Explorar el Código

[Docs] Recovery page useQuery rationale (StrictMode dedupe)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
User hace 2 meses
padre
commit
a54a5ca
Se han modificado 1 ficheros con 1 adiciones y 0 borrados
  1. 1 0
      CLAUDE.md

+ 1 - 0
CLAUDE.md

@@ -55,6 +55,7 @@ Tables: `users`, `groups`, `group_members`, `movies`, `landing_reel_posters`
 
 - Users: Supabase Anonymous Sign-In → JWT via GoTrue → cookie-based sessions via `@supabase/ssr`
 - Signout: `<SignOutButton />` in `(app)` header → `POST /api/auth/signout` → `queryClient.clear()` → hard nav to `/`. Linkable variant: `GET /logout` (redirects). No confirm dialog, even for users without a saved recovery code.
+- Recovery page (`/recovery`): code generation uses `useQuery` (not `useMutation`) keyed on `recovery-code-generate` with `staleTime/gcTime: Infinity` so React 19 StrictMode dev double-mount + post-signup nav don't lose the response. Reload regenerates (server overwrites `users.recovery_code`).
 - Recovery: 24-char alphanumeric (128-bit entropy), Argon2id hashed, single-use, claim rate-limited (5/15min per IP)
 - Admin: username + TOTP (otplib), iron-session v8 (HttpOnly, Secure, SameSite=Strict, 8h expiry)
 - GoTrue config: `GOTRUE_EXTERNAL_ANONYMOUS_USERS_ENABLED=true`, all other auth methods disabled