chore: update security patch of codebase.

chore: Update TODO and instruction list
2025-09-04 11:50:16 +05:30
parent 5c194a24d0
commit dc1d7c3157
9 changed files with 166 additions and 40 deletions
--- a/src/app/(main)/home/page.tsx
+++ b/src/app/(main)/home/page.tsx
@@ -27,6 +27,29 @@ export default function Home() {
    const selectedLNData = loanAccounts.find(acc => acc.stAccountNo === selectedLN);
    const [showBalance, setShowBalance] = useState(false);

+    // If back and forward button is clicked
+    useEffect(() => {
+        window.history.pushState(null, "", window.location.href);
+        const handlePopState = () => {
+            localStorage.removeItem("access_token");
+            sessionStorage.removeItem("access_token");
+            localStorage.removeItem("remitter_name");
+            router.push("/login");
+        };
+        const handleBeforeUnload = () => {
+            // logout on tab close / refresh
+            localStorage.removeItem("access_token");
+            sessionStorage.removeItem("access_token");
+            localStorage.removeItem("remitter_name");
+        };
+        window.addEventListener("popstate", handlePopState);
+        window.addEventListener("beforeunload", handleBeforeUnload);
+        return () => {
+            window.removeEventListener("popstate", handlePopState);
+            window.addEventListener("beforeunload", handleBeforeUnload);
+        };
+    }, []);
+
    async function handleFetchUserDetails() {
        try {
            const token = localStorage.getItem("access_token");
--- a/src/app/(main)/layout.tsx
+++ b/src/app/(main)/layout.tsx
@@ -16,10 +16,16 @@ export default function RootLayout({ children }: { children: React.ReactNode })
    const [userLastLoginDetails, setUserLastLoginDetails] = useState(null);
    const [custname, setCustname] = useState<string | null>(null);

+    function doLogout() {
+        localStorage.removeItem("access_token");
+        sessionStorage.removeItem("access_token");
+        localStorage.removeItem("remitter_name");
+        router.push("/login");
+    }
+
    async function handleLogout(e: React.FormEvent) {
        e.preventDefault();
-        localStorage.removeItem("access_token");
-        localStorage.removeItem("remitter_name");
+        doLogout()
        router.push("/login");
    }

@@ -65,6 +71,25 @@ export default function RootLayout({ children }: { children: React.ReactNode })
            });
        }
    }
+    useEffect(() => {
+        // Push fake history state to trap navigation
+        window.history.pushState(null, "", window.location.href);
+        const handlePopState = () => {
+            doLogout(); // logout when back/forward pressed
+        };
+        const handleBeforeUnload = (e: BeforeUnloadEvent) => {
+            // logout on tab close / refresh
+            localStorage.removeItem("access_token");
+            sessionStorage.removeItem("access_token");
+            localStorage.removeItem("remitter_name");
+        };
+        window.addEventListener("popstate", handlePopState);
+        window.addEventListener("beforeunload", handleBeforeUnload);
+        return () => {
+            window.removeEventListener("popstate", handlePopState);
+            window.addEventListener("beforeunload", handleBeforeUnload);
+        };
+    }, []);

    useEffect(() => {
        const token = localStorage.getItem("access_token");