From aa5a8fcb957c55a864c6cfc16d5afa8767f4be87 Mon Sep 17 00:00:00 2001 From: Christian Byrne Date: Sat, 25 Oct 2025 23:56:26 -0700 Subject: [PATCH] [backport rh-test] remove auth service worker (rh-test) (#6296) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## Summary - remove auth service worker bundle and registration code - drop config ignores referencing removed assets ## Testing - lint-staged (eslint, prettier) ┆Issue is synchronized with this [Notion page](https://www.notion.so/PR-6296-backport-rh-test-remove-auth-service-worker-rh-test-2986d73d36508118b8cdf1472577175f) by [Unito](https://www.unito.io) --- eslint.config.ts | 1 - knip.config.ts | 4 +- public/auth-sw.js | 163 -------------------- src/main.ts | 5 - src/platform/auth/serviceWorker/index.ts | 9 -- src/platform/auth/serviceWorker/register.ts | 57 ------- 6 files changed, 1 insertion(+), 238 deletions(-) delete mode 100644 public/auth-sw.js delete mode 100644 src/platform/auth/serviceWorker/index.ts delete mode 100644 src/platform/auth/serviceWorker/register.ts diff --git a/eslint.config.ts b/eslint.config.ts index b66674865..2a4d219a9 100644 --- a/eslint.config.ts +++ b/eslint.config.ts @@ -60,7 +60,6 @@ export default defineConfig([ '**/vite.config.*.timestamp*', '**/vitest.config.*.timestamp*', 'packages/registry-types/src/comfyRegistryTypes.ts', - 'public/auth-sw.js', 'src/extensions/core/*', 'src/scripts/*', 'src/types/generatedManagerTypes.ts', diff --git a/knip.config.ts b/knip.config.ts index 593007446..30fa9687e 100644 --- a/knip.config.ts +++ b/knip.config.ts @@ -44,9 +44,7 @@ const config: KnipConfig = { 'src/workbench/extensions/manager/types/generatedManagerTypes.ts', 'packages/registry-types/src/comfyRegistryTypes.ts', // Used by a custom node (that should move off of this) - 'src/scripts/ui/components/splitButton.ts', - // Service worker - registered at runtime via navigator.serviceWorker.register() - 'public/auth-sw.js' + 'src/scripts/ui/components/splitButton.ts' ], compilers: { // https://github.com/webpro-nl/knip/issues/1008#issuecomment-3207756199 diff --git a/public/auth-sw.js b/public/auth-sw.js deleted file mode 100644 index 3916efa2a..000000000 --- a/public/auth-sw.js +++ /dev/null @@ -1,163 +0,0 @@ -/** - * @fileoverview Authentication Service Worker - * Intercepts /api/view requests and adds Firebase authentication headers. - * Required for browser-native requests (img, video, audio) that cannot send custom headers. - */ - -/** - * @typedef {Object} AuthHeader - * @property {string} Authorization - Bearer token for authentication - */ - -/** - * @typedef {Object} CachedAuth - * @property {AuthHeader|null} header - * @property {number} expiresAt - Timestamp when cache expires - */ - -const CACHE_TTL_MS = 50 * 60 * 1000 // 50 minutes (Firebase tokens expire in 1 hour) - -/** @type {CachedAuth|null} */ -let authCache = null - -/** @type {Promise|null} */ -let authRequestInFlight = null - -self.addEventListener('message', (event) => { - if (event.data.type === 'INVALIDATE_AUTH_HEADER') { - authCache = null - authRequestInFlight = null - } -}) - -self.addEventListener('fetch', (event) => { - const url = new URL(event.request.url) - - if ( - !url.pathname.startsWith('/api/view') && - !url.pathname.startsWith('/api/viewvideo') - ) { - return - } - - event.respondWith( - (async () => { - try { - const authHeader = await getAuthHeader() - - if (!authHeader) { - return fetch(event.request) - } - - const headers = new Headers(event.request.headers) - for (const [key, value] of Object.entries(authHeader)) { - headers.set(key, value) - } - - const response = await fetch( - new Request(event.request.url, { - method: event.request.method, - headers: headers, - credentials: event.request.credentials, - cache: 'no-store', - redirect: 'manual', - referrer: event.request.referrer, - integrity: event.request.integrity - }) - ) - - // Handle redirects to GCS - if (response.status === 302 || response.status === 301) { - const location = response.headers.get('location') - if (location) { - return fetch(location, { - method: 'GET', - mode: 'no-cors' - }) - } - } - - if (response.type === 'opaqueredirect') { - return fetch(event.request) - } - - return response - } catch (error) { - console.error('[Auth SW] Request failed:', error) - return fetch(event.request) - } - })() - ) -}) - -/** - * Gets auth header from cache or requests from main thread - * @returns {Promise} - */ -async function getAuthHeader() { - // Return cached value if valid - if (authCache && authCache.expiresAt > Date.now()) { - return authCache.header - } - - // Clear expired cache - if (authCache) { - authCache = null - } - - // Deduplicate concurrent requests - if (authRequestInFlight) { - return authRequestInFlight - } - - authRequestInFlight = requestAuthHeaderFromMainThread() - const header = await authRequestInFlight - authRequestInFlight = null - - // Cache the result - if (header) { - authCache = { - header, - expiresAt: Date.now() + CACHE_TTL_MS - } - } - - return header -} - -/** - * Requests auth header from main thread via MessageChannel - * @returns {Promise} - */ -async function requestAuthHeaderFromMainThread() { - const clients = await self.clients.matchAll() - if (clients.length === 0) { - return null - } - - const messageChannel = new MessageChannel() - - return new Promise((resolve) => { - let timeoutId - - messageChannel.port1.onmessage = (event) => { - clearTimeout(timeoutId) - resolve(event.data.authHeader) - } - - timeoutId = setTimeout(() => { - console.error( - '[Auth SW] Timeout waiting for auth header from main thread' - ) - resolve(null) - }, 1000) - - clients[0].postMessage({ type: 'REQUEST_AUTH_HEADER' }, [ - messageChannel.port2 - ]) - }) -} - -self.addEventListener('activate', (event) => { - event.waitUntil(self.clients.claim()) -}) diff --git a/src/main.ts b/src/main.ts index 90e060bb8..75a0a548d 100644 --- a/src/main.ts +++ b/src/main.ts @@ -85,9 +85,4 @@ app modules: [VueFireAuth()] }) -// Register auth service worker after Pinia is initialized (cloud-only) -if (isCloud) { - void import('@/platform/auth/serviceWorker') -} - app.mount('#vue-app') diff --git a/src/platform/auth/serviceWorker/index.ts b/src/platform/auth/serviceWorker/index.ts deleted file mode 100644 index c83e238d5..000000000 --- a/src/platform/auth/serviceWorker/index.ts +++ /dev/null @@ -1,9 +0,0 @@ -import { isCloud } from '@/platform/distribution/types' - -/** - * Auth service worker registration (cloud-only). - * Tree-shaken for desktop/localhost builds via compile-time constant. - */ -if (isCloud) { - void import('./register') -} diff --git a/src/platform/auth/serviceWorker/register.ts b/src/platform/auth/serviceWorker/register.ts deleted file mode 100644 index eda954dba..000000000 --- a/src/platform/auth/serviceWorker/register.ts +++ /dev/null @@ -1,57 +0,0 @@ -import { watch } from 'vue' - -import { useCurrentUser } from '@/composables/auth/useCurrentUser' -import { useFirebaseAuthStore } from '@/stores/firebaseAuthStore' - -/** - * Registers the authentication service worker for cloud distribution. - * Intercepts /api/view requests to add auth headers for browser-native requests. - */ -async function registerAuthServiceWorker(): Promise { - if (!('serviceWorker' in navigator)) { - return - } - - try { - await navigator.serviceWorker.register('/auth-sw.js') - - setupAuthHeaderProvider() - setupCacheInvalidation() - } catch (error) { - console.error('[Auth SW] Registration failed:', error) - } -} - -/** - * Listens for auth header requests from the service worker - */ -function setupAuthHeaderProvider(): void { - navigator.serviceWorker.addEventListener('message', async (event) => { - if (event.data.type === 'REQUEST_AUTH_HEADER') { - const firebaseAuthStore = useFirebaseAuthStore() - const authHeader = await firebaseAuthStore.getAuthHeader() - - event.ports[0].postMessage({ - type: 'AUTH_HEADER_RESPONSE', - authHeader - }) - } - }) -} - -/** - * Invalidates cached auth header when user logs in/out - */ -function setupCacheInvalidation(): void { - const { isLoggedIn } = useCurrentUser() - - watch(isLoggedIn, (newValue, oldValue) => { - if (newValue !== oldValue) { - navigator.serviceWorker.controller?.postMessage({ - type: 'INVALIDATE_AUTH_HEADER' - }) - } - }) -} - -void registerAuthServiceWorker()