Revitalize backend: working cloud saves, logout, and account UX

Cloud saves were fully built but never wired up — useCloudSave() hook was never called, no load-from-cloud flow existed, and there was no way to continue a saved game. Logout was completely missing (no endpoint, no UI). Accounts felt like a gate behind the invite wall rather than real accounts. Backend: add tokenVersion to users for server-side token invalidation, POST /auth/logout bumps it to revoke all JWTs, GET /auth/me returns profile, GET /saves/latest returns most recent save with full gameData. All createToken calls now include tokenVersion. Auth middleware rejects tokens with stale tokenVersion. Frontend: wire up useCloudSave() in App (auto-saves every 60 ticks with error handling), fetch cloud save on startup for registered users, show "Continue Your Game" card on NewGameScreen, add Log Out button with confirmation in Settings, show username in sidebar, 401 interceptor clears auth and reloads. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-28 19:32:03 -04:00
parent 2912d760cb
commit 2a6629af79
16 changed files with 732 additions and 23 deletions
@@ -0,0 +1 @@
+ALTER TABLE "users" ADD COLUMN "token_version" integer DEFAULT 0 NOT NULL;
@@ -0,0 +1,477 @@
+{
+  "id": "9324fe22-280a-4276-ace3-820f55654ec7",
+  "prevId": "8cfe4136-b228-464d-bf2c-e4f2e8c73ce1",
+  "version": "7",
+  "dialect": "postgresql",
+  "tables": {
+    "public.achievements": {
+      "name": "achievements",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true,
+          "default": "gen_random_uuid()"
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "achievement_id": {
+          "name": "achievement_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "unlocked_at": {
+          "name": "unlocked_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "achievements_user_id_idx": {
+          "name": "achievements_user_id_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "achievements_user_id_users_id_fk": {
+          "name": "achievements_user_id_users_id_fk",
+          "tableFrom": "achievements",
+          "tableTo": "users",
+          "columnsFrom": [
+            "user_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "no action",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.invitations": {
+      "name": "invitations",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true,
+          "default": "gen_random_uuid()"
+        },
+        "code": {
+          "name": "code",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_by": {
+          "name": "created_by",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "used_by": {
+          "name": "used_by",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "invitations_created_by_users_id_fk": {
+          "name": "invitations_created_by_users_id_fk",
+          "tableFrom": "invitations",
+          "tableTo": "users",
+          "columnsFrom": [
+            "created_by"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "no action",
+          "onUpdate": "no action"
+        },
+        "invitations_used_by_users_id_fk": {
+          "name": "invitations_used_by_users_id_fk",
+          "tableFrom": "invitations",
+          "tableTo": "users",
+          "columnsFrom": [
+            "used_by"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "no action",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "invitations_code_unique": {
+          "name": "invitations_code_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "code"
+          ]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.leaderboard": {
+      "name": "leaderboard",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true,
+          "default": "gen_random_uuid()"
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "company_name": {
+          "name": "company_name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "category": {
+          "name": "category",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "score": {
+          "name": "score",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "era": {
+          "name": "era",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "tick_count": {
+          "name": "tick_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "submitted_at": {
+          "name": "submitted_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "leaderboard_category_score_idx": {
+          "name": "leaderboard_category_score_idx",
+          "columns": [
+            {
+              "expression": "category",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "score",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "leaderboard_user_id_users_id_fk": {
+          "name": "leaderboard_user_id_users_id_fk",
+          "tableFrom": "leaderboard",
+          "tableTo": "users",
+          "columnsFrom": [
+            "user_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "no action",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.saves": {
+      "name": "saves",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true,
+          "default": "gen_random_uuid()"
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "company_name": {
+          "name": "company_name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "save_version": {
+          "name": "save_version",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "game_data": {
+          "name": "game_data",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "tick_count": {
+          "name": "tick_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "era": {
+          "name": "era",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'startup'"
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "saves_user_id_idx": {
+          "name": "saves_user_id_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "saves_user_id_users_id_fk": {
+          "name": "saves_user_id_users_id_fk",
+          "tableFrom": "saves",
+          "tableTo": "users",
+          "columnsFrom": [
+            "user_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "no action",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.users": {
+      "name": "users",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true,
+          "default": "gen_random_uuid()"
+        },
+        "anon_token": {
+          "name": "anon_token",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "gen_random_uuid()"
+        },
+        "username": {
+          "name": "username",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "email": {
+          "name": "email",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "password_hash": {
+          "name": "password_hash",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "role": {
+          "name": "role",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'user'"
+        },
+        "must_reset_password": {
+          "name": "must_reset_password",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "token_version": {
+          "name": "token_version",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "last_seen_at": {
+          "name": "last_seen_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "users_anon_token_unique": {
+          "name": "users_anon_token_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "anon_token"
+          ]
+        },
+        "users_username_unique": {
+          "name": "users_username_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "username"
+          ]
+        },
+        "users_email_unique": {
+          "name": "users_email_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "email"
+          ]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    }
+  },
+  "enums": {},
+  "schemas": {},
+  "sequences": {},
+  "roles": {},
+  "policies": {},
+  "views": {},
+  "_meta": {
+    "columns": {},
+    "schemas": {},
+    "tables": {}
+  }
+}
@@ -8,6 +8,13 @@
      "when": 1777333216602,
      "tag": "0000_tearful_hedge_knight",
      "breakpoints": true
+    },
+    {
+      "idx": 1,
+      "version": "7",
+      "when": 1777417629552,
+      "tag": "0001_certain_aaron_stack",
+      "breakpoints": true
    }
  ]
 }
@@ -8,6 +8,7 @@ export const users = pgTable('users', {
  passwordHash: text('password_hash'),
  role: text('role').notNull().default('user'),
  mustResetPassword: boolean('must_reset_password').notNull().default(false),
+  tokenVersion: integer('token_version').notNull().default(0),
  createdAt: timestamp('created_at').defaultNow().notNull(),
  lastSeenAt: timestamp('last_seen_at').defaultNow().notNull(),
 });
@@ -14,10 +14,11 @@ export async function createToken(
  role: string,
  username: string | null,
  mustResetPassword: boolean,
+  tokenVersion: number = 0,
 ): Promise<string> {
  const now = Math.floor(Date.now() / 1000);
  return sign(
-    { sub: userId, email, role, username, mustResetPassword, iat: now, exp: now + JWT_EXPIRY_SECONDS },
+    { sub: userId, email, role, username, mustResetPassword, tokenVersion, iat: now, exp: now + JWT_EXPIRY_SECONDS },
    getJwtSecret(),
  );
 }
@@ -28,6 +29,7 @@ export async function verifyToken(token: string): Promise<{
  role: string;
  username: string | null;
  mustResetPassword: boolean;
+  tokenVersion: number;
 }> {
  const payload = await verify(token, getJwtSecret(), 'HS256');
  return {
@@ -36,5 +38,6 @@ export async function verifyToken(token: string): Promise<{
    role: (payload.role as string) ?? 'user',
    username: (payload.username as string) ?? null,
    mustResetPassword: (payload.mustResetPassword as boolean) ?? false,
+    tokenVersion: (payload.tokenVersion as number) ?? 0,
  };
 }
@@ -27,6 +27,10 @@ export const authMiddleware = createMiddleware<AppEnv>(async (c, next) => {
      return c.json({ error: 'Invalid token' }, 401);
    }

+    if (payload.tokenVersion !== user.tokenVersion) {
+      return c.json({ error: 'Token has been revoked' }, 401);
+    }
+
    await db
      .update(users)
      .set({ lastSeenAt: new Date() })
@@ -40,6 +44,7 @@ export const authMiddleware = createMiddleware<AppEnv>(async (c, next) => {
      email: user.email,
      role: user.role,
      mustResetPassword: user.mustResetPassword,
+      tokenVersion: user.tokenVersion,
    });
    await next();
  } catch {
@@ -1,5 +1,5 @@
 import { Hono } from 'hono';
-import { eq, or } from 'drizzle-orm';
+import { eq, or, sql } from 'drizzle-orm';
 import bcrypt from 'bcryptjs';
 import { db } from '../db';
 import { users } from '../db/schema';
@@ -15,7 +15,7 @@ auth.post('/anonymous', async (c) => {
    .values({})
    .returning();

-  const token = await createToken(user.id, null, 'user', null, false);
+  const token = await createToken(user.id, null, 'user', null, false, 0);
  return c.json({ userId: user.id, token });
 });

@@ -80,7 +80,7 @@ auth.post('/register', authMiddleware, async (c) => {
    .where(eq(users.id, userId))
    .returning();

-  const token = await createToken(updated.id, updated.email, updated.role, updated.username, false);
+  const token = await createToken(updated.id, updated.email, updated.role, updated.username, false, updated.tokenVersion);
  return c.json({ userId: updated.id, token });
 });

@@ -106,7 +106,7 @@ auth.post('/login', async (c) => {
    return c.json({ error: 'Invalid credentials' }, 401);
  }

-  const token = await createToken(user.id, user.email, user.role, user.username, user.mustResetPassword);
+  const token = await createToken(user.id, user.email, user.role, user.username, user.mustResetPassword, user.tokenVersion);
  return c.json({ userId: user.id, token });
 });

@@ -141,12 +141,13 @@ auth.post('/change-password', authMiddleware, async (c) => {
  }

  const passwordHash = await bcrypt.hash(newPassword, 10);
-  await db
+  const [updated] = await db
    .update(users)
-    .set({ passwordHash, mustResetPassword: false })
-    .where(eq(users.id, user.id));
+    .set({ passwordHash, mustResetPassword: false, tokenVersion: sql`${users.tokenVersion} + 1` })
+    .where(eq(users.id, user.id))
+    .returning({ tokenVersion: users.tokenVersion });

-  const token = await createToken(user.id, user.email, user.role, user.username, false);
+  const token = await createToken(user.id, user.email, user.role, user.username, false, updated.tokenVersion);
  return c.json({ success: true, token });
 });

@@ -176,7 +177,7 @@ auth.post('/change-username', authMiddleware, async (c) => {
    .set({ username })
    .where(eq(users.id, user.id));

-  const token = await createToken(user.id, user.email, user.role, username, user.mustResetPassword);
+  const token = await createToken(user.id, user.email, user.role, username, user.mustResetPassword, user.tokenVersion);
  return c.json({ success: true, token });
 });

@@ -230,8 +231,29 @@ auth.post('/change-email', authMiddleware, async (c) => {
    .set({ email })
    .where(eq(users.id, user.id));

-  const token = await createToken(user.id, email, user.role, user.username, user.mustResetPassword);
+  const token = await createToken(user.id, email, user.role, user.username, user.mustResetPassword, user.tokenVersion);
  return c.json({ success: true, token });
 });

+auth.post('/logout', authMiddleware, async (c) => {
+  const user = c.get('user');
+
+  await db
+    .update(users)
+    .set({ tokenVersion: sql`${users.tokenVersion} + 1` })
+    .where(eq(users.id, user.id));
+
+  return c.json({ success: true });
+});
+
+auth.get('/me', authMiddleware, async (c) => {
+  const user = c.get('user');
+  return c.json({
+    id: user.id,
+    username: user.username,
+    email: user.email,
+    role: user.role,
+  });
+});
+
 export { auth };
@@ -28,6 +28,19 @@ savesRouter.get('/', async (c) => {
  return c.json({ saves: userSaves });
 });

+savesRouter.get('/latest', async (c) => {
+  const userId = c.get('userId') as string;
+
+  const [save] = await db
+    .select()
+    .from(saves)
+    .where(eq(saves.userId, userId))
+    .orderBy(desc(saves.updatedAt))
+    .limit(1);
+
+  return c.json({ save: save ?? null });
+});
+
 savesRouter.get('/:id', async (c) => {
  const userId = c.get('userId') as string;
  const saveId = c.req.param('id');
@@ -8,6 +8,7 @@ export type AppEnv = {
      email: string | null;
      role: string;
      mustResetPassword: boolean;
+      tokenVersion: number;
    };
  };
 };
				`@@ -0,0 +1 @@`
				`ALTER TABLE "users" ADD COLUMN "token_version" integer DEFAULT 0 NOT NULL;`