v0.9.0: Fix OAuth authentication in packaged Electron app

Author: eldinmiller

electron/main.ts

@@ -180,6 +180,29 @@ function createWindow() {
     mainWindow.loadFile(loadPath).catch(err => log('Error loading file:', err))
   }
 
+  // In production, intercept OAuth redirects to localhost and reload the app with auth tokens
+  if (!isDev) {
+    mainWindow.webContents.on('will-navigate', (event, navUrl) => {
+      if (navUrl.startsWith('http://localhost') && navUrl.includes('access_token')) {
+        log('Intercepting OAuth redirect in main window:', navUrl.substring(0, 80) + '...')
+        event.preventDefault()
+        
+        // Extract hash/query from the redirect URL
+        const url = new URL(navUrl)
+        const hashFragment = url.hash || ''
+        const queryString = url.search || ''
+        
+        // Load the production HTML file with the auth tokens in hash
+        const prodPath = path.join(__dirname, '../dist/index.html')
+        const normalizedPath = prodPath.replace(/\\/g, '/')
+        const fileUrl = `file:///${normalizedPath}${queryString}${hashFragment}`
+        log('Reloading with file URL:', fileUrl.substring(0, 100) + '...')
+        
+        mainWindow?.loadURL(fileUrl)
+      }
+    })
+  }
+
   mainWindow.webContents.setWindowOpenHandler(({ url }) => {
     shell.openExternal(url)
     return { action: 'deny' }
@@ -339,13 +362,52 @@ ipcMain.handle('auth:open-oauth-window', async (_, url: string) => {
     })
 
     // Listen for redirect back to our app with auth tokens
+    let handled = false
     const handleAuthRedirect = (redirectUrl: string) => {
+      // Prevent duplicate handling
+      if (handled) return false
+      
       // Check if this is our callback URL (contains access_token or code)
       if (redirectUrl.startsWith('http://localhost') && 
           (redirectUrl.includes('access_token') || redirectUrl.includes('code=') || redirectUrl.includes('#'))) {
+        handled = true
         log('OAuth redirect detected:', redirectUrl.substring(0, 100) + '...')
-        // Load the callback URL in main window so Supabase can process the tokens
-        mainWindow?.loadURL(redirectUrl)
+        
+        // In production, we can't load localhost - extract tokens and send to renderer
+        if (isDev) {
+          // In dev, localhost server is running, so load the URL directly
+          mainWindow?.loadURL(redirectUrl)
+        } else {
+          // In production, extract tokens from the redirect URL and send to renderer
+          const url = new URL(redirectUrl)
+          const hashFragment = url.hash || ''
+          
+          // Parse the hash fragment to extract tokens
+          const hashParams = new URLSearchParams(hashFragment.substring(1))
+          const accessToken = hashParams.get('access_token')
+          const refreshToken = hashParams.get('refresh_token')
+          const expiresIn = hashParams.get('expires_in')
+          const expiresAt = hashParams.get('expires_at')
+          
+          if (accessToken && refreshToken) {
+            log('Extracted tokens, sending to renderer...')
+            // Send tokens to renderer to set session
+            mainWindow?.webContents.send('auth:set-session', {
+              access_token: accessToken,
+              refresh_token: refreshToken,
+              expires_in: expiresIn ? parseInt(expiresIn) : 3600,
+              expires_at: expiresAt ? parseInt(expiresAt) : undefined
+            })
+          } else {
+            log('No tokens found in redirect, loading file with hash...')
+            // Fallback: try loading file with hash
+            const prodPath = path.join(__dirname, '../dist/index.html')
+            const normalizedPath = prodPath.replace(/\\/g, '/')
+            const fileUrl = `file:///${normalizedPath}${hashFragment}`
+            mainWindow?.loadURL(fileUrl)
+          }
+        }
+        
         authWindow.close()
         resolve({ success: true })
         return true

electron/preload.ts

@@ -159,6 +159,16 @@ contextBridge.exposeInMainWorld('electronAPI', {
     return () => {
       ipcRenderer.removeListener('files-changed', handler)
     }
+  },
+  
+  // Auth session listener (for OAuth callback in production)
+  onSetSession: (callback: (tokens: { access_token: string; refresh_token: string; expires_in?: number; expires_at?: number }) => void) => {
+    const handler = (_: unknown, tokens: { access_token: string; refresh_token: string; expires_in?: number; expires_at?: number }) => callback(tokens)
+    ipcRenderer.on('auth:set-session', handler)
+    
+    return () => {
+      ipcRenderer.removeListener('auth:set-session', handler)
+    }
   }
 })
 
@@ -229,6 +239,9 @@ declare global {
 
       // File change events
       onFilesChanged: (callback: (files: string[]) => void) => () => void
+      
+      // Auth session events (for OAuth callback in production)
+      onSetSession: (callback: (tokens: { access_token: string; refresh_token: string; expires_in?: number; expires_at?: number }) => void) => () => void
     }
   }
 }

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "blue-pdm",
-  "version": "0.8.0",
+  "version": "0.9.0",
   "description": "Product Data Management for engineering teams",
   "main": "dist-electron/main.js",
   "scripts": {
@@ -81,4 +81,3 @@
     }
   }
 }
-

package.json

@@ -33,7 +33,6 @@ function App() {
     setVaultConnected,
     setFiles,
     setServerFiles,
-    isLoading,
     setIsLoading,
     statusMessage,
     setStatusMessage,
@@ -84,8 +83,8 @@ function App() {
         console.log('[Auth] Loading organization for:', session.user.email)
         linkUserToOrganization(session.user.id, session.user.email || '').then(({ org, error }) => {
           if (org) {
-            console.log('[Auth] Organization loaded:', org.name)
-            setOrganization(org)
+            console.log('[Auth] Organization loaded:', (org as any).name)
+            setOrganization(org as any)
           } else if (error) {
             console.log('[Auth] No organization found:', error)
           }
@@ -123,8 +122,8 @@ function App() {
           // Load organization
           linkUserToOrganization(session.user.id, session.user.email || '').then(({ org }) => {
             if (org) {
-              console.log('[Auth] Organization loaded on state change:', org.name)
-              setOrganization(org)
+              console.log('[Auth] Organization loaded on state change:', (org as any).name)
+              setOrganization(org as any)
             }
           })
         } else if (event === 'SIGNED_OUT') {
@@ -233,13 +232,13 @@ function App() {
           // These appear faded/greyed to indicate they're available but not downloaded
           const cloudFolders = new Set<string>()
 
-          for (const pdmFile of pdmFiles) {
+          for (const pdmFile of pdmFiles as any[]) {
             if (!localPathSet.has(pdmFile.file_path)) {
               // If file is checked out by current user but doesn't exist locally,
               // auto-release the checkout (user deleted it externally)
               if (pdmFile.checked_out_by === user?.id) {
                 console.log('[Auto-release] File deleted externally, releasing checkout:', pdmFile.file_name)
-                checkinFile(pdmFile.id, user.id).then(result => {
+                checkinFile(pdmFile.id, user!.id).then(result => {
                   if (result.success) {
                     console.log('[Auto-release] Released checkout for:', pdmFile.file_name)
                   } else {
@@ -305,7 +304,6 @@ function App() {
       // A folder should be 'cloud' if all its contents are cloud-only
       // Process folders bottom-up (deepest first) so parent folders see updated child statuses
       const folders = localFiles.filter(f => f.isDirectory)
-      const fileMap = new Map(localFiles.map(f => [f.relativePath.replace(/\\/g, '/'), f]))
 
       // Sort folders by depth (deepest first)
       folders.sort((a, b) => {

src/App.tsx

@@ -2,8 +2,7 @@ import {
   FolderTree, 
   ArrowDownUp, 
   History, 
-  Search,
-  Settings
+  Search
 } from 'lucide-react'
 import { usePDMStore, SidebarView } from '../stores/pdmStore'
 

src/components/ActivityBar.tsx

@@ -1,6 +1,6 @@
 import { useState, useEffect } from 'react'
 import { usePDMStore } from '../stores/pdmStore'
-import { formatFileSize, STATE_INFO, getFileIconType } from '../types/pdm'
+import { formatFileSize, getFileIconType, STATE_INFO } from '../types/pdm'
 import { format, formatDistanceToNow } from 'date-fns'
 import { getFileVersions, getRecentActivity } from '../lib/supabase'
 import { rollbackToVersion } from '../lib/fileService'
@@ -16,7 +16,6 @@ import {
   Info,
   Cloud,
   RotateCcw,
-  Check,
   Loader2,
   FileImage,
   FileSpreadsheet,

src/components/DetailsPanel.tsx

@@ -11,7 +11,6 @@ import {
   FileText,
   Layers,
   Lock,
-  MoreVertical,
   RefreshCw,
   Upload,
   Home,
@@ -61,7 +60,6 @@ export function FileBrowser({ onRefresh }: FileBrowserProps) {
     selectedFiles,
     setSelectedFiles,
     toggleFileSelection,
-    selectAllFiles,
     clearSelection,
     columns,
     setColumnWidth,
@@ -100,12 +98,8 @@ export function FileBrowser({ onRefresh }: FileBrowserProps) {
     processingFolders,
     addProcessingFolder,
     removeProcessingFolder,
-    clearProcessingFolders,
     queueOperation,
     hasPathConflict,
-    operationQueue,
-    setHistoryFolderFilter,
-    setActiveView,
     setDetailsPanelTab,
     detailsPanelVisible,
     toggleDetailsPanel,
@@ -925,7 +919,8 @@ export function FileBrowser({ onRefresh }: FileBrowserProps) {
   }
 
   // Delete a file or folder (moves to trash/recycle bin)
-  const handleDelete = async (file: LocalFile) => {
+  // @ts-ignore - Reserved for future use
+  const _handleDelete = async (file: LocalFile) => {
     if (!vaultPath || !window.electronAPI) {
       addToast('error', 'No vault connected')
       return
@@ -1855,8 +1850,6 @@ export function FileBrowser({ onRefresh }: FileBrowserProps) {
           setSelectionBox(prev => prev ? { ...prev, currentX, currentY } : null)
 
           // Calculate selection box bounds
-          const left = Math.min(selectionBox.startX, currentX)
-          const right = Math.max(selectionBox.startX, currentX)
           const top = Math.min(selectionBox.startY, currentY)
           const bottom = Math.max(selectionBox.startY, currentY)
 
@@ -2109,8 +2102,6 @@ export function FileBrowser({ onRefresh }: FileBrowserProps) {
         // Check out/in status - consider all synced files including those inside folders
         const allCheckedOut = syncedFilesInSelection.length > 0 && syncedFilesInSelection.every(f => f.pdmData?.checked_out_by)
         const allCheckedIn = syncedFilesInSelection.length > 0 && syncedFilesInSelection.every(f => !f.pdmData?.checked_out_by)
-        const anyCheckedOut = syncedFilesInSelection.some(f => f.pdmData?.checked_out_by)
-        const anyCheckedIn = syncedFilesInSelection.some(f => !f.pdmData?.checked_out_by)
 
         // Count files that can be checked out/in (for folder labels)
         const checkoutableCount = syncedFilesInSelection.filter(f => !f.pdmData?.checked_out_by).length
@@ -2143,9 +2134,6 @@ export function FileBrowser({ onRefresh }: FileBrowserProps) {
         const cloudOnlyCount = getCloudOnlyFilesCount()
         const anyCloudOnly = cloudOnlyCount > 0 || contextFiles.some(f => f.diffStatus === 'cloud')
 
-        // Check for locally synced files (can be unsynced)
-        const anyLocalSynced = contextFiles.some(f => f.pdmData && f.diffStatus !== 'cloud' && f.diffStatus !== 'added')
-        
         return (
           <>
             <div 

src/components/FileBrowser.tsx

@@ -8,7 +8,6 @@ import {
   ArrowDown,
   ArrowUp,
   Cloud,
-  Download,
   CloudOff,
   Edit,
   FolderPlus,
@@ -35,7 +34,6 @@ interface FileContextMenuProps {
   onPaste?: () => void
   onRename?: (file: LocalFile) => void
   onNewFolder?: () => void
-  onDelete?: (file: LocalFile) => void
 }
 
 export function FileContextMenu({
@@ -50,8 +48,7 @@ export function FileContextMenu({
   onCut,
   onPaste,
   onRename,
-  onNewFolder,
-  onDelete
+  onNewFolder
 }: FileContextMenuProps) {
   const { user, organization, vaultPath, activeVaultId, addToast, addProgressToast, updateProgressToast, removeToast, isProgressToastCancelled, pinnedFolders, pinFolder, unpinFolder, connectedVaults, addProcessingFolder, removeProcessingFolder, queueOperation, hasPathConflict, updateFileInStore, startSync, updateSyncProgress, endSync } = usePDMStore()
 
@@ -69,7 +66,6 @@ export function FileContextMenu({
   const firstFile = contextFiles[0]
   const isFolder = firstFile.isDirectory
   const allFolders = contextFiles.every(f => f.isDirectory)
-  const allFiles = contextFiles.every(f => !f.isDirectory)
   const fileCount = contextFiles.filter(f => !f.isDirectory).length
   const folderCount = contextFiles.filter(f => f.isDirectory).length
 
@@ -172,7 +168,6 @@ export function FileContextMenu({
 
   // Check for cloud-only files
   const allCloudOnly = contextFiles.every(f => f.diffStatus === 'cloud')
-  const hasLocalFiles = contextFiles.some(f => f.diffStatus !== 'cloud')
   const hasUnsyncedLocalFiles = unsyncedFilesInSelection.length > 0
 
   // Count cloud-only files (for download count) - includes files inside folders

src/components/FileContextMenu.tsx

@@ -5,12 +5,12 @@ import { signInWithGoogle, signOut, isSupabaseConfigured, linkUserToOrganization
 import { SettingsModal } from './SettingsModal'
 
 interface MenuBarProps {
-  onOpenVault: () => void
-  onRefresh: () => void
+  onOpenVault?: () => void
+  onRefresh?: () => void
   minimal?: boolean  // Hide Sign In and Settings on welcome/signin screens
 }
 
-export function MenuBar({ onOpenVault, onRefresh, minimal = false }: MenuBarProps) {
+export function MenuBar({ minimal = false }: MenuBarProps) {
   const { user, organization, setUser, setOrganization, addToast, setSearchQuery, searchQuery, searchType, setSearchType } = usePDMStore()
   const [appVersion, setAppVersion] = useState('')
   const [isSigningIn, setIsSigningIn] = useState(false)
@@ -275,8 +275,8 @@ export function MenuBar({ onOpenVault, onRefresh, minimal = false }: MenuBarProp
                           if (error) {
                             addToast('error', `Could not find org for @${user.email.split('@')[1]}`)
                           } else if (org) {
-                            setOrganization(org)
-                            addToast('success', `Linked to ${org.name}`)
+                            setOrganization(org as any)
+                            addToast('success', `Linked to ${(org as any).name}`)
                             setShowUserMenu(false)
                           }
                         }}