[backport rh-test] remove auth service worker (rh-test) (#6296)

## Summary
- remove auth service worker bundle and registration code
- drop config ignores referencing removed assets

## Testing
- lint-staged (eslint, prettier)

┆Issue is synchronized with this [Notion
page](https://www.notion.so/PR-6296-backport-rh-test-remove-auth-service-worker-rh-test-2986d73d36508118b8cdf1472577175f)
by [Unito](https://www.unito.io)

eslint.config.ts

@@ -60,7 +60,6 @@ export default defineConfig([
       '**/vite.config.*.timestamp*',
       '**/vitest.config.*.timestamp*',
       'packages/registry-types/src/comfyRegistryTypes.ts',
-      'public/auth-sw.js',
       'src/extensions/core/*',
       'src/scripts/*',
       'src/types/generatedManagerTypes.ts',

knip.config.ts

@@ -44,9 +44,7 @@ const config: KnipConfig = {
     'src/workbench/extensions/manager/types/generatedManagerTypes.ts',
     'packages/registry-types/src/comfyRegistryTypes.ts',
     // Used by a custom node (that should move off of this)
-    'src/scripts/ui/components/splitButton.ts',
-    // Service worker - registered at runtime via navigator.serviceWorker.register()
-    'public/auth-sw.js'
+    'src/scripts/ui/components/splitButton.ts'
   ],
   compilers: {
     // https://github.com/webpro-nl/knip/issues/1008#issuecomment-3207756199

public/auth-sw.js

@@ -1,163 +0,0 @@
-/**
- * @fileoverview Authentication Service Worker
- * Intercepts /api/view requests and adds Firebase authentication headers.
- * Required for browser-native requests (img, video, audio) that cannot send custom headers.
- */
-
-/**
- * @typedef {Object} AuthHeader
- * @property {string} Authorization - Bearer token for authentication
- */
-
-/**
- * @typedef {Object} CachedAuth
- * @property {AuthHeader|null} header
- * @property {number} expiresAt - Timestamp when cache expires
- */
-
-const CACHE_TTL_MS = 50 * 60 * 1000 // 50 minutes (Firebase tokens expire in 1 hour)
-
-/** @type {CachedAuth|null} */
-let authCache = null
-
-/** @type {Promise<AuthHeader|null>|null} */
-let authRequestInFlight = null
-
-self.addEventListener('message', (event) => {
-  if (event.data.type === 'INVALIDATE_AUTH_HEADER') {
-    authCache = null
-    authRequestInFlight = null
-  }
-})
-
-self.addEventListener('fetch', (event) => {
-  const url = new URL(event.request.url)
-
-  if (
-    !url.pathname.startsWith('/api/view') &&
-    !url.pathname.startsWith('/api/viewvideo')
-  ) {
-    return
-  }
-
-  event.respondWith(
-    (async () => {
-      try {
-        const authHeader = await getAuthHeader()
-
-        if (!authHeader) {
-          return fetch(event.request)
-        }
-
-        const headers = new Headers(event.request.headers)
-        for (const [key, value] of Object.entries(authHeader)) {
-          headers.set(key, value)
-        }
-
-        const response = await fetch(
-          new Request(event.request.url, {
-            method: event.request.method,
-            headers: headers,
-            credentials: event.request.credentials,
-            cache: 'no-store',
-            redirect: 'manual',
-            referrer: event.request.referrer,
-            integrity: event.request.integrity
-          })
-        )
-
-        // Handle redirects to GCS
-        if (response.status === 302 || response.status === 301) {
-          const location = response.headers.get('location')
-          if (location) {
-            return fetch(location, {
-              method: 'GET',
-              mode: 'no-cors'
-            })
-          }
-        }
-
-        if (response.type === 'opaqueredirect') {
-          return fetch(event.request)
-        }
-
-        return response
-      } catch (error) {
-        console.error('[Auth SW] Request failed:', error)
-        return fetch(event.request)
-      }
-    })()
-  )
-})
-
-/**
- * Gets auth header from cache or requests from main thread
- * @returns {Promise<AuthHeader|null>}
- */
-async function getAuthHeader() {
-  // Return cached value if valid
-  if (authCache && authCache.expiresAt > Date.now()) {
-    return authCache.header
-  }
-
-  // Clear expired cache
-  if (authCache) {
-    authCache = null
-  }
-
-  // Deduplicate concurrent requests
-  if (authRequestInFlight) {
-    return authRequestInFlight
-  }
-
-  authRequestInFlight = requestAuthHeaderFromMainThread()
-  const header = await authRequestInFlight
-  authRequestInFlight = null
-
-  // Cache the result
-  if (header) {
-    authCache = {
-      header,
-      expiresAt: Date.now() + CACHE_TTL_MS
-    }
-  }
-
-  return header
-}
-
-/**
- * Requests auth header from main thread via MessageChannel
- * @returns {Promise<AuthHeader|null>}
- */
-async function requestAuthHeaderFromMainThread() {
-  const clients = await self.clients.matchAll()
-  if (clients.length === 0) {
-    return null
-  }
-
-  const messageChannel = new MessageChannel()
-
-  return new Promise((resolve) => {
-    let timeoutId
-
-    messageChannel.port1.onmessage = (event) => {
-      clearTimeout(timeoutId)
-      resolve(event.data.authHeader)
-    }
-
-    timeoutId = setTimeout(() => {
-      console.error(
-        '[Auth SW] Timeout waiting for auth header from main thread'
-      )
-      resolve(null)
-    }, 1000)
-
-    clients[0].postMessage({ type: 'REQUEST_AUTH_HEADER' }, [
-      messageChannel.port2
-    ])
-  })
-}
-
-self.addEventListener('activate', (event) => {
-  event.waitUntil(self.clients.claim())
-})

src/main.ts

@@ -85,9 +85,4 @@ app
     modules: [VueFireAuth()]
   })
 
-// Register auth service worker after Pinia is initialized (cloud-only)
-if (isCloud) {
-  void import('@/platform/auth/serviceWorker')
-}
-
 app.mount('#vue-app')

src/platform/auth/serviceWorker/index.ts

@@ -1,9 +0,0 @@
-import { isCloud } from '@/platform/distribution/types'
-
-/**
- * Auth service worker registration (cloud-only).
- * Tree-shaken for desktop/localhost builds via compile-time constant.
- */
-if (isCloud) {
-  void import('./register')
-}

src/platform/auth/serviceWorker/register.ts

@@ -1,57 +0,0 @@
-import { watch } from 'vue'
-
-import { useCurrentUser } from '@/composables/auth/useCurrentUser'
-import { useFirebaseAuthStore } from '@/stores/firebaseAuthStore'
-
-/**
- * Registers the authentication service worker for cloud distribution.
- * Intercepts /api/view requests to add auth headers for browser-native requests.
- */
-async function registerAuthServiceWorker(): Promise<void> {
-  if (!('serviceWorker' in navigator)) {
-    return
-  }
-
-  try {
-    await navigator.serviceWorker.register('/auth-sw.js')
-
-    setupAuthHeaderProvider()
-    setupCacheInvalidation()
-  } catch (error) {
-    console.error('[Auth SW] Registration failed:', error)
-  }
-}
-
-/**
- * Listens for auth header requests from the service worker
- */
-function setupAuthHeaderProvider(): void {
-  navigator.serviceWorker.addEventListener('message', async (event) => {
-    if (event.data.type === 'REQUEST_AUTH_HEADER') {
-      const firebaseAuthStore = useFirebaseAuthStore()
-      const authHeader = await firebaseAuthStore.getAuthHeader()
-
-      event.ports[0].postMessage({
-        type: 'AUTH_HEADER_RESPONSE',
-        authHeader
-      })
-    }
-  })
-}
-
-/**
- * Invalidates cached auth header when user logs in/out
- */
-function setupCacheInvalidation(): void {
-  const { isLoggedIn } = useCurrentUser()
-
-  watch(isLoggedIn, (newValue, oldValue) => {
-    if (newValue !== oldValue) {
-      navigator.serviceWorker.controller?.postMessage({
-        type: 'INVALIDATE_AUTH_HEADER'
-      })
-    }
-  })
-}
-
-void registerAuthServiceWorker()