refactor(auth): Migrate session storage to flutter_secure_storage

This commit is contained in:
gasaichandesu
2026-06-19 22:58:27 +04:00
parent 8f6ed5504b
commit 07b9e44350
10 changed files with 181 additions and 103 deletions
+14 -20
View File
@@ -51,8 +51,9 @@ most important file verification behavior.
normalized to UTF-8.
- At initial review, custom title-bar widgets were duplicated between login and
home screens. They have since been extracted into a shared widget.
- Session tokens are persisted through `shared_preferences`. That is simple and
testable, but it is not hardened storage for bearer tokens.
- Session tokens were originally persisted through `shared_preferences`. They
now use `flutter_secure_storage`, while `shared_preferences` remains limited
to non-sensitive launcher preferences.
- The dependency injection output file `lib/service_container.config.dart` is
committed, but the regeneration command was not previously documented.
- UI/widget/integration coverage is still light compared with the risk in login,
@@ -69,37 +70,30 @@ Assumption: `3.44.2` means Flutter SDK `3.44.2`.
Current local indicators:
- `.fvmrc` pins Flutter `3.35.2`.
- `.fvmrc` is absent.
- `pubspec.yaml` declares Dart SDK `^3.9.0`.
- `pubspec.lock` declares Flutter SDK `>=3.38.0`.
- The project policy is latest stable Flutter SDK only; FVM-pinned workflows are
not supported.
- The local shell cannot find `flutter`: both `Get-Command flutter` and
`where.exe flutter` fail.
- The local shell now finds Flutter `3.44.2` on the stable channel.
Because `flutter` is not available in this shell, the upgrade cannot be fully
validated here. If Flutter is installed, restart the shell or fix PATH so
`flutter --version` works. The code and lockfile already suggest that the
project has moved beyond the stale `.fvmrc` pin, so the upgrade is plausible,
but it remains a tooling validation task.
Flutter `3.44.2` has been validated for dependency resolution, formatting,
analysis, and tests. A production-like Windows build smoke test remains open.
Recommended upgrade path:
1. Install or expose the latest stable Flutter SDK on PATH.
2. Confirm whether the latest stable Flutter SDK is `3.44.2` or newer.
3. Remove or ignore stale FVM pinning if it conflicts with the latest-SDK
policy.
4. Run `flutter pub get`.
5. Regenerate dependency injection only if dependency resolution or generator
1. Keep the latest stable Flutter SDK on PATH.
2. Run `flutter pub get`.
3. Regenerate dependency injection only if dependency resolution or generator
output requires it:
`dart run build_runner build --delete-conflicting-outputs`.
6. Run `flutter analyze`.
7. Run a Windows build smoke test:
4. Run `flutter analyze`.
5. Run a Windows build smoke test:
`flutter build windows --dart-define=MOONWELL_API_BASE_URL=https://host`.
## Recommended Refactoring Direction
- Decide whether bearer tokens can remain in `shared_preferences`; if not,
migrate session storage to platform-secure storage.
- Keep secure session persistence covered by tests when login or session
restore behavior changes.
- Add CI or a documented local verification workflow that runs analysis and a
Windows build smoke test with the latest stable Flutter SDK.