fix(server): auth error fix bug

[hexaforce]

Overview

Problematic code was unintentionally included.

What I've done

What I haven't done

How I tested

Which point I want you to review particularly

Memo

Summary by CodeRabbit

• Refactor
  • Consolidated the authentication setup to ensure consistent configuration and logging.
  • Removed redundant middleware handling to streamline the authentication process.

[coderabbitai]

Walkthrough

The authentication logic in initEcho has been streamlined. The authConfig variable is now initialized unconditionally at the start of the authentication section and logged immediately. A new wrapHandler function attaches mock authentication to the request context when needed, while the standard authentication uses the returned middleware from appx.AuthMiddleware. The previous conditional check for a disabled authentication service and the obsolete AuthMiddlewareDummy have been removed.

Changes

File	Change Summary
server/.../app.go	Removed the conditional check for disabled authentication. Unconditionally initializes authConfig, relocates logging, defines a new wrapHandler for mock authentication, assigns AuthMiddleware for non-mock flows, and removes AuthMiddlewareDummy.

Sequence Diagram(s)

sequenceDiagram
    participant S as Server (initEcho)
    alt Using Mock Authentication
        S->>S: Initialize authConfig and log it
        S->>S: Define wrapHandler (attaches mock auth context)
    else
        S->>S: Initialize authConfig and log it
        S->>S: Invoke AuthMiddleware with authConfig
    end

Loading

Poem

I'm a bunny with a joyful beat,
Tweaking auth logic, oh so neat!
No more dummy, the code's in tune,
Mock or real, it's synced by noon.
Hop along, let bugs retreat—
Hoppy changes make our code complete!

✨ Finishing Touches

• 📝 Generate Docstrings

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[netlify]

✅ Deploy Preview for reearth-web canceled.

Name	Link
🔨 Latest commit	9b3954c
🔍 Latest deploy log	https://app.netlify.com/sites/reearth-web/deploys/67c03b6d596c12000844bced

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6a8820f and 9b3954c.

📒 Files selected for processing (1)

• server/internal/app/app.go (1 hunks)

🔇 Additional comments (3)

server/internal/app/app.go (3)

61-63: Improved authentication configuration setup

The authentication configuration is now initialized unconditionally at the start of the auth section and logged immediately, which streamlines the code flow and ensures the config is always available and visible in logs before it's used.

---

65-77: Simplified authentication flow handling

The authentication flow has been streamlined by:

1. Removing the conditional check for disabled authentication service
2. Using a clear branching structure: mock auth for development vs. standard auth
3. Consistently wrapping HTTP handlers with the appropriate authentication middleware

This simplification makes the code more maintainable and easier to reason about.

---

25-160: Additional context needed to understand the bug fix

While the changes improve code structure, it's not clear from the code alone what specific bug this PR is fixing. Please provide more context about:

1. What was the original bug behavior?
2. How do these changes address that behavior?
3. How was this fix tested?

This context would help validate that the changes fully address the intended problem.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Be cautious with lo.Must() as it may panic

Using lo.Must() will cause the application to panic if appx.AuthMiddleware returns an error. Consider handling the error explicitly to ensure graceful failure, especially since this is in the server initialization path.

---

🏁 Script executed:

#!/bin/bash
# Check how appx.AuthMiddleware handles errors and if lo.Must is used elsewhere
rg -A 2 -B 2 "appx.AuthMiddleware" --type go
rg "lo.Must" --type go

Length of output: 5549

---

Critical: Address Potential Panic in Server Initialization

The call to lo.Must(appx.AuthMiddleware(authConfig, adapter.ContextAuthInfo, true)) on line 76 can cause the server to panic if an error is returned, leading to an abrupt startup failure. While lo.Must is used in various places (especially in tests), it's not ideal for production initialization. Please consider refactoring this section to handle errors explicitly (for example, by checking the error, logging it, and shutting down gracefully) to ensure a more reliable startup.

• File: server/internal/app/app.go, line 76