save file, then deletes the legacy sync-token – all with a small “connection preserved” alert.

Checklist

Note to maintainers

  • Read this wiki page.
  • Make sure the PR has a milestone.
  • Assign yourself before merging.
  • Either do a regular merge:
    • for PRs containing several commits following conventional-commits,
    • or for PRs containing 1 commit shared with a later PR (to preserve the SHA1)
  • Or do a squash-merge:
    • for PRs containing only 1 commit (not shared with a later PR),
    • or for PRs containing several commits that need not be kept in the history;
    • Update the commit message header with a conventional-commit type,
    • Add a footer Close #… if a related issue exists.

Nassim Mourabit added 11 commits March 31, 2025 10:31
feat(session): implement session type, generation, encoding and storage
695f326
feat(api/login): add endpoint Login to return session for token
154ed80
feat(index_main): use Login endpoint with permanent token
73555dd
refactor!(api,server): replace token with session in routes
c521bbe 
All endpoints previously requiring a token now expect a session.

BREAKING CHANGE: Endpoints and clients using token-based authentication must be updated to use session-based authentication.
refactor(app): replace token with session in API calls and local_storage
87caf94 
All API calls and local_storage interactions in the app/ folder now use session for authentication instead of token.
feat(session): add Cryptokit‑based session generation and parsing
c966a83
feat(api): implement Get_token endpoint
3c4e48a 
Add a new  API route that returns the token associated with a given session, enabling clients to retrieve their token server-side without storing it in the frontend.
feat!(api): change Create_teacher_token to accept session instead of …
34ccbac 
…token
refactor(client): remove deprecated from local storage and front-end
2bcc8c7
feat(api): add v2.0 session-based “_s” endpoints (token routes kept f…
6c4996e 
…or CLI)

Update supported_versions so:
 - legacy token routes are valid Upto v2.0
 - new session routes are valid Since v2.0

Clients ≥ 2.0 negotiate the new API; CLI clients continue to work.

Front-end now uses only the “_s” routes.
feat(ui): auto-migrate legacy to v2 session auth
793ebc8
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@MNassimM