fix(idaa): purge posts and archives IDB on Novi auth failure
When Novi UUID verification fails (or the manual Reset & Retry is triggered), clear db_posts.post, db_posts.comment, db_archives.archive, and db_archives.content from IndexedDB. Prevents private IDAA data from persisting in the browser after a session ends or auth is denied. db_events.event intentionally excluded — shared with conference modules. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Scott Idem
@@ -18,6 +18,8 @@ import {
|
||||
slct_trigger
|
||||
} from '$lib/stores/ae_stores';
|
||||
import { idaa_loc, idaa_sess, idaa_slct } from '$lib/stores/ae_idaa_stores';
|
||||
import { db_posts } from '$lib/ae_posts/db_posts';
|
||||
import { db_archives } from '$lib/ae_archives/db_archives';
|
||||
|
||||
interface Props {
|
||||
/** @type {import('./$types').LayoutData} */
|
||||
@@ -322,6 +324,12 @@ async function verify_novi_uuid(
|
||||
$idaa_loc.novi_email = null;
|
||||
$idaa_loc.novi_full_name = null;
|
||||
$idaa_loc.novi_verified = false;
|
||||
// Purge private IDAA data from IDB — do not leave sensitive data cached after auth failure.
|
||||
// db_events.event is intentionally excluded: it is shared with conference event modules.
|
||||
db_posts.post.clear().catch(() => {});
|
||||
db_posts.comment.clear().catch(() => {});
|
||||
db_archives.archive.clear().catch(() => {});
|
||||
db_archives.content.clear().catch(() => {});
|
||||
} finally {
|
||||
verify_in_flight = false;
|
||||
novi_verifying = false;
|
||||
@@ -356,6 +364,10 @@ async function verify_novi_uuid(
|
||||
onclick={() => {
|
||||
localStorage.removeItem('ae_loc');
|
||||
localStorage.removeItem('ae_idaa_loc');
|
||||
db_posts.post.clear().catch(() => {});
|
||||
db_posts.comment.clear().catch(() => {});
|
||||
db_archives.archive.clear().catch(() => {});
|
||||
db_archives.content.clear().catch(() => {});
|
||||
location.reload();
|
||||
}}>
|
||||
<span class="fas fa-redo m-1"></span>
|
||||
|
||||
Reference in New Issue
Block a user