Problem
PR #13 (handle selection on signup) introduced and worsened several oversized functions/files. These should be decomposed for maintainability.
packages/pds-core/src/index.ts (659 lines) — most urgent
The main() function contains all route handlers as inline closures. The /oauth/epds-callback handler alone is ~370 lines covering HMAC verification, handle validation, availability pre-check, account creation (two paths: chosen handle vs random fallback), device account upsert, and authorization code issuance. Every new feature makes this worse.
Suggested refactor: Extract route handlers into separate modules using the create*Router() factory pattern that auth-service already uses. The epds-callback handler should be further decomposed into helpers (e.g. verifyCallbackSignature(), createAccountWithHandle(), createAccountWithRandomHandle()).
packages/auth-service/src/routes/choose-handle.ts (581 lines) — new file
The POST /auth/choose-handle handler is 155 lines mixing validation, availability checking, HMAC signing, and redirect logic. The renderChooseHandlePage() HTML template is inherently large but could be extracted into its own module (consistent with how other template functions could be organized).
Suggested refactor: Extract POST handler logic into helpers. Consider a templates/ directory for HTML render functions if more pages follow this pattern.
packages/auth-service/src/routes/complete.ts (159 lines)
Grew modestly but now has three branches (new user → handle picker, consent needed, direct callback). Not critical yet but worth watching.
Context
These were noted during review of #13. The PR is being merged as-is since the functionality is correct; this issue tracks the follow-up refactoring.
Problem
PR #13 (handle selection on signup) introduced and worsened several oversized functions/files. These should be decomposed for maintainability.
packages/pds-core/src/index.ts(659 lines) — most urgentThe
main()function contains all route handlers as inline closures. The/oauth/epds-callbackhandler alone is ~370 lines covering HMAC verification, handle validation, availability pre-check, account creation (two paths: chosen handle vs random fallback), device account upsert, and authorization code issuance. Every new feature makes this worse.Suggested refactor: Extract route handlers into separate modules using the
create*Router()factory pattern that auth-service already uses. Theepds-callbackhandler should be further decomposed into helpers (e.g.verifyCallbackSignature(),createAccountWithHandle(),createAccountWithRandomHandle()).packages/auth-service/src/routes/choose-handle.ts(581 lines) — new fileThe
POST /auth/choose-handlehandler is 155 lines mixing validation, availability checking, HMAC signing, and redirect logic. TherenderChooseHandlePage()HTML template is inherently large but could be extracted into its own module (consistent with how other template functions could be organized).Suggested refactor: Extract POST handler logic into helpers. Consider a
templates/directory for HTML render functions if more pages follow this pattern.packages/auth-service/src/routes/complete.ts(159 lines)Grew modestly but now has three branches (new user → handle picker, consent needed, direct callback). Not critical yet but worth watching.
Context
These were noted during review of #13. The PR is being merged as-is since the functionality is correct; this issue tracks the follow-up refactoring.