refactor: replace authClient with api.user.session.useQuery in multip…#3931
Merged
Siumauricio merged 3 commits intocanaryfrom Mar 8, 2026
Conversation
…le components for improved session management
dosubot
bot
added
size:M
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
Comment on lines
+101
to
103
| ? `https://github.com/organizations/${organizationName}/settings/apps/new?state=gh_init:${activeOrganization?.id}:${session?.user?.id ?? ""}` | ||
| : `https://github.com/settings/apps/new?state=gh_init:${activeOrganization?.id}:${session?.user?.id ?? ""}` | ||
| } |
Contributor
There was a problem hiding this comment.
Empty string userId when session is still loading
When api.user.session.useQuery() hasn't resolved yet, session is undefined, so session?.user?.id ?? "" evaluates to "". This embeds an empty string as the userId segment in the GitHub state parameter (e.g., gh_init:{orgId}:).
In setup.ts, the handler extracts const userId = rest[1] || (req.query.userId as string). When rest[1] is "" (falsy), it falls back to req.query.userId, which GitHub does not supply — resulting in a 400 Missing userId parameter error if the form is submitted before the session query resolves.
The submit button should be disabled until both the session and the active organization are available:
Suggested change
| ? `https://github.com/organizations/${organizationName}/settings/apps/new?state=gh_init:${activeOrganization?.id}:${session?.user?.id ?? ""}` | |
| : `https://github.com/settings/apps/new?state=gh_init:${activeOrganization?.id}:${session?.user?.id ?? ""}` | |
| } | |
| <Button | |
| disabled={(isOrganization && organizationName.length < 1) || !session?.user?.id || !activeOrganization?.id} | |
| type="submit" | |
| className="self-end" | |
| > | |
| Create GitHub App | |
| </Button> |
Siumauricio
deleted the
3928-foreign-key-constraint-violation-on-git_provider-during-github-setup-userid-is-empty---v0284
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
…le components for improved session management
What is this PR about?
Please describe in a short paragraph what this PR is about.
Checklist
Before submitting this PR, please make sure that:
canarybranch.Issues related (if applicable)
closes #3928
Screenshots (if applicable)
Greptile Summary
This PR refactors multiple components to replace
authClient.useSession()with a new tRPC endpointapi.user.session.useQuery()for session management, and fixes the GitHub App setup flow by embedding theuserIdin the OAuthstateparameter instead of relying on a separate query param.Key changes:
sessiontRPCprotectedProcedureinuser.tsthat returns onlyuser.idandsession.activeOrganizationIdauthClient.useSession()insearch-command.tsx,add-github-provider.tsx,show-users.tsx, andside.tsxadd-github-provider.tsxto encodeuserIdinside the GitHub state string (gh_init:{orgId}:{userId})setup.tsto parse the userId out of the state string with a backward-compatible fallbackIssues found:
authClientimport was removed fromshow-users.tsx, butauthClient.organization.removeMember()is still called in the Unlink User handler — this will throw aReferenceErrorat runtimeadd-github-provider.tsx, thesession?.user?.id ?? ""fallback can embed an empty string as the userId in the state URL when the session query hasn't resolved yet, causing a400 Missing userId parametererror insetup.tsif the form is submitted too earlyConfidence Score: 1/5
authClientimport fromshow-users.tsxwhile leavingauthClient.organization.removeMember()in use is a definite runtimeReferenceError. Any admin or owner who attempts to unlink a user from the organization will hit a crash. This is a functional regression that needs to be resolved before merging.authClientimport.Comments Outside Diff (1)
apps/dokploy/components/dashboard/settings/users/show-users.tsx, line 260-264 (link)authClientremoved but still referencedThe import
import { authClient } from "@/lib/auth-client"was removed from this file in this PR, butauthClient.organization.removeMember(...)is still called here. This will throw aReferenceError: authClient is not definedat runtime whenever a user is unlinked.The import needs to be restored, or the call needs to be migrated to an equivalent tRPC mutation.
To fix, restore the import:
Last reviewed commit: 2182129