fix(auth): resolve stale auth data issue

[chef0111]

Summary by CodeRabbit

• New Features

  • Added S3/AWS environment variables for S3 bucket configuration.

• Bug Fixes

  • Logout now performs a full-page redirect for consistent session handling.
  • Authentication routes set to no-cache to prevent stale auth state.

• Documentation

  • Updated Quick Start and .env examples with embedding model and S3 variables; adjusted headings.

• Chores / Refactor

  • Removed built-in Markdown editor components and migrated related imports.
  • Updated a Markdown rendering import and bumped/removed dependencies.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
dev4room	Ready	Preview, Comment	Feb 13, 2026 3:04pm

[coderabbitai]

Walkthrough

Adds S3/AWS environment variables and docs; updates Next.js headers to disable caching for auth API routes; replaces client-side logout navigation with full-page redirects; removes legacy markdown editor components, updates multiple import paths, and bumps/removes related package deps.

Changes

Cohort / File(s)	Summary
S3 / Docs /.env.example, README.md	Adds AWS S3 env vars (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_ENDPOINT_URL_S3, AWS_ENDPOINT_URL_IAM, AWS_REGION, NEXT_PUBLIC_S3_BUCKET) and updates Quick Start examples; minor embedding env formatting changes.
Auth cache header next.config.ts	Adds headers rule to set Cache-Control: no-store, no-cache, must-revalidate for /api/auth/:path*.
Logout flow (UI) src/components/modules/dashboard/nav-user.tsx, src/components/modules/profile/user-nav.tsx	Removes useRouter usage; replaces router.push/refresh with window.location.href = "/" for logout navigation.
Markdown editor removal & import updates src/components/markdown/index.tsx (deleted), src/components/markdown/markdown-editor.tsx (deleted), src/components/.../markdown-preview.tsx, src/components/.../editor-fallback and numerous components using @/components/markdown/* → @/components/editor/markdown/* (e.g., src/app/.../user-posts.tsx, src/app/.../loading.tsx, src/components/form/form-markdown.tsx, src/components/modules/...)	Removes legacy markdown editor components; updates many import paths to the new src/components/editor/markdown/... location and swaps theme import path for preview theme.
Dependencies package.json	Removes @mdxeditor/editor and bumps next-mdx-remote from ^5.0.0 → ^6.0.0.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• fix(editor): markdown preview issues #136 — touches markdown preview/editor utilities and formatting; likely overlaps with the import/path and theme changes.
• feat(ui): ask question page #42 — adds/removes editor components and alters editor-related dependencies; directly related to the deleted editor files and package.json edits.
• Staging #134 — introduces new editor/form modules under src/components/editor and changes MDX/Editor integrations, matching the import migration in this PR.

Poem

🐰 I hopped through code with nimble paws,

S3 keys tucked in tidy rows;
Auth guards bloom, caches swept away,
Old editors hopped to fields of day.
🍃 A carrot click — the site refreshes new.

🚥 Pre-merge checks | ✅ 1 | ❌ 3

❌ Failed checks (3 warnings)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The PR title describes fixing stale auth data, but the actual changes focus primarily on refactoring markdown components, reorganizing imports, updating dependencies, and modifying logout navigation - with auth fixes being only a small portion of the changeset.	Consider a more comprehensive title that reflects the main changes, such as 'refactor: reorganize markdown components and update editor dependencies' or split into multiple focused PRs by concern.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Merge Conflict Detection	⚠️ Warning	❌ Merge conflicts detected (13 files): ⚔️ .env.example (content) ⚔️ bun.lock (content) ⚔️ next.config.ts (content) ⚔️ package.json (content) ⚔️ src/app/(root)/(account)/[username]/user-tabs/user-posts.tsx (content) ⚔️ src/app/(root)/(dashboard)/questions/[id]/edit/loading.tsx (content) ⚔️ src/app/(root)/(dashboard)/questions/[id]/loading.tsx (content) ⚔️ src/components/form/form-markdown.tsx (content) ⚔️ src/components/modules/answers/answer-card.tsx (content) ⚔️ src/components/modules/answers/answer-list.tsx (content) ⚔️ src/components/modules/dashboard/nav-user.tsx (content) ⚔️ src/components/modules/profile/user-nav.tsx (content) ⚔️ src/components/modules/questions/question-content.tsx (content) These conflicts must be resolved before merging into main.	Resolve conflicts locally and push changes to this branch.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch staging

⚔️ Resolve merge conflicts (beta)

• Auto-commit resolved conflicts to branch staging
• Create stacked PR with resolved conflicts
• Post resolved changes as copyable diffs in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

next.config.ts (1)

52-74: ⚠️ Potential issue | 🔴 Critical

Auth cache-control header will be overridden by the catch-all rule.

In Next.js, when multiple headers() rules match the same path, all matching headers are applied. For /api/auth/:path*, both the auth-specific rule (line 52–61) and the catch-all rule (line 62–74) match. Since they set the same Cache-Control key, the later rule (line 62–74) takes precedence, overriding your no-store directive with public caching that allows 1-hour CDN caching.

This causes auth endpoints to be cached at the Vercel Edge Network, risking stale auth state.

Reorder the rules so the auth-specific rule comes after the catch-all, or exclude auth routes from the catch-all using a has or missing condition to prevent the override.

🤖 Fix all issues with AI agents

In @.env.example:
- Line 38: The .env.example file is missing a trailing newline after the last
entry (NEXT_PUBLIC_S3_BUCKET=); add a single newline character at EOF so the
file ends with a blank line (no extra whitespace or characters) to satisfy
dotenv-linter and POSIX conventions.

In `@src/components/modules/dashboard/nav-user.tsx`:
- Around line 115-125: The toast.success call in LogoutItem.handleLogout runs
immediately before the hard redirect (window.location.href = "/"), which
prevents the toast from being visible; update handleLogout to either remove the
toast or delay the redirect so the toast can render (e.g., show
toast.success(...) then perform the redirect inside a short setTimeout or use
the SPA router navigation instead of window.location.href). Locate LogoutItem
and its async handleLogout function (which calls authClient.signOut,
toast.success, and window.location.href) and implement the chosen approach so
the toast is visible before navigation.

In `@src/components/modules/profile/user-nav.tsx`:
- Around line 126-137: The LogoutItem component’s handleLogout calls
toast.success and immediately forces a hard redirect, causing the toast to be
cut off; change the flow in LogoutItem (and the other nav LogoutItem in
nav-user.tsx) to wait briefly or await a toast display before setting
window.location.href, and refactor the duplicated logic into a shared useLogout
hook or utility (export a useLogout or logoutUser function that performs
authClient.signOut, handles toast.error/toast.success and the delayed redirect)
then import and call that from both LogoutItem components to remove duplication.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Add a trailing newline at end of file.

Static analysis (dotenv-linter) flags the missing blank line at EOF. Most tools and POSIX conventions expect a trailing newline.

 NEXT_PUBLIC_S3_BUCKET=
+

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	NEXT_PUBLIC_S3_BUCKET=
	NEXT_PUBLIC_S3_BUCKET=

🧰 Tools

🪛 dotenv-linter (4.0.0)

[warning] 38-38: [EndingBlankLine] No blank line at the end of the file

(EndingBlankLine)

🤖 Prompt for AI Agents

In @.env.example at line 38, The .env.example file is missing a trailing newline
after the last entry (NEXT_PUBLIC_S3_BUCKET=); add a single newline character at
EOF so the file ends with a blank line (no extra whitespace or characters) to
satisfy dotenv-linter and POSIX conventions.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Toast may not be visible before the hard redirect.

toast.success(...) on line 122 fires right before window.location.href = "/" on line 123. The full-page navigation will likely destroy the DOM before the toast renders or becomes readable. Consider either removing the toast or deferring the redirect briefly.

Option: small delay before redirect

     } else {
       toast.success("Logged out successfully");
-      window.location.href = "/";
+      setTimeout(() => {
+        window.location.href = "/";
+      }, 300);
     }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	function LogoutItem() {
	const router = useRouter();
	async function handleLogout() {
	const { error } = await authClient.signOut();
	if (error) {
	toast.error(error.message || "Something went wrong");
	} else {
	toast.success("Logged out successfully");
	router.push("/");
	router.refresh();
	window.location.href = "/";
	}
	}
	function LogoutItem() {
	async function handleLogout() {
	const { error } = await authClient.signOut();
	if (error) {
	toast.error(error.message || "Something went wrong");
	} else {
	toast.success("Logged out successfully");
	setTimeout(() => {
	window.location.href = "/";
	}, 300);
	}
	}

🤖 Prompt for AI Agents

In `@src/components/modules/dashboard/nav-user.tsx` around lines 115 - 125, The
toast.success call in LogoutItem.handleLogout runs immediately before the hard
redirect (window.location.href = "/"), which prevents the toast from being
visible; update handleLogout to either remove the toast or delay the redirect so
the toast can render (e.g., show toast.success(...) then perform the redirect
inside a short setTimeout or use the SPA router navigation instead of
window.location.href). Locate LogoutItem and its async handleLogout function
(which calls authClient.signOut, toast.success, and window.location.href) and
implement the chosen approach so the toast is visible before navigation.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Same toast-before-redirect issue as in nav-user.tsx; also consider extracting shared logout logic.

The same toast visibility concern applies here. Additionally, both LogoutItem components (here and in nav-user.tsx) share identical handleLogout logic. Consider extracting a shared useLogout hook or utility to avoid duplication.

🤖 Prompt for AI Agents

In `@src/components/modules/profile/user-nav.tsx` around lines 126 - 137, The
LogoutItem component’s handleLogout calls toast.success and immediately forces a
hard redirect, causing the toast to be cut off; change the flow in LogoutItem
(and the other nav LogoutItem in nav-user.tsx) to wait briefly or await a toast
display before setting window.location.href, and refactor the duplicated logic
into a shared useLogout hook or utility (export a useLogout or logoutUser
function that performs authClient.signOut, handles toast.error/toast.success and
the delayed redirect) then import and call that from both LogoutItem components
to remove duplication.

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/components/editor/markdown/markdown-preview.tsx (1)

22-22: ⚠️ Potential issue | 🟡 Minor

Typo: break-workds → break-words.

Pre-existing typo in the CSS class name on this line. Worth fixing while you're touching this file.

Proposed fix

-    <section className="markdown break-workds grid">
+    <section className="markdown break-words grid">