codeflash-admin/codeflash-internal
1
0
Fork 0
mirror of https://github.com/codeflash-ai/codeflash-internal.git synced 2026-05-04 18:25:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
codeflash-internal/js/cf-webapp/src/app/(dashboard)/layout.tsx
HeshamHM28 a805f4cfbf revert: rollback PR #2601 and dependent fixes to ec39cd51 
Reverts the following commits from main:
- d7a8b8f2 perf: fix CI build + lazy-load heavy libs + parallelize DB queries (#2601)
- 48b5e2b4 fix: make tree-sitter WASM build failure non-fatal when cache exists (#2602)
- c372b6bc Merge pull request #2603 from codeflash-ai/fix/deploy-build-common
- b656bb1d fix: cf-api deploy broken by pnpm workspace migration
- c1b0076c fix: align TypeScript versions to deduplicate @prisma/client in pnpm
- 09ed4d4b fix: use redirect instead of throw for auth failures during prerender
- 71127055 fix: redirect remaining auth throws that crash prerendering

PR #2601 introduced 18 bugs including 5 authorization bypass vulnerabilities:
- Cross-org data access via forged currentOrganizationId cookie
- Cross-repo/cross-org member role escalation and deletion (unscoped lookups)
- Missing replayTests/concolicTests in approval flow
- repository_id filter silently broken for personal accounts
- Tests mocking wrong Prisma method ($queryRawUnsafe vs $queryRaw)

The subsequent PRs (#2602, #2603, and follow-up commits) were dependent
fixes for issues caused by #2601 and are reverted together.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-13 18:59:11 +00:00

43 lines
1.7 KiB
TypeScript
Raw Blame History

import { auth0 } from "@/lib/auth0"
import { redirect } from "next/navigation"
import { ReactNode } from "react"
import { hasCompletedOnboarding } from "@codeflash-ai/common"
import Script from "next/script"
import { ViewModeProvider } from "../app/ViewModeContext"
import { PrivacyModeProvider } from "../app/PrivacyModeContext"
import { DashboardShell } from "@/components/dashboard-shell"
import { getDashboardInitData } from "../app/init-data-action"
export default async function DashboardLayout({ children }: { children: ReactNode }) {
const session = await auth0.getSession()
if (!session) return null
const [completedOnboarding, initData] = await Promise.all([
hasCompletedOnboarding(session.user.sub),
getDashboardInitData(session.user.sub),
])
if (!completedOnboarding) {
redirect("/onboarding")
}
return (
<ViewModeProvider user={session.user} initialOrganizations={initData.organizations}>
<PrivacyModeProvider
userId={session.user.sub}
initialPrivacyMode={initData.privacyMode}
initialCanUsePrivacyMode={initData.canUsePrivacyMode}
>
<DashboardShell user={session.user} initialSubscription={initData.subscription}>
<Script
id="crisp-chat-script"
strategy="afterInteractive"
dangerouslySetInnerHTML={{
__html: `window.$crisp=[];window.CRISP_WEBSITE_ID="3e855999-42a1-4543-accf-afc369edfca0";(function(){d=document;s=d.createElement("script");s.src="https://client.crisp.chat/l.js";s.async=1;d.getElementsByTagName("head")[0].appendChild(s);})();`,
}}
/>
{children}
</DashboardShell>
</PrivacyModeProvider>
</ViewModeProvider>
)
}
Reference in a new issue View git blame Copy permalink