refactor(auth): Migrate session storage to flutter_secure_storage
This commit is contained in:
@@ -23,7 +23,8 @@ Important areas:
|
||||
and client synchronization.
|
||||
- `lib/features/launcher/data` contains API, installation, and log services.
|
||||
- `lib/features/preferences` stores selected install directory and launcher
|
||||
session data.
|
||||
session data. Launcher sessions must use secure storage; non-sensitive
|
||||
preferences may use `shared_preferences`.
|
||||
- `lib/service_container.dart` and `lib/service_container.config.dart` provide
|
||||
`get_it`/`injectable` dependency wiring.
|
||||
- `docs/launcher_web_api_spec.md` documents the current launcher Web API and
|
||||
@@ -52,9 +53,6 @@ flutter build windows --dart-define=MOONWELL_API_BASE_URL=https://host
|
||||
See `docs/linting.md` for the required format, analyze, test, and Lefthook
|
||||
pre-commit workflow.
|
||||
|
||||
In the current shell on 2026-06-18, `flutter` was not recognized by
|
||||
`Get-Command flutter` or `where.exe flutter`.
|
||||
|
||||
## Configuration
|
||||
|
||||
The launcher API base URL is compile-time configuration:
|
||||
@@ -69,6 +67,8 @@ or local-only API URLs.
|
||||
## Architecture Notes
|
||||
|
||||
- All backend calls should go through `LauncherApiClient`.
|
||||
- Launcher bearer tokens must be persisted through `flutter_secure_storage`.
|
||||
Do not store sessions or other secrets in `shared_preferences`.
|
||||
- File sync behavior should stay in `ClientSyncUseCase` and
|
||||
`GameInstallationService`.
|
||||
- The server manifest is the source of truth for client files.
|
||||
|
||||
Reference in New Issue
Block a user