Skip to content

fix: resolve dashboard login hidden-state bug and rename auth routes#3

Open
dxu104 wants to merge 1 commit intowillynikes2:masterfrom
dxu104:fix/dashboard-login-and-session-routes
Open

fix: resolve dashboard login hidden-state bug and rename auth routes#3
dxu104 wants to merge 1 commit intowillynikes2:masterfrom
dxu104:fix/dashboard-login-and-session-routes

Conversation

@dxu104
Copy link

@dxu104 dxu104 commented Mar 19, 2026

Summary

  • Fix login screen staying visible after successful sign-in by adding [hidden] { display: none !important; } (CSS display rule was overriding the hidden attribute)
  • Rename /api/auth/* endpoints to /api/session/* for clarity
  • Upgrade better-sqlite3 from v11 to v12

Test plan

  • Start server with kb start and open localhost:3838
  • Verify login screen disappears after successful sign-in
  • Verify /api/session/check and /api/session/password endpoints work correctly

🤖 Generated with Claude Code

@dxu104 @claude
fix: resolve dashboard login hidden-state bug and rename auth routes …
69aed75 
…to session

- Add global [hidden] { display: none !important } to fix login screen staying
  visible after successful sign-in (CSS display rule was overriding hidden attr)
- Rename /api/auth/* endpoints to /api/session/* for clarity
- Upgrade better-sqlite3 from v11 to v12

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
willynikes2
willynikes2 requested changes Mar 23, 2026
View reviewed changes
Copy link
Owner

@willynikes2 willynikes2 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Multi-Agent Code Review (Claude + Codex + Gemini)

Hey @dxu104 — thanks for the PR! The CSS fix is solid and we'd like to get it merged. A few things need addressing first:

What's good

  • The [hidden] { display: none !important } fix correctly solves the login screen bug. The root cause is .login-screen { display: flex } overriding the browser's default [hidden] styling — your fix is the right approach.
  • No security issues found with the route rename. authMiddleware still protects the password endpoint, and session cookies remain HttpOnly + SameSite=Strict.

Requested changes

1. Node engine mismatch (blocker)
package.json declares "engines": { "node": ">=18.0.0" } but better-sqlite3@12 requires node: "20.x || 22.x || 23.x || 24.x || 25.x". This will break installs on Node 18/19. Please either:

  • Bump the engine field to >=20.0.0, or
  • Keep better-sqlite3@11 if Node 18 support is needed

2. Inconsistent route naming
/api/login and /api/logout stay at the old paths while /api/auth/check and /api/auth/password moved to /api/session/*. This creates a split API surface. Please either:

  • Move all dashboard auth endpoints under /api/session/* (/api/session/login, /api/session/logout, /api/session/check, /api/session/password), or
  • Revert to /api/auth/* for consistency

3. Rename the file
src/routes/auth-routes.js now serves /api/session/* routes — please rename to session-routes.js to match.

4. Docs check
Please verify the OpenAPI spec (src/routes/openapi.js) and README don't reference the old /api/auth/check or /api/auth/password endpoints.

The CSS fix alone is worth merging if you'd prefer to split this into two PRs (one for the CSS fix, one for the route rename + dep bump). Let us know which approach you prefer!

🤖 Review powered by Claude Code + OpenAI Codex + Google Gemini

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@willynikes2 willynikes2 willynikes2 requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dxu104 @willynikes2