Skip to content

feat(org2cloud): open cloud sign-in and billing in the system browser#401

Merged
Neonforge98 merged 5 commits into
developfrom
feat/org2cloud-login-system-browser
Jul 16, 2026
Merged

feat(org2cloud): open cloud sign-in and billing in the system browser#401
Neonforge98 merged 5 commits into
developfrom
feat/org2cloud-login-system-browser

Conversation

@Neonforge98

@Neonforge98 Neonforge98 commented Jul 16, 2026

Copy link
Copy Markdown
Collaborator

What

ORG2 Cloud sign-in and billing now open in the system browser instead of in-app WebviewWindow popups. With both gone, nothing opens in-app cloud webviews anymore and the whole org2_cloud.rs module is deleted.

Sign-in (commit 1)

  • handleSignIn calls openUrl(buildOrg2CloudLoginUrl()) (@tauri-apps/plugin-opener) instead of invoking the org2_cloud_open_login Tauri command.
  • The login page redirects to orgii://auth/callback#…; the OS delivers it via the deep-link plugin and useDeepLinkHandler completes sign-in at the always-mounted app root — the same path that previously existed as the external-browser fallback.

Billing (commit 2)

  • useOpenCloudBilling calls openUrl(buildCloudBillingLoginUrl()). The URL was already the token-free web login (/login?return_to=/billing) — the browser session's cookie/refresh lifecycle stays independent from the desktop session, so nothing sensitive rides in the URL.
  • After Stripe confirms the plan, the billing success page navigates to orgii://billing/complete (the cloud web app already supported the plain-browser case). useDeepLinkHandler now catches that deep link and re-emits it as the existing org2-cloud-billing-complete event, so CloudOrgPanelView's entitlement refresh keeps working unchanged. The url is deliberately never dedup-marked — a second checkout fires the identical url. New pure matcher billingComplete.ts + unit tests.

Deleted

  • src-tauri/src/org2_cloud.rs (both commands, open_cloud_web_window, both navigation interceptions) + handler registrations.
  • The now-emitterless org2-cloud-auth-callback frontend listener in useDeepLinkHandler.

Net: −134 lines.

Verification (macOS, computer-use, end-to-end)

Sign-in:

  • ✅ Sign-in opens the official login page in Chrome — no in-app popup.
  • ✅ GitHub OAuth returns via orgii://auth/callback.
  • ✅ Both cold-start (getCurrent) and hot-transfer (single-instance) deep-link deliveries write orgii:org2-cloud-v1:auth within ~2s; UI flips 登录/退出登录 in lockstep.

Billing (full sandbox checkout):

  • ✅ "升级" opens …/login?return_to=%2Fbilling in Chrome — no in-app popup.
  • ✅ Web login → billing page → Stripe sandbox checkout (4242 test card) → subscription succeeds.
  • ✅ Success page reaches PRO and navigates to orgii://billing/complete; the OS routes it to the app, useDeepLinkHandler re-emits org2-cloud-billing-complete, and CloudOrgPanelView refreshes the plan badge free → pro and swaps 升级 → 管理订阅 without reopening the panel.

tsc, cargo check/clippy, and the authCallback / config / useDeepLinkHandler / billingComplete suites (39 tests) are green.

Note: on the test machine, stale orgii:// scheme claimants in LaunchServices (Trash copies, ghost /Volumes/*) had to be unregistered before deep-link callbacks routed to the live bundle — an environment issue, not a code issue.

🤖 Generated with Claude Code

Replace the in-app WebviewWindow login popup with a system-browser
sign-in. `handleSignIn` now calls `openUrl(buildOrg2CloudLoginUrl())`
(plugin-opener) instead of invoking the `org2_cloud_open_login` Tauri
command. The login page redirects back to `orgii://auth/callback#…`,
which the OS delivers through the deep-link plugin and useDeepLinkHandler
completes at the always-mounted app root — the same path that previously
served as the external-browser fallback.

Remove the now-unused `org2_cloud_open_login` command and its window
label; the shared `open_cloud_web_window` plumbing and the
`org2-cloud-auth-callback` navigation interception stay in place for the
billing window, which still opens in-app and can complete an in-window
re-auth. Comments across org2_cloud.rs, Org2CloudSection.tsx and
useDeepLinkHandler.ts updated to describe login-via-system-browser.

Verified end-to-end (macOS): sign-in opens the official login page in
Chrome; GitHub OAuth returns via orgii://auth/callback; both cold-start
(getCurrent) and hot-transfer (single-instance) deep-link deliveries
write the auth token and flip the UI to signed-in.

Pre-commit hook ran. Total eslint: 0, total circular: 2
Billing now opens via `openUrl(buildCloudBillingLoginUrl())` in the
system browser instead of an app-managed webview window. The URL was
already the token-free web login (`/login?return_to=/billing`) — the
browser session's cookie/refresh lifecycle stays independent from the
desktop session, so nothing sensitive rides in the URL.

After Stripe confirms the plan, the billing success page navigates to
`orgii://billing/complete`; the OS now delivers that as a deep link,
which useDeepLinkHandler re-emits as the existing
`org2-cloud-billing-complete` event so CloudOrgPanelView's entitlement
refresh keeps working unchanged. The url is deliberately never
dedup-marked — a second checkout fires the identical url.

With billing gone, nothing opens in-app cloud webviews anymore: delete
the whole org2_cloud.rs module (open_cloud_web_window, the
org2_cloud_open_billing command, both navigation interceptions) and the
now-emitterless `org2-cloud-auth-callback` frontend listener.

Pre-commit hook ran. Total eslint: 0, total circular: 2
@Neonforge98 Neonforge98 changed the title feat(org2cloud): open cloud sign-in in the system browser feat(org2cloud): open cloud sign-in and billing in the system browser Jul 16, 2026
external_import's OrgiiHomeGuard / UserHomeGuard serialized on their own
module-local mutexes, so they ran concurrently with sandbox()-based tests
in sibling modules and stomped the process-global ORGII_HOME / HOME
mid-test — surfacing as intermittent "no such table: …" failures
(lifecycle, inbox_drain, and external_import itself) in full-suite runs;
CI hit it deterministically on this PR twice.

Replace both guards with a single HomeEnvGuard that acquires the
workspace-canonical test_env::lock_home() once and can set either or
both vars (the two dual-guard tests would deadlock on a second
acquisition of the non-reentrant lock).

cargo test -p agent_core --lib: 3 consecutive full runs green
(2912 passed) — previously flaked 4 failures per run.

Pre-commit hook ran. Total eslint: 0, total circular: 2
…in-system-browser

Pre-commit hook ran. Total eslint: 0, total circular: 2
develop's 99af2d6 rewired UNIFIED_SESSION_SELECT to read the
orgtrack_core_session_usage projection and updated test_schema.rs, but
inbox_drain's ensure_inbox_schema still hand-rolled only the old
session_token_usage table — get_session in these tests failed with
"no such table: orgtrack_core_session_usage" on every PR CI run (the
push-to-develop path runs no CI, so develop itself never caught it).

Replace the hand-rolled DDL with test_schema::ensure_agent_sessions_schema,
which carries every table the unified select reads and stays in lock-step
with future select changes.

cargo test -p agent_core --lib on the develop merge: 2 consecutive full
runs green (2917 passed).

Pre-commit hook ran. Total eslint: 0, total circular: 2
@Neonforge98
Neonforge98 merged commit 525968d into develop Jul 16, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant