refactor(auth): Migrate session storage to flutter_secure_storage
This commit is contained in:
+14
-20
@@ -51,8 +51,9 @@ most important file verification behavior.
|
||||
normalized to UTF-8.
|
||||
- At initial review, custom title-bar widgets were duplicated between login and
|
||||
home screens. They have since been extracted into a shared widget.
|
||||
- Session tokens are persisted through `shared_preferences`. That is simple and
|
||||
testable, but it is not hardened storage for bearer tokens.
|
||||
- Session tokens were originally persisted through `shared_preferences`. They
|
||||
now use `flutter_secure_storage`, while `shared_preferences` remains limited
|
||||
to non-sensitive launcher preferences.
|
||||
- The dependency injection output file `lib/service_container.config.dart` is
|
||||
committed, but the regeneration command was not previously documented.
|
||||
- UI/widget/integration coverage is still light compared with the risk in login,
|
||||
@@ -69,37 +70,30 @@ Assumption: `3.44.2` means Flutter SDK `3.44.2`.
|
||||
|
||||
Current local indicators:
|
||||
|
||||
- `.fvmrc` pins Flutter `3.35.2`.
|
||||
- `.fvmrc` is absent.
|
||||
- `pubspec.yaml` declares Dart SDK `^3.9.0`.
|
||||
- `pubspec.lock` declares Flutter SDK `>=3.38.0`.
|
||||
- The project policy is latest stable Flutter SDK only; FVM-pinned workflows are
|
||||
not supported.
|
||||
- The local shell cannot find `flutter`: both `Get-Command flutter` and
|
||||
`where.exe flutter` fail.
|
||||
- The local shell now finds Flutter `3.44.2` on the stable channel.
|
||||
|
||||
Because `flutter` is not available in this shell, the upgrade cannot be fully
|
||||
validated here. If Flutter is installed, restart the shell or fix PATH so
|
||||
`flutter --version` works. The code and lockfile already suggest that the
|
||||
project has moved beyond the stale `.fvmrc` pin, so the upgrade is plausible,
|
||||
but it remains a tooling validation task.
|
||||
Flutter `3.44.2` has been validated for dependency resolution, formatting,
|
||||
analysis, and tests. A production-like Windows build smoke test remains open.
|
||||
|
||||
Recommended upgrade path:
|
||||
|
||||
1. Install or expose the latest stable Flutter SDK on PATH.
|
||||
2. Confirm whether the latest stable Flutter SDK is `3.44.2` or newer.
|
||||
3. Remove or ignore stale FVM pinning if it conflicts with the latest-SDK
|
||||
policy.
|
||||
4. Run `flutter pub get`.
|
||||
5. Regenerate dependency injection only if dependency resolution or generator
|
||||
1. Keep the latest stable Flutter SDK on PATH.
|
||||
2. Run `flutter pub get`.
|
||||
3. Regenerate dependency injection only if dependency resolution or generator
|
||||
output requires it:
|
||||
`dart run build_runner build --delete-conflicting-outputs`.
|
||||
6. Run `flutter analyze`.
|
||||
7. Run a Windows build smoke test:
|
||||
4. Run `flutter analyze`.
|
||||
5. Run a Windows build smoke test:
|
||||
`flutter build windows --dart-define=MOONWELL_API_BASE_URL=https://host`.
|
||||
|
||||
## Recommended Refactoring Direction
|
||||
|
||||
- Decide whether bearer tokens can remain in `shared_preferences`; if not,
|
||||
migrate session storage to platform-secure storage.
|
||||
- Keep secure session persistence covered by tests when login or session
|
||||
restore behavior changes.
|
||||
- Add CI or a documented local verification workflow that runs analysis and a
|
||||
Windows build smoke test with the latest stable Flutter SDK.
|
||||
|
||||
Reference in New Issue
Block a user