Clean up QA nits from frontend session auth PR #200 #201

New issue

Open

opened 2026-03-30 21:40:26 +00:00 by forgejo_admin · 0 comments

forgejo_admin commented

2026-03-30 21:40:26 +00:00

Contributor

Type

Feature

Lineage

Discovered scope from QA review of westside-landing PR #200 (2026-03-30).

Repo

forgejo_admin/westside-landing

User Story

As a developer
I want the jersey/checkout session auth code to use consistent patterns
So that the codebase stays DRY and maintainable

Context

QA review of PR #200 (frontend session auth) flagged 4 non-blocking nits that were approved but deferred.

File Targets

Files the agent should modify:

src/routes/(app)/jersey/+page.svelte -- (1) Use apiFetch instead of manual Bearer construction, (2) Reuse sessionFetchOpts() helper in handleSelect(), (3) Short-circuit on null getToken() before fetch, (4) URI-encode player_id
src/routes/(app)/checkout/+page.svelte -- Same 4 patterns

Files the agent should NOT touch:

src/lib/api.js -- existing apiFetch utility, don't modify
src/lib/keycloak.js -- auth client, don't modify

Acceptance Criteria

Both pages use apiFetch for authenticated API calls instead of manual Bearer headers
sessionFetchOpts() helper is used consistently in all fetch calls within each page
Null token guard prevents fetch without auth
player_id is URI-encoded in query strings

Test Expectations

Manual test: jersey page works with both token and session auth
Manual test: checkout page works with both token and session auth
Run command: npm run build passes

Constraints

Must not break existing token-based email link flow
Follow existing apiFetch pattern used in 12 other pages

Checklist

PR opened
Tests pass
No unrelated changes

project-westside-basketball
westside-landing PR #200 -- source of these nits

### Type Feature ### Lineage Discovered scope from QA review of westside-landing PR #200 (2026-03-30). ### Repo `forgejo_admin/westside-landing` ### User Story As a developer I want the jersey/checkout session auth code to use consistent patterns So that the codebase stays DRY and maintainable ### Context QA review of PR #200 (frontend session auth) flagged 4 non-blocking nits that were approved but deferred. ### File Targets Files the agent should modify: - `src/routes/(app)/jersey/+page.svelte` -- (1) Use `apiFetch` instead of manual Bearer construction, (2) Reuse `sessionFetchOpts()` helper in `handleSelect()`, (3) Short-circuit on null `getToken()` before fetch, (4) URI-encode `player_id` - `src/routes/(app)/checkout/+page.svelte` -- Same 4 patterns Files the agent should NOT touch: - `src/lib/api.js` -- existing apiFetch utility, don't modify - `src/lib/keycloak.js` -- auth client, don't modify ### Acceptance Criteria - [ ] Both pages use `apiFetch` for authenticated API calls instead of manual Bearer headers - [ ] `sessionFetchOpts()` helper is used consistently in all fetch calls within each page - [ ] Null token guard prevents fetch without auth - [ ] `player_id` is URI-encoded in query strings ### Test Expectations - [ ] Manual test: jersey page works with both token and session auth - [ ] Manual test: checkout page works with both token and session auth - Run command: `npm run build` passes ### Constraints - Must not break existing token-based email link flow - Follow existing `apiFetch` pattern used in 12 other pages ### Checklist - [ ] PR opened - [ ] Tests pass - [ ] No unrelated changes ### Related - `project-westside-basketball` - westside-landing PR #200 -- source of these nits