From 2f64282306a7f8d869ca226b581d9c31aee14403 Mon Sep 17 00:00:00 2001 From: Wira Irawan Date: Fri, 29 May 2026 16:53:48 +0700 Subject: [PATCH] Update Codex handoff notes --- HANDOFF.md | 83 ++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 81 insertions(+), 2 deletions(-) diff --git a/HANDOFF.md b/HANDOFF.md index e4d75b8..da0f8c9 100644 --- a/HANDOFF.md +++ b/HANDOFF.md @@ -2,11 +2,11 @@ Project: `ina-trading-web` Current branch: `main` -Latest verified commit: `7e6446b` +Latest verified commit: `aa406f5` ## Summary -This codebase has recent updates around auth/onboarding, help/privacy pages, dashboard search, product creation/edit/review/detail, admin review/detail, stock/price editing, seller in-review listing, and backend request logging. +This codebase has recent updates around auth/onboarding, help/privacy pages, dashboard search, product creation/edit/review/detail, admin review/detail, stock/price editing, seller in-review listing, backend request logging, expired-session redirects, product keyword limits, and sanitized backend error display. The latest build was verified successfully with: @@ -14,6 +14,85 @@ The latest build was verified successfully with: npm run build ``` +Latest TypeScript verification after `aa406f5`: + +```bash +npx tsc --noEmit +``` + +## Latest Codex Changes After `aa406f5` + +### Backend URL + +Local `.env.local` now points to: + +```bash +NEXT_PUBLIC_API_URL=https://api.inatrading.co.id +``` + +The previous local value was `https://be.inatrading.co.id`. + +### Expired session / access denied handling + +Files: +- `src/components/auth-session-guard.tsx` +- `src/app/layout.tsx` + +Behavior: +- A global client guard wraps local `/api/*` fetch calls, excluding `/api/auth/*`. +- If a response is `401`, `403`, or contains auth-style error text such as: + - `access denied` + - `unauthorized` + - `session expired` + - `token expired` + - `invalid token` +- It clears `token` and `role` from `localStorage` and `sessionStorage`, then redirects to `/login`. + +### Product create keyword limit + +Files: +- `src/app/(dashboard)/products/new/details/page.tsx` +- `src/lib/product-draft.tsx` +- `src/lib/use-product-submit.ts` +- `src/lib/translations/id.ts` +- `src/lib/translations/en.ts` + +Behavior: +- Create-product search keywords are limited to 3. +- The keyword input and add button are disabled after 3 keywords. +- Existing saved wizard drafts are normalized to a maximum of 3 keywords when loaded from `sessionStorage`. +- Submit payload uses only the first 3 keywords as a backend guard. + +### Sanitized backend error display + +Files: +- `src/lib/error-message.ts` +- `src/lib/use-product-submit.ts` +- `src/components/upload-field.tsx` +- `src/app/(dashboard)/products/new/review/page.tsx` +- `src/app/(dashboard)/products/[productId]/edit/page.tsx` +- plus updated callers across dashboard, admin, settings, onboarding, upload, news, places, categories, and warehouse forms + +Behavior: +- Raw JSON request/response error logs are no longer shown to users. +- `Copy Error Log` UI was removed from create-product review and edit-product save errors. +- `getBackendErrorMessage()` extracts a user-safe message from: + - `responseDesc` + - `message` + - `error` + - `details` + - nested `data` +- JSON-looking strings are parsed for a useful message; if none is found, the UI falls back to the local generic error. +- Long text messages are capped to avoid large raw dumps in the UI. + +### Verification notes + +- `npx tsc --noEmit` passed after the latest changes. +- `npm run lint` still has pre-existing unrelated errors in: + - `src/app/(dashboard)/dashboard/page.tsx` + - `src/app/(dashboard)/layout.tsx` +- Local dev server was running at `http://localhost:3000`. + ## Current Local Changes After `7e6446b` These are the important local changes made after the last recorded commit. The latest local build was verified successfully with `npm run build`, and the production local server was restarted on `http://localhost:3000`.