Skip to content

refactor(auth): extract auth strategies into separate modules #737

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ryanbonial wants to merge 2 commits into
base: main
Choose a base branch
from
Open

refactor(auth): extract auth strategies into separate modules #737

ryanbonial wants to merge 2 commits into from

Conversation

@ryanbonial
Copy link
Member

@ryanbonial ryanbonial commented Feb 9, 2026
edited
Loading

Description

This is a code organization change only — no behavioral changes to auth.

Refactors the auth system into a strategy pattern, extracting the monolithic authStore.getInitialState/initialize into three dedicated strategy modules — one per auth mode.

Why: The previous implementation tangled Studio, Dashboard, and Standalone auth logic together in a single function with interleaved conditionals, making it difficult to reason about each mode independently. This refactor establishes clear code paths as a prerequisite for upcoming Studio auto-detection work.

What changed:

  • New authMode.tsresolveAuthMode() determines the active auth mode (studio, dashboard, standalone) from config and environment
  • New authStrategy.ts — shared types (AuthStrategyResult, AuthStrategyOptions) defining the contract between orchestrator and strategies
  • New studioAuth.ts — Studio strategy: localStorage token discovery, async cookie auth fallback, project-scoped hostname
  • New dashboardAuth.ts — Dashboard strategy: _context URL param parsing, no localStorage (token via Comlink)
  • New standaloneAuth.ts — Standalone strategy: OAuth callback handling, localStorage token, standard login flow
  • authStore.ts is now a thin orchestrator that delegates to the resolved strategy
  • subscribeToStateAndFetchCurrentUser.ts accepts an explicit useProjectHostname option instead of re-reading studioMode.enabled

All public exports from authStore.ts are unchanged. studioModeAuth.ts retains its original leaf functions — existing test mocks continue to work through the module boundary.

Relates to SDK-772

What to review

  • authMode.ts — Is the mode resolution logic correct? Studio config wins, then dashboard detection, then standalone fallback.
  • Strategy modules — Verify each strategy's getXxxInitialState matches the original behavior for that mode. Compare against the previous getInitialState conditionals.
  • authStore.ts — Confirm the orchestrator correctly wires strategy results into AuthStoreState and the initialize function delegates properly.
  • subscribeToStateAndFetchCurrentUser.ts — The new optional fetchOptions parameter defaults to the previous behavior when omitted (backwards compatible).
  • No public API changes — The package's _exports/index.ts re-exports are untouched.

Testing

All existing auth tests pass with minimal changes. The existing 101 core auth tests and 40 React auth tests serve as the regression safety net:

  • authStore.test.ts (24 tests) — covers getInitialState for all modes, initialize subscription lifecycle, and all bound actions.
  • studioModeAuth.test.ts (10 tests) — covers checkForCookieAuth and getStudioTokenFromLocalStorage
  • subscribeToStateAndFetchCurrentUser.test.ts (3 tests) — covers user fetch on state transitions
  • subscribeToStorageEventsAndSetToken.test.ts (2 tests) — covers storage event handling
  • Plus handleAuthCallback, logout, refreshStampedToken, utils, and all React auth component/hook tests

No new test files were added — the refactor is purely structural and the existing tests exercise all code paths through the new module boundaries via vitest's module mocking.

Fun gif

undefined - Imgur

@ryanbonial ryanbonial requested a review from a team as a code owner February 9, 2026 21:39
@vercel
Copy link

vercel bot commented Feb 9, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
sdk-docs Ready Ready Preview, Comment Feb 9, 2026 10:16pm
sdk-kitchensink-react Ready Ready Preview, Comment Feb 9, 2026 10:16pm

Request Review

@github-actions
Copy link

github-actions bot commented Feb 9, 2026
edited
Loading

Coverage Report

Status Category Percentage Covered / Total
🟢 Lines 95.26% (🎯 95%) 8080 / 8482
🟢 Statements 95.26% (🎯 95%) 8080 / 8482
🟢 Functions 96.35% (🎯 95%) 397 / 412
🟢 Branches 92.67% (🎯 90%) 2340 / 2525
File Coverage
File Stmts Branches Functions Lines Uncovered Lines
Changed Files
packages/core/src/auth/authMode.ts 100% 100% 100% 100%
packages/core/src/auth/authStore.ts 85.43% 92.3% 100% 85.43% 120-121, 272-296
packages/core/src/auth/authStrategy.ts 100% 100% 100% 100%
packages/core/src/auth/dashboardAuth.ts 91.46% 81.81% 100% 91.46% 37-40, 119-121
packages/core/src/auth/standaloneAuth.ts 100% 100% 100% 100%
packages/core/src/auth/studioAuth.ts 88.04% 56.25% 100% 88.04% 38-45, 95, 107, 114
packages/core/src/auth/subscribeToStateAndFetchCurrentUser.ts 98.38% 94.73% 100% 98.38% 73
Generated in workflow #2933 for commit 68572b9 by the Vitest Coverage Report Action

@ryanbonial ryanbonial requested a review from Copilot February 9, 2026 21:51
Copilot AI reviewed Feb 9, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Refactors core auth initialization into a strategy-pattern layout, separating Studio/Dashboard/Standalone auth mode logic while keeping authStore as the orchestrator.

Changes:

  • Added resolveAuthMode() to determine runtime auth mode and route to the correct strategy.
  • Extracted per-mode initial-state + initialization logic into studioAuth.ts, dashboardAuth.ts, and standaloneAuth.ts.
  • Updated subscribeToStateAndFetchCurrentUser to accept an explicit useProjectHostname option (with backward-compatible defaulting).

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 8 comments.

Show a summary per file
File Description
packages/core/src/auth/authStore.ts Converts store into a thin orchestrator that selects a mode and delegates to strategy modules.
packages/core/src/auth/authMode.ts Adds auth mode resolution (studio / dashboard / standalone) based on config + _context.
packages/core/src/auth/authStrategy.ts Introduces shared strategy input/output types used by the orchestrator and strategies.
packages/core/src/auth/studioAuth.ts Implements Studio strategy: studio localStorage token discovery + async cookie auth enablement + subscriptions.
packages/core/src/auth/dashboardAuth.ts Implements Dashboard strategy: _context parsing + “wait for Comlink token” initial state + subscriptions.
packages/core/src/auth/standaloneAuth.ts Implements Standalone strategy: OAuth callback detection + localStorage token discovery + subscriptions.
packages/core/src/auth/subscribeToStateAndFetchCurrentUser.ts Adds optional fetch configuration to control project-hostname behavior (important for Studio cookie auth).

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@laurenashpole laurenashpole Awaiting requested review from laurenashpole laurenashpole is a code owner automatically assigned from sanity-io/sdk

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ryanbonial