feat(org2cloud): open cloud sign-in and billing in the system browser#401
Merged
Conversation
Replace the in-app WebviewWindow login popup with a system-browser sign-in. `handleSignIn` now calls `openUrl(buildOrg2CloudLoginUrl())` (plugin-opener) instead of invoking the `org2_cloud_open_login` Tauri command. The login page redirects back to `orgii://auth/callback#…`, which the OS delivers through the deep-link plugin and useDeepLinkHandler completes at the always-mounted app root — the same path that previously served as the external-browser fallback. Remove the now-unused `org2_cloud_open_login` command and its window label; the shared `open_cloud_web_window` plumbing and the `org2-cloud-auth-callback` navigation interception stay in place for the billing window, which still opens in-app and can complete an in-window re-auth. Comments across org2_cloud.rs, Org2CloudSection.tsx and useDeepLinkHandler.ts updated to describe login-via-system-browser. Verified end-to-end (macOS): sign-in opens the official login page in Chrome; GitHub OAuth returns via orgii://auth/callback; both cold-start (getCurrent) and hot-transfer (single-instance) deep-link deliveries write the auth token and flip the UI to signed-in. Pre-commit hook ran. Total eslint: 0, total circular: 2
Billing now opens via `openUrl(buildCloudBillingLoginUrl())` in the system browser instead of an app-managed webview window. The URL was already the token-free web login (`/login?return_to=/billing`) — the browser session's cookie/refresh lifecycle stays independent from the desktop session, so nothing sensitive rides in the URL. After Stripe confirms the plan, the billing success page navigates to `orgii://billing/complete`; the OS now delivers that as a deep link, which useDeepLinkHandler re-emits as the existing `org2-cloud-billing-complete` event so CloudOrgPanelView's entitlement refresh keeps working unchanged. The url is deliberately never dedup-marked — a second checkout fires the identical url. With billing gone, nothing opens in-app cloud webviews anymore: delete the whole org2_cloud.rs module (open_cloud_web_window, the org2_cloud_open_billing command, both navigation interceptions) and the now-emitterless `org2-cloud-auth-callback` frontend listener. Pre-commit hook ran. Total eslint: 0, total circular: 2
external_import's OrgiiHomeGuard / UserHomeGuard serialized on their own module-local mutexes, so they ran concurrently with sandbox()-based tests in sibling modules and stomped the process-global ORGII_HOME / HOME mid-test — surfacing as intermittent "no such table: …" failures (lifecycle, inbox_drain, and external_import itself) in full-suite runs; CI hit it deterministically on this PR twice. Replace both guards with a single HomeEnvGuard that acquires the workspace-canonical test_env::lock_home() once and can set either or both vars (the two dual-guard tests would deadlock on a second acquisition of the non-reentrant lock). cargo test -p agent_core --lib: 3 consecutive full runs green (2912 passed) — previously flaked 4 failures per run. Pre-commit hook ran. Total eslint: 0, total circular: 2
…in-system-browser Pre-commit hook ran. Total eslint: 0, total circular: 2
develop's 99af2d6 rewired UNIFIED_SESSION_SELECT to read the orgtrack_core_session_usage projection and updated test_schema.rs, but inbox_drain's ensure_inbox_schema still hand-rolled only the old session_token_usage table — get_session in these tests failed with "no such table: orgtrack_core_session_usage" on every PR CI run (the push-to-develop path runs no CI, so develop itself never caught it). Replace the hand-rolled DDL with test_schema::ensure_agent_sessions_schema, which carries every table the unified select reads and stays in lock-step with future select changes. cargo test -p agent_core --lib on the develop merge: 2 consecutive full runs green (2917 passed). Pre-commit hook ran. Total eslint: 0, total circular: 2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
ORG2 Cloud sign-in and billing now open in the system browser instead of in-app
WebviewWindowpopups. With both gone, nothing opens in-app cloud webviews anymore and the wholeorg2_cloud.rsmodule is deleted.Sign-in (commit 1)
handleSignIncallsopenUrl(buildOrg2CloudLoginUrl())(@tauri-apps/plugin-opener) instead of invoking theorg2_cloud_open_loginTauri command.orgii://auth/callback#…; the OS delivers it via the deep-link plugin anduseDeepLinkHandlercompletes sign-in at the always-mounted app root — the same path that previously existed as the external-browser fallback.Billing (commit 2)
useOpenCloudBillingcallsopenUrl(buildCloudBillingLoginUrl()). The URL was already the token-free web login (/login?return_to=/billing) — the browser session's cookie/refresh lifecycle stays independent from the desktop session, so nothing sensitive rides in the URL.orgii://billing/complete(the cloud web app already supported the plain-browser case).useDeepLinkHandlernow catches that deep link and re-emits it as the existingorg2-cloud-billing-completeevent, soCloudOrgPanelView's entitlement refresh keeps working unchanged. The url is deliberately never dedup-marked — a second checkout fires the identical url. New pure matcherbillingComplete.ts+ unit tests.Deleted
src-tauri/src/org2_cloud.rs(both commands,open_cloud_web_window, both navigation interceptions) + handler registrations.org2-cloud-auth-callbackfrontend listener inuseDeepLinkHandler.Net: −134 lines.
Verification (macOS, computer-use, end-to-end)
Sign-in:
orgii://auth/callback.getCurrent) and hot-transfer (single-instance) deep-link deliveries writeorgii:org2-cloud-v1:authwithin ~2s; UI flips 登录/退出登录 in lockstep.Billing (full sandbox checkout):
…/login?return_to=%2Fbillingin Chrome — no in-app popup.4242test card) → subscription succeeds.orgii://billing/complete; the OS routes it to the app,useDeepLinkHandlerre-emitsorg2-cloud-billing-complete, andCloudOrgPanelViewrefreshes the plan badge free → pro and swaps 升级 → 管理订阅 without reopening the panel.tsc,cargo check/clippy, and theauthCallback/config/useDeepLinkHandler/billingCompletesuites (39 tests) are green.🤖 Generated with Claude Code