Skip to content

skip token signature in dev mode #2793

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ryanbarlow97 wants to merge 8 commits into
base: main
Choose a base branch
from
Open

skip token signature in dev mode #2793

ryanbarlow97 wants to merge 8 commits into from
+27 −15

Conversation

@ryanbarlow97
Copy link
Contributor

@ryanbarlow97 ryanbarlow97 commented Jan 4, 2026
edited
Loading

Description:

Skip token signature when in dev, I keep getting issues 😢

Please complete the following:

  • I have added screenshots for all UI updates
  • I process any text displayed to the user through translateText() and I've added it to the en.json file
  • I have added relevant tests to the test directory
  • I confirm I have thoroughly tested these changes and take full responsibility for any bugs introduced

Please put your Discord username so you can be contacted if a bug or regression is found:

w.o.n

Copilot AI review requested due to automatic review settings January 4, 2026 21:35
@ryanbarlow97 ryanbarlow97 requested a review from a team as a code owner January 4, 2026 21:35
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Jan 4, 2026
edited
Loading

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Pre-merge checks

✅ Passed checks (3 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly describes the main change: skipping token signature verification in development mode, which matches the core modification in Worker.ts and jwt.ts files.
Description check ✅ Passed The description relates to the changeset by explaining the motivation (avoiding token signature issues in dev mode) and confirms testing, aligning with the dev-mode token verification bypass implemented in the code changes.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
📜 Recent review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f7ccee6 and a573487.

📒 Files selected for processing (1)
  • src/server/Worker.ts
🚧 Files skipped from review as they are similar to previous changes (1)
  • src/server/Worker.ts
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
  • GitHub Check: Analyze (javascript-typescript)
  • GitHub Check: Deploy to openfront.dev

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@ryanbarlow97 ryanbarlow97 changed the title skip in dev mode skip token signature in dev mode Jan 4, 2026
@ryanbarlow97 ryanbarlow97 added Backend Server-side features and systems - lobbies, matchmaking, accounts, APIs, etc. Bugfix Fixes a bug labels Jan 4, 2026
Copilot AI reviewed Jan 4, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds logic to skip token signature verification in development mode to avoid authentication issues during local development. The changes allow developers to bypass JWT validation and user permission checks when GAME_ENV is set to "dev".

Key changes:

  • Skip verifyClientToken() in dev mode, using clientID as persistentId instead
  • Skip getUserMe() call in dev mode, leaving roles and flares undefined
  • Add conditional logic to handle both production (authenticated) and dev (unauthenticated) flows

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@ryanbarlow97
Update src/server/Worker.ts
122881d 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
coderabbitai[bot]
coderabbitai bot previously approved these changes Jan 4, 2026
View reviewed changes
coderabbitai[bot]
coderabbitai bot previously approved these changes Jan 4, 2026
View reviewed changes
VectorSophie
VectorSophie reviewed Jan 5, 2026
View reviewed changes
VectorSophie
VectorSophie reviewed Jan 5, 2026
View reviewed changes
Copy link
Contributor

@VectorSophie VectorSophie left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was thinking of fixing this whenever i would locally test my PRs, this is a really good QoL change.

coderabbitai[bot]

This comment was marked as outdated.

Sign in to view

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@coderabbitai coderabbitai[bot] coderabbitai[bot] approved these changes

+1 more reviewer

@VectorSophie VectorSophie VectorSophie left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

@ryanbarlow97 ryanbarlow97

Labels

Backend Server-side features and systems - lobbies, matchmaking, accounts, APIs, etc. Bugfix Fixes a bug

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ryanbarlow97 @VectorSophie