accounts system, backups, pttm update, dependency updates

[ingoau]

Summary by CodeRabbit

• New Features

  • Introduced backup management, allowing users to create, import, export, restore, and delete local and cloud backups.
  • Added a dedicated "Backups" page and navigation entry for managing backups.
  • Integrated authentication and user profile management in the sidebar, with support for sign-in, sign-up, and sign-out.
  • Enabled Google One Tap sign-in and user identification for analytics.
  • Added analytics tracking for key user actions and settings changes.

• Improvements

  • Updated icon imports and UI components for consistency and enhanced appearance.
  • Enhanced sidebar with authentication UI and analytics event tracking.

• Bug Fixes

  • Corrected icon import paths for improved reliability.

• Chores

  • Updated and reorganized package dependencies.
  • Added configuration and schema files for backup and comment data.
  • Excluded generated and configuration files from code formatting.
  • Configured deployment workflows with new environment variables for build processes.

• Documentation

  • Added comments and structured code for maintainability and clarity.

[coderabbitai]

Walkthrough

This update introduces an account system with authentication via Clerk, cloud backup management using Convex, and analytics event tracking with PostHog. It adds new backend handlers, Svelte components, UI elements for backup operations, and updates workflow files and dependencies. The backup feature allows users to create, restore, and manage backups both locally and in the cloud.

Changes

Files/Paths	Change Summary
.github/workflows/beta_deploy.yml, .github/workflows/build.yml, .github/workflows/deploy.yml	Added environment variables PUBLIC_CLERK_PUBLISHABLE_KEY and PUBLIC_CONVEX_URL to the build steps in deployment and build workflows.
.prettierignore	Added src/convex/_generated and convex.json to ignored paths for Prettier.
convex.json	Added new configuration file specifying "functions": "src/convex/".
package.json	Updated dependencies: moved @lucide/svelte and lucide-svelte to dependencies with updated versions; added Clerk, Convex, and backup-related packages; upgraded several devDependencies including SvelteKit and TailwindCSS; added @types/jsonwebtoken.
src/convex/backups.ts, src/convex/schema.ts	Added Convex backend logic: schema definition for comments and backup tables; implemented authenticated backup CRUD handlers using JWT verification.
src/lib/components/app-sidebar.svelte, src/lib/components/sidebar-auth.svelte	Updated sidebar: added authentication UI, analytics tracking, new "Backups" navigation, and refactored icon imports. Introduced new SidebarAuth component for handling authentication and user profile display.
src/lib/components/play.svelte, src/lib/components/settings.svelte, src/routes/+page.svelte	Updated icon imports to new namespace. Added PostHog analytics tracking for user actions and settings changes.
src/lib/createBackup.ts, src/lib/restoreBackup.ts	Added utility functions to create and restore backups by serializing/deserializing browser storage and cookies, with filtering and error handling.
src/routes/+layout.svelte	Wrapped layout in ClerkProvider for authentication, initialized Convex client, and added Google One Tap and user identification components.
src/routes/backups/+page.svelte, src/routes/backups/backup.svelte	Added new UI for managing backups: allows creating, restoring, deleting, and listing cloud backups with authentication, state management, and analytics tracking; includes import/export for local backups.
src/routes/identify.svelte	Added component to synchronize Clerk user identity with PostHog analytics.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant SvelteApp
    participant Clerk
    participant Convex
    participant PostHog

    User->>SvelteApp: Loads /backups page
    SvelteApp->>Clerk: Get session token (JWT)
    Clerk-->>SvelteApp: Returns JWT
    SvelteApp->>Convex: Query backups with JWT
    Convex-->>SvelteApp: Returns backup list

    User->>SvelteApp: Clicks "Create Backup"
    SvelteApp->>createBackup: Serialize storage/cookies
    createBackup-->>SvelteApp: Returns backup data
    SvelteApp->>Convex: Mutation create (JWT, name, data)
    Convex-->>SvelteApp: Confirms creation

    User->>SvelteApp: Clicks "Restore" on backup
    SvelteApp->>restoreBackup: Decode and restore storage/cookies
    restoreBackup-->>SvelteApp: Restores state
    SvelteApp->>User: Reloads page

    User->>SvelteApp: Clicks "Delete" on backup
    SvelteApp->>Convex: Mutation remove (JWT, backup ID)
    Convex-->>SvelteApp: Confirms deletion

    SvelteApp->>PostHog: Track user actions (create, restore, delete, etc.)

Loading

Possibly related PRs

• add some analytics events #410: Adds PostHog analytics event tracking to user interactions in backup-related UI components and sidebar elements, directly relating to the analytics features in this PR.
• add account system #402: Implements account system features, Convex schema, Clerk authentication, and backup management UI—directly overlapping with this PR’s scope and code.
• Revert "add account system" #405: Reverts the account system and backup management changes introduced in this PR, representing an inverse operation on the same functionality.

---

📜 Recent review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0e3a56e and c3c14f8.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (7)

• .github/workflows/beta_deploy.yml (1 hunks)
• .github/workflows/build.yml (1 hunks)
• .github/workflows/deploy.yml (1 hunks)
• package.json (1 hunks)
• src/convex/backups.ts (1 hunks)
• src/lib/restoreBackup.ts (1 hunks)
• src/routes/backups/+page.svelte (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (7)

• .github/workflows/beta_deploy.yml
• .github/workflows/deploy.yml
• .github/workflows/build.yml
• src/lib/restoreBackup.ts
• package.json
• src/convex/backups.ts
• src/routes/backups/+page.svelte

✨ Finishing Touches

• 📝 Generate Docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 20

🧹 Nitpick comments (6)

src/lib/createBackup.ts (2)

37-37: Remove debug console.log statement.

The console.log statement should be removed from production code or made conditional for debugging purposes.

- console.log(data);
+ // console.log(data); // Debug: uncomment for development

---

1-45: Consider adding browser compatibility checks and security improvements.

The function should handle edge cases and provide better security filtering:

export default function createBackup() {
  // Check for required APIs
  if (typeof localStorage === 'undefined' || typeof sessionStorage === 'undefined') {
    throw new Error('Storage APIs not available in this environment');
  }

  // More comprehensive filtering for sensitive data
  const isSensitiveKey = (key: string) => {
    const sensitivePatterns = ['__', 'clerk', 'ph', 'auth', 'token', 'session'];
    const sensitiveKeys = ['lastSeenSurveyDate', 'password', 'secret'];
    
    return sensitivePatterns.some(pattern => key.toLowerCase().startsWith(pattern)) ||
           sensitiveKeys.some(sensitiveKey => key.toLowerCase().includes(sensitiveKey));
  };

  // Rest of the function with enhanced filtering...
}

src/convex/schema.ts (1)

1-15: LGTM: Well-structured schema with suggestions for enhancement

The schema definition is clean and follows Convex conventions properly. Both tables are appropriately designed for their use cases.

Consider these optional enhancements:

• Add timestamp fields for audit trails (createdAt, updatedAt)
• Consider indexing strategies for the user field for performance
• Verify if gmaeid naming is consistent with your domain model (game vs gmae)

For improved data modeling, consider:

export default defineSchema({
	comments: defineTable({
		body: v.string(),
		gmaeid: v.string(),
-		user: v.string()
+		user: v.string(),
+		createdAt: v.number(),
+		updatedAt: v.optional(v.number())
-	}),
+	}).index("by_user", ["user"]).index("by_gmae", ["gmaeid"]),
	backup: defineTable({
		name: v.string(),
		data: v.string(),
-		user: v.string()
+		user: v.string(),
+		createdAt: v.number(),
+		updatedAt: v.optional(v.number())
-	})
+	}).index("by_user", ["user"])
});

src/lib/components/sidebar-auth.svelte (1)

115-122: Consider improving the UX for domain restrictions

The current implementation requires users to click through multiple UI elements before discovering the domain limitation. Consider showing this notice more prominently or automatically redirecting users.

src/routes/backups/backup.svelte (2)

42-42: Fix time format for better clarity

The current format uses hh which shows hours with leading zeros (e.g., "01:30 PM"). For 12-hour format, use h instead, or consider using 24-hour format for international users.

Apply one of these options:

-{dayjs(backup.creationTime).format('hh:mm a - DD/MM/YY')}
+{dayjs(backup.creationTime).format('h:mm A - DD/MM/YY')}

Or for 24-hour format:

-{dayjs(backup.creationTime).format('hh:mm a - DD/MM/YY')}
+{dayjs(backup.creationTime).format('HH:mm - DD/MM/YY')}

---

106-106: Enhance error logging with backup context

Include backup details in the error log to aid debugging.

-console.error('Failed to delete backup:', error);
+console.error('Failed to delete backup:', { backupId: backup.id, backupName: backup.name, error });

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e912f1e and 0e3a56e.

⛔ Files ignored due to path filters (6)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
• src/convex/_generated/api.d.ts is excluded by !**/_generated/**
• src/convex/_generated/api.js is excluded by !**/_generated/**
• src/convex/_generated/dataModel.d.ts is excluded by !**/_generated/**
• src/convex/_generated/server.d.ts is excluded by !**/_generated/**
• src/convex/_generated/server.js is excluded by !**/_generated/**

📒 Files selected for processing (19)

• .github/workflows/beta_deploy.yml (1 hunks)
• .github/workflows/build.yml (1 hunks)
• .github/workflows/deploy.yml (1 hunks)
• .prettierignore (1 hunks)
• convex.json (1 hunks)
• package.json (2 hunks)
• src/convex/backups.ts (1 hunks)
• src/convex/schema.ts (1 hunks)
• src/lib/components/app-sidebar.svelte (4 hunks)
• src/lib/components/play.svelte (7 hunks)
• src/lib/components/settings.svelte (1 hunks)
• src/lib/components/sidebar-auth.svelte (1 hunks)
• src/lib/createBackup.ts (1 hunks)
• src/lib/restoreBackup.ts (1 hunks)
• src/routes/+layout.svelte (3 hunks)
• src/routes/+page.svelte (1 hunks)
• src/routes/backups/+page.svelte (1 hunks)
• src/routes/backups/backup.svelte (1 hunks)
• src/routes/identify.svelte (1 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

**/*.*

Instructions used from:

Sources:
⚙️ CodeRabbit Configuration File

🪛 Gitleaks (8.27.2)

.github/workflows/beta_deploy.yml

32-32: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

🔇 Additional comments (12)

src/routes/+page.svelte (1)

7-8: LGTM! Icon import migration looks correct.

The import path changes from lucide-svelte/icons/ to @lucide/svelte/icons/ align with the package consolidation mentioned in the summary where @lucide/svelte was moved to dependencies and lucide-svelte was removed.

convex.json (1)

1-3: LGTM! Standard Convex configuration.

The configuration correctly points to the Convex functions directory and follows the standard Convex project structure.

.github/workflows/build.yml (1)

25-27: LGTM: Environment variables properly configured for build

The addition of PUBLIC_CLERK_PUBLISHABLE_KEY and PUBLIC_CONVEX_URL environment variables is appropriate. These are public-facing configuration values that are safe to expose in the build environment.

.prettierignore (1)

5-7: LGTM: Appropriate exclusions for Convex integration

The additions correctly exclude generated Convex files and configuration from Prettier formatting, which is a best practice for auto-generated code and configuration files.

.github/workflows/beta_deploy.yml (1)

31-33: LGTM: Environment variables properly configured (static analysis false positive)

The environment variables are correctly added. The static analysis warning about the PUBLIC_CLERK_PUBLISHABLE_KEY is a false positive - Clerk publishable keys are designed to be exposed publicly and are safe to include in client-side builds and CI environments.

src/lib/components/play.svelte (3)

12-18: LGTM: Icon import path migration

The migration from lucide-svelte/icons/ to @lucide/svelte/icons/ is correctly implemented across all icon imports.

---

24-25: LGTM: Analytics dependencies properly imported

PostHog and onMount imports are correctly added for the analytics integration.

---

130-130: LGTM: Comprehensive analytics tracking for user interactions

The analytics events are well-placed to capture all major user interactions (reload, fullscreen, new tab, share, favorite) with appropriate metadata including the game ID. This provides good insight into user behavior patterns.

Also applies to: 143-143, 153-153, 163-163, 185-185

src/lib/components/app-sidebar.svelte (3)

20-35: LGTM! Clean integration of authentication and analytics.

The icon imports have been properly updated to use @lucide/svelte, and the new authentication-related imports are well organized. The analytics integration follows good practices.

Also applies to: 54-56

---

155-160: LGTM! Backups navigation properly gated behind experimental features.

The new "Backups" navigation item is correctly implemented and appropriately marked as experimental.

---

206-206: LGTM! Analytics events properly implemented.

The PostHog event tracking for search and sidebar toggle actions follows good analytics practices by capturing relevant context.

Also applies to: 384-384

src/lib/components/sidebar-auth.svelte (1)

69-73: LGTM!

The logout handler properly cleans up the session, resets analytics, and handles UI state.

[cloudflare-workers-and-pages]

Deploying edutools-testing with    Cloudflare Pages

Latest commit:	c3c14f8
Status:	✅  Deploy successful!
Preview URL:	https://cd68c95f.edutools-testing.pages.dev
Branch Preview URL:	https://219-feature-bug-report-witho.edutools-testing.pages.dev

View logs

[ingoau]

wtf it works on my machine...