fix(web): prevent duplicate kakao callback auth requests#467
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
1 Skipped Deployment
|
WalkthroughKakao 로그인 콜백 페이지가 인증 코드 중복 처리를 방지하도록 개선되었습니다. 검색 파라미터에서 코드를 한 번만 추출하고, 글로벌 세트를 통해 이미 처리된 코드인지 확인한 후, 초기화되지 않은 코드만 선택적으로 처리하는 로직으로 변경되었습니다. Strict Mode 재마운트 시에도 중복 호출이 발생하지 않도록 보호됩니다. Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Suggested reviewers
🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 inconclusive)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 665de4efbc
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| if (attemptedKakaoAuthCodes.has(code)) { | ||
| return; |
There was a problem hiding this comment.
This early return creates a dead-end for repeated visits to the same callback URL in the same tab: since attemptedKakaoAuthCodes is module-scoped and never cleared, going back to /login/kakao/callback?code=... (for example after onError already pushed /login) skips postKakaoAuth and also skips any redirect, so the user stays on CloudSpinnerPage indefinitely. Before this change, revisiting the page would still run the mutation path and navigate away.
Useful? React with 👍 / 👎.
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@apps/web/src/app/login/kakao/callback/KakaoLoginCallbackPage.tsx`:
- Line 8: Add the same module-level dedupe Set pattern used in
attemptedKakaoAuthCodes to AppleLoginCallbackPage: declare a module-scoped Set
(e.g., attemptedAppleAuthCodes) and in the component's useEffect that calls
postAppleAuth({ code }) check the Set for the code, skip calling postAppleAuth
if present, otherwise add the code to the Set before invoking postAppleAuth;
update logic around the useEffect in AppleLoginCallbackPage so it mirrors the
dedupe behavior used by KakaoLoginCallbackPage.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository UI
Review profile: CHILL
Plan: Pro
Run ID: 9bf91db7-4c57-49f2-b08f-7fd13aa11771
📒 Files selected for processing (1)
apps/web/src/app/login/kakao/callback/KakaoLoginCallbackPage.tsx
| import { usePostKakaoAuth } from "@/apis/Auth"; | ||
| import CloudSpinnerPage from "@/components/ui/CloudSpinnerPage"; | ||
|
|
||
| const attemptedKakaoAuthCodes = new Set<string>(); |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Description: Apple 콜백 페이지의 현재 구현 확인
cat apps/web/src/app/login/apple/callback/AppleLoginCallbackPage.tsxRepository: solid-connection/solid-connect-web
Length of output: 659
1. 모듈 레벨 Set 사용 - 좋은 접근 방식입니다 👍
Strict Mode에서의 이중 호출 방지를 위해 모듈 레벨 Set을 사용한 것은 적절한 패턴이에요. React 컴포넌트 생명주기 외부에 상태를 두어 리마운트 시에도 추적이 유지됩니다.
2. AppleLoginCallbackPage와의 일관성 문제 - 동일한 패턴 적용 필요
검토 결과, AppleLoginCallbackPage에서는 이 패턴을 사용하지 않고 있습니다. 현재 구현은 useEffect 내에서 직접 postAppleAuth({ code })를 호출하기만 하므로, Kakao 페이지가 해결한 것과 동일한 이중 호출 문제에 노출되어 있어요.
KakaoLoginCallbackPage: 모듈 레벨 Set으로 중복 호출 방지 ✓AppleLoginCallbackPage: 중복 호출 방지 메커니즘 없음 ✗
두 콜백 페이지의 접근 방식이 일관되지 않으면 향후 유지보수와 버그 추적 시 혼란이 있을 수 있습니다. AppleLoginCallbackPage도 동일한 Set 기반 패턴을 적용하여 일관성을 맞춰주세요.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@apps/web/src/app/login/kakao/callback/KakaoLoginCallbackPage.tsx` at line 8,
Add the same module-level dedupe Set pattern used in attemptedKakaoAuthCodes to
AppleLoginCallbackPage: declare a module-scoped Set (e.g.,
attemptedAppleAuthCodes) and in the component's useEffect that calls
postAppleAuth({ code }) check the Set for the code, skip calling postAppleAuth
if present, otherwise add the code to the Set before invoking postAppleAuth;
update logic around the useEffect in AppleLoginCallbackPage so it mirrors the
dedupe behavior used by KakaoLoginCallbackPage.
1 participant
Summary
/auth/kakaocalls in kakao callback page/sign-upafter successful loginRoot cause
postKakaoAuthinsideuseEffectwithout idempotency guardcodecould be posted multiple timesValidation