fix: update CSP directives

pranavosu · web-flow · commit d140fbdea8a9 · 2025-12-09T08:14:53.000-08:00
diff --git a/.node-version b/.node-version
@@ -1 +1 @@
-v18.10.0
+v18
diff --git a/apps/discord-bot-frontend/package.json b/apps/discord-bot-frontend/package.json
@@ -18,8 +18,8 @@
     "prepare": "svelte-kit sync"
   },
   "dependencies": {
-    "@auth/core": "^0.28.1",
-    "@auth/sveltekit": "^0.3.6",
+    "@auth/core": "^0.37.0",
+    "@auth/sveltekit": "^1.7.0",
     "@aws-crypto/sha256-js": "^2.0.1",
     "@carbon/styles": "^1.48.1",
     "@discordjs/builders": "^1.1.0",
@@ -45,7 +45,7 @@
     "@aws-amplify/discord-bot-tsconfig": "workspace:*",
     "@carbon/charts": "^1.5.2",
     "@carbon/charts-svelte": "^1.13.25",
-    "@playwright/test": "^1.37.1",
+    "@playwright/test": "^1.49.0",
     "@sveltejs/adapter-node": "^4.0.1",
     "@sveltejs/kit": "^2.5.0",
     "@sveltejs/vite-plugin-svelte": "^3.0.2",
diff --git a/apps/discord-bot-frontend/src/app.d.ts b/apps/discord-bot-frontend/src/app.d.ts
@@ -21,6 +21,7 @@ interface AppSession extends Auth.Session {
 declare global {
   namespace App {
     interface Locals {
+      auth: () => Promise<AppSession | null>
       session?: AppSession
       // Guild ID of the guild the user is currently viewing
       guildId: string
@@ -35,3 +36,5 @@ declare global {
     interface Stuff {}
   }
 }
+
+export type { User, AppSession }
diff --git a/apps/discord-bot-frontend/src/lib/server/hooks/handle-auth.ts b/apps/discord-bot-frontend/src/lib/server/hooks/handle-auth.ts
@@ -6,4 +6,5 @@ import { config } from '$lib/auth/config'
  * @todo use session callback to extend session?
  * @todo port in changes to apply roles in discord based on GitHub org membership (if integration is enabled)
  */
-export const handleAuth = SvelteKitAuth(config) satisfies Handle
+const { handle } = SvelteKitAuth(config)
+export const handleAuth = handle satisfies Handle
diff --git a/apps/discord-bot-frontend/src/lib/server/hooks/handle-set-session-locals.ts b/apps/discord-bot-frontend/src/lib/server/hooks/handle-set-session-locals.ts
@@ -4,7 +4,7 @@ import type { Handle } from '@sveltejs/kit'
  * Hook to set session on event.locals
  */
 export const handleSetSessionLocals: Handle = async ({ event, resolve }) => {
-  const session = await event.locals.getSession()
+  const session = await event.locals.auth()
   if (session) {
     event.locals.session = session
   }
diff --git a/apps/discord-bot-frontend/svelte.config.js b/apps/discord-bot-frontend/svelte.config.js
@@ -24,7 +24,7 @@ const config = {
         'connect-src': ['self', 'https://discord.com'],
         'img-src': ['self', 'data:', 'https://cdn.discordapp.com'],
         'script-src': ['self'],
-        'style-src': ['self', 'unsafe-inline'],
+        'style-src': ['self'],
         // https://1.www.s81c.com/ is for Carbon fonts
         'font-src': ['self', 'https://1.www.s81c.com/', 'data:'],
       },
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml

Original file line number	Diff line number	Diff line change
`@@ -21,6 +21,7 @@ interface AppSession extends Auth.Session {`
`21`	`21`	`declare global {`
`22`	`22`	`namespace App {`
`23`	`23`	`interface Locals {`
	`24`	`+ auth: () => Promise<AppSession \| null>`
`24`	`25`	`session?: AppSession`
`25`	`26`	`// Guild ID of the guild the user is currently viewing`
`26`	`27`	`guildId: string`
`@@ -35,3 +36,5 @@ declare global {`
`35`	`36`	`interface Stuff {}`
`36`	`37`	`}`
`37`	`38`	`}`
	`39`	`+`
	`40`	`+export type { User, AppSession }`
Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,7 @@ import type { Handle } from '@sveltejs/kit'`
`4`	`4`	`* Hook to set session on event.locals`
`5`	`5`	`*/`
`6`	`6`	`export const handleSetSessionLocals: Handle = async ({ event, resolve }) => {`
`7`		`- const session = await event.locals.getSession()`
	`7`	`+ const session = await event.locals.auth()`
`8`	`8`	`if (session) {`
`9`	`9`	`event.locals.session = session`
`10`	`10`	`}`