Conversation
TODO Summary
No TODOs found! Last updated: 2026-03-24T22:17:53.452Z |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 1bfda3fce0
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| if (!storedToken && injectedIsAuthenticated && injectedUser) { | ||
| setToken('injected-session') | ||
| setUser(injectedUser) | ||
| persist(null, injectedUser) | ||
| return |
There was a problem hiding this comment.
When storedToken is missing but injected auth is present, this branch marks the client session authenticated and explicitly persists null for the token. In this codebase, the Axios interceptor only sends Authorization from localStorage (frontend-dev/src/lib/api.ts), while protected backend routes still depend on oauth2_scheme bearer tokens (src/fair_platform/backend/api/routers/auth.py#get_current_user). So in the reachable case of a valid access_token cookie but no localStorage token (e.g., storage cleared or cookie restored), the UI shows a logged-in state but all authenticated API calls fail with 401.
Useful? React with 👍 / 👎.
1 participant
This PR injects a tiny state script with user and platform data into the frontend so in many cases we don't have to fetch and show loaders for stuff llike current user, whether they are admin or whether email is enabled
i haven't tested this right