Unify the native shell and harden it:
- src/config.ts: single source for local host/port, preference keys, secure-storage
key, timeouts, and CSRF constants (dedupes LOCAL_URL etc. across App/LoadingScreen).
- src/api.ts: one HTTP client — credentials mode, AbortController timeouts, and error
normalization into user-facing messages (network/timeout/401/403/429/5xx), with typed
auth responses.
- Batch 10 CSRF fix: /api/auth/totp/challenge is not CSRF-exempt, so the native TOTP
step now fetches GET /api/auth/csrf-token and echoes it as x-csrf-token (mirrors the
web client); TOTP login no longer breaks for 2FA users.
- Error-handling / boot robustness: LoadingScreen gets a health-poll timeout and
surfaces main.js's {type:'serverError'} channel messages instead of spinning forever;
App.tsx bootstrap and the encryption-key fetch now .catch to a visible state; crypto.ts
reports secure-storage failures.
- Data safety: move the SQLite DB, backups, and tmp OUT of nodejs-project into the app's
filesDir (bt-data). nodejs-mobile re-copies nodejs-project on every app update, which was
silently wiping local-mode data. Verified on the emulator: create data -> bump versionCode
-> reinstall -> migrations skipped, no re-seed, data persists.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
|
||
|---|---|---|
| .. | ||
| prebuilds | ||
| main.js | ||
| package-lock.json | ||
| package.json | ||