Scott.Idem/OSIT-AE-App-Svelte
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(idaa): purge posts and archives IDB on Novi auth failure

Browse Source 
When Novi UUID verification fails (or the manual Reset & Retry is
triggered), clear db_posts.post, db_posts.comment, db_archives.archive,
and db_archives.content from IndexedDB. Prevents private IDAA data
from persisting in the browser after a session ends or auth is denied.

db_events.event intentionally excluded — shared with conference modules.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Scott Idem
2026-04-19 17:26:34 -04:00
parent 868f4b3390
commit 236a5513ee
1 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/routes/idaa/(idaa)/+layout.svelte
View File

@@ -18,6 +18,8 @@ import {
slct_trigger slct_trigger
} from '$lib/stores/ae_stores'; } from '$lib/stores/ae_stores';
import { idaa_loc, idaa_sess, idaa_slct } from '$lib/stores/ae_idaa_stores'; import { idaa_loc, idaa_sess, idaa_slct } from '$lib/stores/ae_idaa_stores';
import { db_posts } from '$lib/ae_posts/db_posts';
import { db_archives } from '$lib/ae_archives/db_archives';
interface Props { interface Props {
/** @type {import('./$types').LayoutData} */ /** @type {import('./$types').LayoutData} */
@@ -322,6 +324,12 @@ async function verify_novi_uuid(
$idaa_loc.novi_email = null; $idaa_loc.novi_email = null;
$idaa_loc.novi_full_name = null; $idaa_loc.novi_full_name = null;
$idaa_loc.novi_verified = false; $idaa_loc.novi_verified = false;
// Purge private IDAA data from IDB — do not leave sensitive data cached after auth failure.
// db_events.event is intentionally excluded: it is shared with conference event modules.
db_posts.post.clear().catch(() => {});
db_posts.comment.clear().catch(() => {});
db_archives.archive.clear().catch(() => {});
db_archives.content.clear().catch(() => {});
} finally { } finally {
verify_in_flight = false; verify_in_flight = false;
novi_verifying = false; novi_verifying = false;
@@ -356,6 +364,10 @@ async function verify_novi_uuid(
onclick={() => { onclick={() => {
localStorage.removeItem('ae_loc'); localStorage.removeItem('ae_loc');
localStorage.removeItem('ae_idaa_loc'); localStorage.removeItem('ae_idaa_loc');
db_posts.post.clear().catch(() => {});
db_posts.comment.clear().catch(() => {});
db_archives.archive.clear().catch(() => {});
db_archives.content.clear().catch(() => {});
location.reload(); location.reload();
}}> }}>
<span class="fas fa-redo m-1"></span> <span class="fas fa-redo m-1"></span>