ciphera-net/pulse
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 15 Wiki Activity

[PULSE-60] Frontend hardening, UX polish, and security #35

Merged
uz1mani merged 41 commits from staging into main 2026-02-22 21:43:06 +00:00
Conversation 2 Commits 41 Files Changed 73 +1233 -229
44 changed files with 1233 additions and 229 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit ca805c9790 - Show all commits

1
CHANGELOG.md
View File

@@ -16,6 +16,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
- **Faster favicon loading.** Site icons in the dashboard, referrers, and campaigns now use Next.js image optimization for better caching and lazy loading.
- **Better page titles.** Browser tabs now show which site and page you're on (e.g. "Uptime · example.com | Pulse") instead of the same generic title everywhere.
- **Link previews for public dashboards.** Sharing a public dashboard link on social media now shows a proper preview with the site name and description.
- **Faster login redirects.** If you're not signed in and try to open a dashboard or settings page, you're redirected to login immediately instead of seeing a blank page first. Already-signed-in users who visit the login page are sent straight to the dashboard.
## [0.10.0-alpha] - 2026-02-21

65
middleware.ts Normal file
View File

@@ -0,0 +1,65 @@
import { NextResponse } from 'next/server'
import type { NextRequest } from 'next/server'
const PUBLIC_ROUTES = new Set([
'/login',
'/signup',
'/auth/callback',
'/pricing',
'/features',
'/about',
'/faq',
'/changelog',
'/installation',
])
const PUBLIC_PREFIXES = [
'/share/',
'/integrations',
'/docs',
]
function isPublicRoute(pathname: string): boolean {
if (PUBLIC_ROUTES.has(pathname)) return true
return PUBLIC_PREFIXES.some((prefix) => pathname.startsWith(prefix))
}
const AUTH_ONLY_ROUTES = new Set(['/login', '/signup'])
export function middleware(request: NextRequest) {
const { pathname } = request.nextUrl
const hasAccess = request.cookies.has('access_token')
const hasRefresh = request.cookies.has('refresh_token')
const hasSession = hasAccess || hasRefresh
// * Authenticated user hitting /login or /signup → send them home
if (hasSession && AUTH_ONLY_ROUTES.has(pathname)) {
return NextResponse.redirect(new URL('/', request.url))
}
// * Public route → allow through
if (isPublicRoute(pathname)) {
return NextResponse.next()
}
// * Protected route without a session → redirect to login
if (!hasSession) {
const loginUrl = new URL('/login', request.url)
return NextResponse.redirect(loginUrl)
}
greptile-apps[bot] commented 2026-02-22 21:47:11 +00:00 (Migrated from github.com)
Review
Copy Link

Redirect to login discards the original URL

When an unauthenticated user visits a protected route like /sites/123, they are redirected to /login with no return_to or similar query parameter. After they authenticate, they'll land on / instead of being returned to the page they originally intended to visit. Consider preserving the original URL:

  if (!hasSession) {
    const loginUrl = new URL('/login', request.url)
    loginUrl.searchParams.set('return_to', pathname)
    return NextResponse.redirect(loginUrl)
  }

This would require the login flow to read return_to and redirect accordingly after authentication.

Prompt To Fix With AI 
This is a comment left during a code review.
Path: middleware.ts
Line: 48-51

Comment:
**Redirect to login discards the original URL**

When an unauthenticated user visits a protected route like `/sites/123`, they are redirected to `/login` with no `return_to` or similar query parameter. After they authenticate, they'll land on `/` instead of being returned to the page they originally intended to visit. Consider preserving the original URL:

```suggestion
  if (!hasSession) {
    const loginUrl = new URL('/login', request.url)
    loginUrl.searchParams.set('return_to', pathname)
    return NextResponse.redirect(loginUrl)
  }
```

This would require the login flow to read `return_to` and redirect accordingly after authentication.

How can I resolve this? If you propose a fix, please make it concise.
**Redirect to login discards the original URL** When an unauthenticated user visits a protected route like `/sites/123`, they are redirected to `/login` with no `return_to` or similar query parameter. After they authenticate, they'll land on `/` instead of being returned to the page they originally intended to visit. Consider preserving the original URL: ```suggestion if (!hasSession) { const loginUrl = new URL('/login', request.url) loginUrl.searchParams.set('return_to', pathname) return NextResponse.redirect(loginUrl) } ``` This would require the login flow to read `return_to` and redirect accordingly after authentication. <details><summary>Prompt To Fix With AI</summary> `````markdown This is a comment left during a code review. Path: middleware.ts Line: 48-51 Comment: **Redirect to login discards the original URL** When an unauthenticated user visits a protected route like `/sites/123`, they are redirected to `/login` with no `return_to` or similar query parameter. After they authenticate, they'll land on `/` instead of being returned to the page they originally intended to visit. Consider preserving the original URL: ```suggestion if (!hasSession) { const loginUrl = new URL('/login', request.url) loginUrl.searchParams.set('return_to', pathname) return NextResponse.redirect(loginUrl) } ``` This would require the login flow to read `return_to` and redirect accordingly after authentication. How can I resolve this? If you propose a fix, please make it concise. ````` </details>
return NextResponse.next()
}
export const config = {
matcher: [
/*
* Match all routes except:
* - _next/static, _next/image (Next.js internals)
* - favicon.ico, manifest.json, icons, images (static assets)
* - api routes (handled by their own auth)
*/
'/((?!_next/static|_next/image|favicon\\.ico|manifest\\.json|.*\\.png$|.*\\.svg$|.*\\.ico$|api/).*)',
],
}