core: auth/login event

[renbaoshuo]

Summary by CodeRabbit

Release Notes

• New Features
  • Added authentication lifecycle hooks that allow extensions to run logic before login and at login completion.
• Chores
  • Improved login workflow event handling and typing to support the new extensibility points.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 857d52df-1411-48f6-ae20-5f9e80b6def1

📥 Commits

Reviewing files that changed from the base of the PR and between b4f2688 and 951941e.

📒 Files selected for processing (2)

• packages/hydrooj/src/handler/user.ts
• packages/hydrooj/src/service/bus.ts

🚧 Files skipped from review as they are similar to previous changes (2)

• packages/hydrooj/src/service/bus.ts
• packages/hydrooj/src/handler/user.ts

---

Walkthrough

Two new typed bus events are added to the EventMap interface in bus.ts: 'auth/before-login' and 'auth/login', both accepting a Handler and User parameter and returning VoidReturn. In user.ts, the successfulAuth method is updated to fire ctx.serial('auth/before-login', this, udoc) before persisting loginat/loginip, and ctx.serial('auth/login', this, udoc) after logging user.loginSuccess.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'core: auth/login event' directly reflects the main changes: adding auth/login and auth/before-login event signatures to the EventMap interface and integrating them into the login flow.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

packages/hydrooj/src/handler/user.ts

ESLint skipped: missing config or dependency (missing-dependency). The ESLint configuration references a package that is not available in the sandbox.

packages/hydrooj/src/service/bus.ts

ESLint skipped: the ESLint configuration for this file references a package that is not available in the sandbox.

Warning

Review ran into problems

🔥 Problems

Stopped waiting for pipeline failures after 30000ms. One of your pipelines takes longer than our 30000ms fetch window to run, so review may not consider pipeline-failure results for inline comments if any failures occurred after the fetch window. Increase the timeout if you want to wait longer or run a @coderabbit review after the pipeline has finished.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

packages/hydrooj/src/handler/user.ts (1)

34-49: 💤 Low value

Consider whether auth/login subscribers need fresh login metadata.

The udoc passed to both events is the same object fetched before the user.setById call at line 36. Subscribers to auth/login won't see the updated loginat/loginip values in udoc since those are persisted to the database but not reflected back into the object.

If subscribers are expected to access fresh login metadata, consider either:

1. Re-fetching udoc before emitting auth/login, or
2. Documenting that udoc reflects pre-persistence state

If this is intentional (event represents user at authentication time, not after DB update), the current implementation is fine.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/hydrooj/src/handler/user.ts` around lines 34 - 49, The udoc object
passed to the auth/login event at line 48 contains stale data because it was not
updated after the user.setById call at line 36 persisted the loginat and loginip
values to the database. If subscribers to the auth/login event need access to
the fresh login metadata (loginat and loginip), re-fetch the udoc using
user.getById or similar before passing it to the ctx.serial('auth/login', udoc)
call. If the current behavior is intentional (meaning the event should receive
the user state at authentication time before database persistence), add a
comment documenting this design decision to clarify for future maintainers.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@packages/hydrooj/src/handler/user.ts`:
- Around line 34-49: The udoc object passed to the auth/login event at line 48
contains stale data because it was not updated after the user.setById call at
line 36 persisted the loginat and loginip values to the database. If subscribers
to the auth/login event need access to the fresh login metadata (loginat and
loginip), re-fetch the udoc using user.getById or similar before passing it to
the ctx.serial('auth/login', udoc) call. If the current behavior is intentional
(meaning the event should receive the user state at authentication time before
database persistence), add a comment documenting this design decision to clarify
for future maintainers.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 9314f40b-44ca-4c8c-b81d-bf42c50ca12f

📥 Commits

Reviewing files that changed from the base of the PR and between a6cdbb9 and b4f2688.

📒 Files selected for processing (2)

• packages/hydrooj/src/handler/user.ts
• packages/hydrooj/src/service/bus.ts

[undefined-moe]

Also attach handler context might be better. (In case of redirecting user to specific page, showing notificatons, etc)