Skip to content

Clear last email account id on log out#886

Merged
elie222 merged 4 commits intomainfrom
fix/clear-last-email-account-on-log-out
Nov 1, 2025
Merged

Clear last email account id on log out#886
elie222 merged 4 commits intomainfrom
fix/clear-last-email-account-on-log-out

Conversation

@elie222
Copy link
Owner

@elie222 elie222 commented Nov 1, 2025
edited by coderabbitai bot
Loading

Note

Clears LAST_EMAIL_ACCOUNT_COOKIE on session deletion (logout) via auth database hook; bumps version to v2.17.21.

  • Auth/Backend:
    • Add databaseHooks.session.delete.after in apps/web/utils/auth.ts to delete LAST_EMAIL_ACCOUNT_COOKIE on logout, with error logging.
  • Version:
    • Bump to v2.17.21.

Written by Cursor Bugbot for commit cb53987. Configure here.

Summary by CodeRabbit

Release v2.17.21

  • New Features

    • App now remembers the last-used email account per user so switching back is more reliable.
    • Improved handling of stored last-used account to support newer per-user formatting while remaining compatible with older data.

  • Bug Fixes

    • Logging out now clears the stored last-used email account to prevent stale data across sessions.

@vercel
Copy link

vercel bot commented Nov 1, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Updated (UTC)
inbox-zero Ready Ready Preview Nov 1, 2025 11:49pm

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Nov 1, 2025
edited
Loading

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

Refactors last-email-account cookie handling to store a JSON { userId, emailAccountId }, converts setter to an authenticated server action with schema, adds a clear action, updates provider and logout to use/clear the new format, adds exported cookie value type, and bumps version from v2.17.20 → v2.17.21.

Changes

Cohort / File(s) Summary
Version bump
version.txt		 Updated version from v2.17.20v2.17.21.
Email account cookie actions
apps/web/utils/actions/email-account-cookie.ts		 setLastEmailAccountAction converted to actionClientUser-wrapped server action with metadata and zod input schema; cookie payload now JSON { userId, emailAccountId }; new clearLastEmailAccountAction added to delete LAST_EMAIL_ACCOUNT_COOKIE.
Cookie types
apps/web/utils/cookies.ts		 Added exported LastEmailAccountCookieValue type { userId: string; emailAccountId: string }.
Account cookie read & redirects
apps/web/utils/account.ts		 Added getLastEmailAccountFromCookie(userId) helper that reads JSON or falls back to old plain-string format, validates userId, returns emailAccountId or null; redirect logic updated to use per-user lookup.
Provider callsite
apps/web/providers/EmailAccountProvider.tsx		 Updated callsite to pass object: setLastEmailAccountAction({ emailAccountId }) (matches new input schema).
Logout flow
apps/web/utils/user.ts		 Imports and calls clearLastEmailAccountAction() at start of logOut() before invoking signOut() to remove cookie on logout.

Sequence Diagram(s)

sequenceDiagram
    participant Browser
    participant Provider as EmailAccountProvider
    participant SetAction as setLastEmailAccountAction
    participant CookieStore as Cookie Store
    participant User as user.ts
    participant ClearAction as clearLastEmailAccountAction
    participant SignOut as signOut

    Browser->>Provider: emailAccountId changes
    Provider->>SetAction: setLastEmailAccountAction({ emailAccountId })
    SetAction->>CookieStore: write LAST_EMAIL_ACCOUNT_COOKIE = JSON({ userId, emailAccountId })
    CookieStore-->>SetAction: OK
    SetAction-->>Provider: ack

    Browser->>User: trigger logout
    User->>ClearAction: clearLastEmailAccountAction()
    ClearAction->>CookieStore: delete LAST_EMAIL_ACCOUNT_COOKIE
    CookieStore-->>ClearAction: OK
    ClearAction-->>User: ack
    User->>SignOut: signOut()
    SignOut-->>Browser: logout complete
Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

  • Review actionClientUser metadata/schema and server-action wiring in email-account-cookie.ts.
  • Verify cookie read/write behavior and backward-compatible parsing in account.ts (JSON vs old plain string) and correct userId validation.
  • Confirm cookie deletion options/flags and ordering in user.ts's logout flow.
  • Ensure provider callsite aligns with new input schema and error handling around async server actions.

Possibly related PRs

Poem

🐰 I hop and tuck the cookie neat,
A tiny JSON, tidy and sweet.
I clear a path before I roam,
Then sign off and bound back home.
Fresh inbox grass beneath my feet — hooray! 🥕

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 14.29% which is insufficient. The required threshold is 80.00%. You can run @coderabbitai generate docstrings to improve docstring coverage.
✅ Passed checks (2 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check ✅ Passed The title "Clear last email account id on log out" directly aligns with the primary objective of this pull request, which is to clear the LAST_EMAIL_ACCOUNT_COOKIE when a user logs out by implementing a database hook. The title is concise, specific, and clearly communicates what the changeset accomplishes without ambiguity. All supporting changes (refactoring cookie handling, adding server actions, updating logout logic, and version bump) serve the core purpose captured in the title. The phrasing is clear and meaningful, avoiding vague terminology.
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch fix/clear-last-email-account-on-log-out

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Nov 1, 2025
View reviewed changes
Copy link
Contributor

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 2 files

coderabbitai[bot]
coderabbitai bot reviewed Nov 1, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between cb53987 and 4636434.

📒 Files selected for processing (2)
  • apps/web/utils/actions/email-account-cookie.ts (1 hunks)
  • apps/web/utils/user.ts (1 hunks)
🧰 Additional context used
📓 Path-based instructions (10)
apps/web/**/*.{ts,tsx}

📄 CodeRabbit inference engine (apps/web/CLAUDE.md)

apps/web/**/*.{ts,tsx}: Use TypeScript with strict null checks
Path aliases: Use @/ for imports from project root
Use proper error handling with try/catch blocks
Format code with Prettier
Leverage TypeScript inference for better DX

Files:

  • apps/web/utils/actions/email-account-cookie.ts
  • apps/web/utils/user.ts
apps/web/utils/actions/**/*.ts

📄 CodeRabbit inference engine (apps/web/CLAUDE.md)

apps/web/utils/actions/**/*.ts: Use server actions for all mutations (create/update/delete operations)
next-safe-action provides centralized error handling
Use Zod schemas for validation on both client and server
Use revalidatePath in server actions for cache invalidation

apps/web/utils/actions/**/*.ts: Use server actions (with next-safe-action) for all mutations (create/update/delete operations); do NOT use POST API routes for mutations.
Use revalidatePath in server actions to invalidate cache after mutations.

Files:

  • apps/web/utils/actions/email-account-cookie.ts
!{.cursor/rules/*.mdc}

📄 CodeRabbit inference engine (.cursor/rules/cursor-rules.mdc)

Never place rule files in the project root, in subdirectories outside .cursor/rules, or in any other location

Files:

  • apps/web/utils/actions/email-account-cookie.ts
  • apps/web/utils/user.ts
**/*.ts

📄 CodeRabbit inference engine (.cursor/rules/form-handling.mdc)

**/*.ts: The same validation should be done in the server action too
Define validation schemas using Zod

Files:

  • apps/web/utils/actions/email-account-cookie.ts
  • apps/web/utils/user.ts
**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/logging.mdc)

**/*.{ts,tsx}: Use createScopedLogger for logging in backend TypeScript files
Typically add the logger initialization at the top of the file when using createScopedLogger
Only use .with() on a logger instance within a specific function, not for a global logger

Import Prisma in the project using import prisma from "@/utils/prisma";

**/*.{ts,tsx}: Don't use TypeScript enums.
Don't use TypeScript const enum.
Don't use the TypeScript directive @ts-ignore.
Don't use primitive type aliases or misleading types.
Don't use empty type parameters in type aliases and interfaces.
Don't use any or unknown as type constraints.
Don't use implicit any type on variable declarations.
Don't let variables evolve into any type through reassignments.
Don't use non-null assertions with the ! postfix operator.
Don't misuse the non-null assertion operator (!) in TypeScript files.
Don't use user-defined types.
Use as const instead of literal types and type annotations.
Use export type for types.
Use import type for types.
Don't declare empty interfaces.
Don't merge interfaces and classes unsafely.
Don't use overload signatures that aren't next to each other.
Use the namespace keyword instead of the module keyword to declare TypeScript namespaces.
Don't use TypeScript namespaces.
Don't export imported variables.
Don't add type annotations to variables, parameters, and class properties that are initialized with literal expressions.
Don't use parameter properties in class constructors.
Use either T[] or Array consistently.
Initialize each enum member value explicitly.
Make sure all enum members are literal values.

Files:

  • apps/web/utils/actions/email-account-cookie.ts
  • apps/web/utils/user.ts
apps/web/utils/actions/*.ts

📄 CodeRabbit inference engine (.cursor/rules/server-actions.mdc)

apps/web/utils/actions/*.ts: Implement all server actions using the next-safe-action library for type safety, input validation, context management, and error handling. Refer to apps/web/utils/actions/safe-action.ts for client definitions (actionClient, actionClientUser, adminActionClient).
Use actionClientUser when only authenticated user context (userId) is needed.
Use actionClient when both authenticated user context and a specific emailAccountId are needed. The emailAccountId must be bound when calling the action from the client.
Use adminActionClient for actions restricted to admin users.
Access necessary context (like userId, emailAccountId, etc.) provided by the safe action client via the ctx object in the .action() handler.
Server Actions are strictly for mutations (operations that change data, e.g., creating, updating, deleting). Do NOT use Server Actions for data fetching (GET operations). For data fetching, use dedicated GET API Routes combined with SWR Hooks.
Use SafeError for expected/handled errors within actions if needed. next-safe-action provides centralized error handling.
Use the .metadata({ name: "actionName" }) method to provide a meaningful name for monitoring. Sentry instrumentation is automatically applied via withServerActionInstrumentation within the safe action clients.
If an action modifies data displayed elsewhere, use revalidatePath or revalidateTag from next/cache within the action handler as needed.

Server action files must start with use server

Files:

  • apps/web/utils/actions/email-account-cookie.ts
apps/web/utils/**

📄 CodeRabbit inference engine (.cursor/rules/project-structure.mdc)

Create utility functions in utils/ folder for reusable logic

Files:

  • apps/web/utils/actions/email-account-cookie.ts
  • apps/web/utils/user.ts
apps/web/utils/**/*.ts

📄 CodeRabbit inference engine (.cursor/rules/project-structure.mdc)

apps/web/utils/**/*.ts: Use lodash utilities for common operations (arrays, objects, strings)
Import specific lodash functions to minimize bundle size

Files:

  • apps/web/utils/actions/email-account-cookie.ts
  • apps/web/utils/user.ts
**/*.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/ultracite.mdc)

**/*.{js,jsx,ts,tsx}: Don't use elements in Next.js projects.
Don't use elements in Next.js projects.
Don't use namespace imports.
Don't access namespace imports dynamically.
Don't use global eval().
Don't use console.
Don't use debugger.
Don't use var.
Don't use with statements in non-strict contexts.
Don't use the arguments object.
Don't use consecutive spaces in regular expression literals.
Don't use the comma operator.
Don't use unnecessary boolean casts.
Don't use unnecessary callbacks with flatMap.
Use for...of statements instead of Array.forEach.
Don't create classes that only have static members (like a static namespace).
Don't use this and super in static contexts.
Don't use unnecessary catch clauses.
Don't use unnecessary constructors.
Don't use unnecessary continue statements.
Don't export empty modules that don't change anything.
Don't use unnecessary escape sequences in regular expression literals.
Don't use unnecessary labels.
Don't use unnecessary nested block statements.
Don't rename imports, exports, and destructured assignments to the same name.
Don't use unnecessary string or template literal concatenation.
Don't use String.raw in template literals when there are no escape sequences.
Don't use useless case statements in switch statements.
Don't use ternary operators when simpler alternatives exist.
Don't use useless this aliasing.
Don't initialize variables to undefined.
Don't use the void operators (they're not familiar).
Use arrow functions instead of function expressions.
Use Date.now() to get milliseconds since the Unix Epoch.
Use .flatMap() instead of map().flat() when possible.
Use literal property access instead of computed property access.
Don't use parseInt() or Number.parseInt() when binary, octal, or hexadecimal literals work.
Use concise optional chaining instead of chained logical expressions.
Use regular expression literals instead of the RegExp constructor when possible.
Don't use number literal object member names th...

Files:

  • apps/web/utils/actions/email-account-cookie.ts
  • apps/web/utils/user.ts
!pages/_document.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/ultracite.mdc)

!pages/_document.{js,jsx,ts,tsx}: Don't import next/document outside of pages/_document.jsx in Next.js projects.
Don't import next/document outside of pages/_document.jsx in Next.js projects.

Files:

  • apps/web/utils/actions/email-account-cookie.ts
  • apps/web/utils/user.ts
🧠 Learnings (4)
📚 Learning: 2025-07-18T17:27:58.249Z 
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/server-actions.mdc:0-0
Timestamp: 2025-07-18T17:27:58.249Z
Learning: Applies to apps/web/utils/actions/*.ts : Use `actionClient` when both authenticated user context and a specific `emailAccountId` are needed. The `emailAccountId` must be bound when calling the action from the client.

Applied to files:

  • apps/web/utils/actions/email-account-cookie.ts
  • apps/web/utils/user.ts
📚 Learning: 2025-07-18T15:04:30.467Z 
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: apps/web/CLAUDE.md:0-0
Timestamp: 2025-07-18T15:04:30.467Z
Learning: Applies to apps/web/app/api/**/route.ts : Use `withEmailAccount` for email-account-level operations

Applied to files:

  • apps/web/utils/actions/email-account-cookie.ts
  • apps/web/utils/user.ts
📚 Learning: 2025-07-18T15:04:30.467Z 
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: apps/web/CLAUDE.md:0-0
Timestamp: 2025-07-18T15:04:30.467Z
Learning: Applies to apps/web/utils/actions/**/*.ts : Use server actions for all mutations (create/update/delete operations)

Applied to files:

  • apps/web/utils/actions/email-account-cookie.ts
📚 Learning: 2025-07-08T13:14:07.449Z 
Learnt from: elie222
Repo: elie222/inbox-zero PR: 537
File: apps/web/app/(app)/[emailAccountId]/clean/onboarding/page.tsx:30-34
Timestamp: 2025-07-08T13:14:07.449Z
Learning: The clean onboarding page in apps/web/app/(app)/[emailAccountId]/clean/onboarding/page.tsx is intentionally Gmail-specific and should show an error for non-Google email accounts rather than attempting to support multiple providers.

Applied to files:

  • apps/web/utils/user.ts
🧬 Code graph analysis (2)
apps/web/utils/actions/email-account-cookie.ts (1)
apps/web/utils/cookies.ts (1)
  • LAST_EMAIL_ACCOUNT_COOKIE (4-4)
apps/web/utils/user.ts (1)
apps/web/utils/actions/email-account-cookie.ts (1)
  • clearLastEmailAccountAction (33-36)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
  • GitHub Check: cubic · AI code reviewer
  • GitHub Check: test

apps/web/utils/user.ts
import { clearLastEmailAccountAction } from "@/utils/actions/email-account-cookie";

export async function logOut(callbackUrl?: string) {
clearLastEmailAccountAction();
Copy link
Contributor

@coderabbitai coderabbitai bot Nov 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

Missing await causes race condition.

clearLastEmailAccountAction() is called without await, making it fire-and-forget. This creates a race condition where the cookie may not be cleared before signOut completes, defeating the PR's purpose of preventing stale account IDs. Additionally, any errors during cookie deletion will be silently ignored.

Apply this diff to properly await the cookie clearing:

 export async function logOut(callbackUrl?: string) {
-  clearLastEmailAccountAction();
+  await clearLastEmailAccountAction();

   await signOut({
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
clearLastEmailAccountAction();
export async function logOut(callbackUrl?: string) {
await clearLastEmailAccountAction();
await signOut({
🤖 Prompt for AI Agents 
In apps/web/utils/user.ts around line 7, clearLastEmailAccountAction() is being
invoked without awaiting, causing a race where the cookie may not be cleared
before signOut and any deletion errors are ignored; update the call to await
clearLastEmailAccountAction() from an async context (or mark the caller async)
and wrap it in try/catch so any errors are logged/handled instead of being
swallowed, ensuring the cookie deletion completes before proceeding.

cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Nov 1, 2025
View reviewed changes
Copy link
Contributor

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed changes from recent commits (found 1 issue).

1 issue found across 3 files

Prompt for AI agents (all 1 issues) 

Understand the root cause of the following 1 issues and fix them.


<file name="apps/web/utils/user.ts">

<violation number="1" location="apps/web/utils/user.ts:7">
clearLastEmailAccountAction returns a promise, but this call site drops it. If the action fails or the navigation begins before it resolves, the cookie can remain set or trigger an unhandled rejection. Await the server action (or otherwise handle the promise) before continuing.</violation>
</file>

React with 👍 or 👎 to teach cubic. Mention @cubic-dev-ai to give feedback, ask questions, or re-run the review.

coderabbitai[bot]
coderabbitai bot reviewed Nov 1, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (1)
apps/web/utils/actions/email-account-cookie.ts (1)

38-43: Consider adding explicit error logging for debugging.

While the actionClientUser wrapper provides centralized error handling, explicit error logging could help debug issues during logout flows. The action handler has access to ctx.logger for this purpose.

-export const clearLastEmailAccountAction = actionClientUser
-  .metadata({ name: "clearLastEmailAccount" })
-  .action(async () => {
-    const cookieStore = await cookies();
-    cookieStore.delete(LAST_EMAIL_ACCOUNT_COOKIE);
-  });
+export const clearLastEmailAccountAction = actionClientUser
+  .metadata({ name: "clearLastEmailAccount" })
+  .action(async ({ ctx }) => {
+    try {
+      const cookieStore = await cookies();
+      cookieStore.delete(LAST_EMAIL_ACCOUNT_COOKIE);
+    } catch (error) {
+      ctx.logger.error("Failed to clear last email account cookie", { error });
+      throw error;
+    }
+  });

As per coding guidelines.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4636434 and 533f9e4.

📒 Files selected for processing (2)
  • apps/web/providers/EmailAccountProvider.tsx (1 hunks)
  • apps/web/utils/actions/email-account-cookie.ts (1 hunks)
🧰 Additional context used
📓 Path-based instructions (14)
apps/web/**/*.{ts,tsx}

📄 CodeRabbit inference engine (apps/web/CLAUDE.md)

apps/web/**/*.{ts,tsx}: Use TypeScript with strict null checks
Path aliases: Use @/ for imports from project root
Use proper error handling with try/catch blocks
Format code with Prettier
Leverage TypeScript inference for better DX

Files:

  • apps/web/utils/actions/email-account-cookie.ts
  • apps/web/providers/EmailAccountProvider.tsx
apps/web/utils/actions/**/*.ts

📄 CodeRabbit inference engine (apps/web/CLAUDE.md)

apps/web/utils/actions/**/*.ts: Use server actions for all mutations (create/update/delete operations)
next-safe-action provides centralized error handling
Use Zod schemas for validation on both client and server
Use revalidatePath in server actions for cache invalidation

apps/web/utils/actions/**/*.ts: Use server actions (with next-safe-action) for all mutations (create/update/delete operations); do NOT use POST API routes for mutations.
Use revalidatePath in server actions to invalidate cache after mutations.

Files:

  • apps/web/utils/actions/email-account-cookie.ts
!{.cursor/rules/*.mdc}

📄 CodeRabbit inference engine (.cursor/rules/cursor-rules.mdc)

Never place rule files in the project root, in subdirectories outside .cursor/rules, or in any other location

Files:

  • apps/web/utils/actions/email-account-cookie.ts
  • apps/web/providers/EmailAccountProvider.tsx
**/*.ts

📄 CodeRabbit inference engine (.cursor/rules/form-handling.mdc)

**/*.ts: The same validation should be done in the server action too
Define validation schemas using Zod

Files:

  • apps/web/utils/actions/email-account-cookie.ts
**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/logging.mdc)

**/*.{ts,tsx}: Use createScopedLogger for logging in backend TypeScript files
Typically add the logger initialization at the top of the file when using createScopedLogger
Only use .with() on a logger instance within a specific function, not for a global logger

Import Prisma in the project using import prisma from "@/utils/prisma";

**/*.{ts,tsx}: Don't use TypeScript enums.
Don't use TypeScript const enum.
Don't use the TypeScript directive @ts-ignore.
Don't use primitive type aliases or misleading types.
Don't use empty type parameters in type aliases and interfaces.
Don't use any or unknown as type constraints.
Don't use implicit any type on variable declarations.
Don't let variables evolve into any type through reassignments.
Don't use non-null assertions with the ! postfix operator.
Don't misuse the non-null assertion operator (!) in TypeScript files.
Don't use user-defined types.
Use as const instead of literal types and type annotations.
Use export type for types.
Use import type for types.
Don't declare empty interfaces.
Don't merge interfaces and classes unsafely.
Don't use overload signatures that aren't next to each other.
Use the namespace keyword instead of the module keyword to declare TypeScript namespaces.
Don't use TypeScript namespaces.
Don't export imported variables.
Don't add type annotations to variables, parameters, and class properties that are initialized with literal expressions.
Don't use parameter properties in class constructors.
Use either T[] or Array consistently.
Initialize each enum member value explicitly.
Make sure all enum members are literal values.

Files:

  • apps/web/utils/actions/email-account-cookie.ts
  • apps/web/providers/EmailAccountProvider.tsx
apps/web/utils/actions/*.ts

📄 CodeRabbit inference engine (.cursor/rules/server-actions.mdc)

apps/web/utils/actions/*.ts: Implement all server actions using the next-safe-action library for type safety, input validation, context management, and error handling. Refer to apps/web/utils/actions/safe-action.ts for client definitions (actionClient, actionClientUser, adminActionClient).
Use actionClientUser when only authenticated user context (userId) is needed.
Use actionClient when both authenticated user context and a specific emailAccountId are needed. The emailAccountId must be bound when calling the action from the client.
Use adminActionClient for actions restricted to admin users.
Access necessary context (like userId, emailAccountId, etc.) provided by the safe action client via the ctx object in the .action() handler.
Server Actions are strictly for mutations (operations that change data, e.g., creating, updating, deleting). Do NOT use Server Actions for data fetching (GET operations). For data fetching, use dedicated GET API Routes combined with SWR Hooks.
Use SafeError for expected/handled errors within actions if needed. next-safe-action provides centralized error handling.
Use the .metadata({ name: "actionName" }) method to provide a meaningful name for monitoring. Sentry instrumentation is automatically applied via withServerActionInstrumentation within the safe action clients.
If an action modifies data displayed elsewhere, use revalidatePath or revalidateTag from next/cache within the action handler as needed.

Server action files must start with use server

Files:

  • apps/web/utils/actions/email-account-cookie.ts
apps/web/utils/**

📄 CodeRabbit inference engine (.cursor/rules/project-structure.mdc)

Create utility functions in utils/ folder for reusable logic

Files:

  • apps/web/utils/actions/email-account-cookie.ts
apps/web/utils/**/*.ts

📄 CodeRabbit inference engine (.cursor/rules/project-structure.mdc)

apps/web/utils/**/*.ts: Use lodash utilities for common operations (arrays, objects, strings)
Import specific lodash functions to minimize bundle size

Files:

  • apps/web/utils/actions/email-account-cookie.ts
**/*.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/ultracite.mdc)

**/*.{js,jsx,ts,tsx}: Don't use elements in Next.js projects.
Don't use elements in Next.js projects.
Don't use namespace imports.
Don't access namespace imports dynamically.
Don't use global eval().
Don't use console.
Don't use debugger.
Don't use var.
Don't use with statements in non-strict contexts.
Don't use the arguments object.
Don't use consecutive spaces in regular expression literals.
Don't use the comma operator.
Don't use unnecessary boolean casts.
Don't use unnecessary callbacks with flatMap.
Use for...of statements instead of Array.forEach.
Don't create classes that only have static members (like a static namespace).
Don't use this and super in static contexts.
Don't use unnecessary catch clauses.
Don't use unnecessary constructors.
Don't use unnecessary continue statements.
Don't export empty modules that don't change anything.
Don't use unnecessary escape sequences in regular expression literals.
Don't use unnecessary labels.
Don't use unnecessary nested block statements.
Don't rename imports, exports, and destructured assignments to the same name.
Don't use unnecessary string or template literal concatenation.
Don't use String.raw in template literals when there are no escape sequences.
Don't use useless case statements in switch statements.
Don't use ternary operators when simpler alternatives exist.
Don't use useless this aliasing.
Don't initialize variables to undefined.
Don't use the void operators (they're not familiar).
Use arrow functions instead of function expressions.
Use Date.now() to get milliseconds since the Unix Epoch.
Use .flatMap() instead of map().flat() when possible.
Use literal property access instead of computed property access.
Don't use parseInt() or Number.parseInt() when binary, octal, or hexadecimal literals work.
Use concise optional chaining instead of chained logical expressions.
Use regular expression literals instead of the RegExp constructor when possible.
Don't use number literal object member names th...

Files:

  • apps/web/utils/actions/email-account-cookie.ts
  • apps/web/providers/EmailAccountProvider.tsx
!pages/_document.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/ultracite.mdc)

!pages/_document.{js,jsx,ts,tsx}: Don't import next/document outside of pages/_document.jsx in Next.js projects.
Don't import next/document outside of pages/_document.jsx in Next.js projects.

Files:

  • apps/web/utils/actions/email-account-cookie.ts
  • apps/web/providers/EmailAccountProvider.tsx
apps/web/**/*.tsx

📄 CodeRabbit inference engine (apps/web/CLAUDE.md)

apps/web/**/*.tsx: Follow tailwindcss patterns with prettier-plugin-tailwindcss
Prefer functional components with hooks
Use shadcn/ui components when available
Ensure responsive design with mobile-first approach
Follow consistent naming conventions (PascalCase for components)
Use LoadingContent component for async data
Use result?.serverError with toastError and toastSuccess
Use LoadingContent component to handle loading and error states consistently
Pass loading, error, and children props to LoadingContent

Files:

  • apps/web/providers/EmailAccountProvider.tsx
**/*.tsx

📄 CodeRabbit inference engine (.cursor/rules/form-handling.mdc)

**/*.tsx: Use React Hook Form with Zod for validation
Validate form inputs before submission
Show validation errors inline next to form fields

Files:

  • apps/web/providers/EmailAccountProvider.tsx
**/*.{jsx,tsx}

📄 CodeRabbit inference engine (.cursor/rules/ultracite.mdc)

**/*.{jsx,tsx}: Don't destructure props inside JSX components in Solid projects.
Don't use both children and dangerouslySetInnerHTML props on the same element.
Don't use Array index in keys.
Don't assign to React component props.
Don't define React components inside other components.
Don't use event handlers on non-interactive elements.
Don't assign JSX properties multiple times.
Don't add extra closing tags for components without children.
Use <>...</> instead of ....
Don't insert comments as text nodes.
Don't use the return value of React.render.
Make sure all dependencies are correctly specified in React hooks.
Make sure all React hooks are called from the top level of component functions.
Don't use unnecessary fragments.
Don't pass children as props.
Use semantic elements instead of role attributes in JSX.

Files:

  • apps/web/providers/EmailAccountProvider.tsx
**/*.{html,jsx,tsx}

📄 CodeRabbit inference engine (.cursor/rules/ultracite.mdc)

**/*.{html,jsx,tsx}: Don't use or elements.
Don't use accessKey attribute on any HTML element.
Don't set aria-hidden="true" on focusable elements.
Don't add ARIA roles, states, and properties to elements that don't support them.
Only use the scope prop on elements.
Don't assign non-interactive ARIA roles to interactive HTML elements.
Make sure label elements have text content and are associated with an input.
Don't assign interactive ARIA roles to non-interactive HTML elements.
Don't assign tabIndex to non-interactive HTML elements.
Don't use positive integers for tabIndex property.
Don't include "image", "picture", or "photo" in img alt prop.
Don't use explicit role property that's the same as the implicit/default role.
Make static elements with click handlers use a valid role attribute.
Always include a title element for SVG elements.
Give all elements requiring alt text meaningful information for screen readers.
Make sure anchors have content that's accessible to screen readers.
Assign tabIndex to non-interactive HTML elements with aria-activedescendant.
Include all required ARIA attributes for elements with ARIA roles.
Make sure ARIA properties are valid for the element's supported roles.
Always include a type attribute for button elements.
Make elements with interactive roles and handlers focusable.
Give heading elements content that's accessible to screen readers (not hidden with aria-hidden).
Always include a lang attribute on the html element.
Always include a title attribute for iframe elements.
Accompany onClick with at least one of: onKeyUp, onKeyDown, or onKeyPress.
Accompany onMouseOver/onMouseOut with onFocus/onBlur.
Include caption tracks for audio and video elements.
Make sure all anchors are valid and navigable.
Ensure all ARIA properties (aria-*) are valid.
Use valid, non-abstract ARIA roles for elements with ARIA roles.
Use valid ARIA state and property values.
Use valid values for the autocomplete attribute on input eleme...

Files:

  • apps/web/providers/EmailAccountProvider.tsx
🧠 Learnings (19)
📓 Common learnings 
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/server-actions.mdc:0-0
Timestamp: 2025-07-18T17:27:58.249Z
Learning: Applies to apps/web/utils/actions/*.ts : Use `actionClient` when both authenticated user context and a specific `emailAccountId` are needed. The `emailAccountId` must be bound when calling the action from the client.
📚 Learning: 2025-07-18T17:27:58.249Z 
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/server-actions.mdc:0-0
Timestamp: 2025-07-18T17:27:58.249Z
Learning: Applies to apps/web/utils/actions/*.ts : Use `actionClient` when both authenticated user context and a specific `emailAccountId` are needed. The `emailAccountId` must be bound when calling the action from the client.

Applied to files:

  • apps/web/utils/actions/email-account-cookie.ts
  • apps/web/providers/EmailAccountProvider.tsx
📚 Learning: 2025-07-18T17:27:58.249Z 
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/server-actions.mdc:0-0
Timestamp: 2025-07-18T17:27:58.249Z
Learning: Applies to apps/web/utils/actions/*.ts : Implement all server actions using the `next-safe-action` library for type safety, input validation, context management, and error handling. Refer to `apps/web/utils/actions/safe-action.ts` for client definitions (`actionClient`, `actionClientUser`, `adminActionClient`).

Applied to files:

  • apps/web/utils/actions/email-account-cookie.ts
📚 Learning: 2025-07-18T17:27:58.249Z 
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/server-actions.mdc:0-0
Timestamp: 2025-07-18T17:27:58.249Z
Learning: Applies to apps/web/utils/actions/*.ts : Use `adminActionClient` for actions restricted to admin users.

Applied to files:

  • apps/web/utils/actions/email-account-cookie.ts
📚 Learning: 2025-07-18T15:04:30.467Z 
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: apps/web/CLAUDE.md:0-0
Timestamp: 2025-07-18T15:04:30.467Z
Learning: Applies to apps/web/app/api/**/route.ts : Use `withEmailAccount` for email-account-level operations

Applied to files:

  • apps/web/utils/actions/email-account-cookie.ts
  • apps/web/providers/EmailAccountProvider.tsx
📚 Learning: 2025-07-18T15:04:30.467Z 
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: apps/web/CLAUDE.md:0-0
Timestamp: 2025-07-18T15:04:30.467Z
Learning: Applies to apps/web/utils/actions/**/*.ts : Use server actions for all mutations (create/update/delete operations)

Applied to files:

  • apps/web/utils/actions/email-account-cookie.ts
📚 Learning: 2025-07-18T15:05:16.146Z 
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/fullstack-workflow.mdc:0-0
Timestamp: 2025-07-18T15:05:16.146Z
Learning: Applies to apps/web/utils/actions/**/*.ts : Use server actions (with `next-safe-action`) for all mutations (create/update/delete operations); do NOT use POST API routes for mutations.

Applied to files:

  • apps/web/utils/actions/email-account-cookie.ts
📚 Learning: 2025-07-18T17:27:58.249Z 
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/server-actions.mdc:0-0
Timestamp: 2025-07-18T17:27:58.249Z
Learning: Applies to apps/web/utils/actions/*.ts : Use the `.metadata({ name: "actionName" })` method to provide a meaningful name for monitoring. Sentry instrumentation is automatically applied via `withServerActionInstrumentation` within the safe action clients.

Applied to files:

  • apps/web/utils/actions/email-account-cookie.ts
📚 Learning: 2025-07-18T17:27:58.249Z 
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/server-actions.mdc:0-0
Timestamp: 2025-07-18T17:27:58.249Z
Learning: Applies to apps/web/utils/actions/*.ts : Use `actionClientUser` when only authenticated user context (`userId`) is needed.

Applied to files:

  • apps/web/utils/actions/email-account-cookie.ts
📚 Learning: 2025-07-18T15:05:16.146Z 
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/fullstack-workflow.mdc:0-0
Timestamp: 2025-07-18T15:05:16.146Z
Learning: Applies to apps/web/utils/actions/**/*.ts : Use `revalidatePath` in server actions to invalidate cache after mutations.

Applied to files:

  • apps/web/utils/actions/email-account-cookie.ts
📚 Learning: 2025-07-20T09:00:16.505Z 
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/project-structure.mdc:0-0
Timestamp: 2025-07-20T09:00:16.505Z
Learning: Applies to apps/web/utils/actions/*.ts : Server action files must start with `use server`

Applied to files:

  • apps/web/utils/actions/email-account-cookie.ts
📚 Learning: 2025-09-17T22:05:28.646Z 
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/llm.mdc:0-0
Timestamp: 2025-09-17T22:05:28.646Z
Learning: Applies to apps/web/utils/ai/**/*.{ts,tsx} : Use proper error types and logging for failures

Applied to files:

  • apps/web/utils/actions/email-account-cookie.ts
📚 Learning: 2025-07-18T15:04:30.467Z 
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: apps/web/CLAUDE.md:0-0
Timestamp: 2025-07-18T15:04:30.467Z
Learning: Applies to apps/web/**/*.{ts,tsx} : Use proper error handling with try/catch blocks

Applied to files:

  • apps/web/utils/actions/email-account-cookie.ts
📚 Learning: 2025-07-18T17:27:58.249Z 
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/server-actions.mdc:0-0
Timestamp: 2025-07-18T17:27:58.249Z
Learning: Applies to apps/web/utils/actions/*.ts : Use `SafeError` for expected/handled errors within actions if needed. `next-safe-action` provides centralized error handling.

Applied to files:

  • apps/web/utils/actions/email-account-cookie.ts
📚 Learning: 2025-07-20T09:00:41.968Z 
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/security-audit.mdc:0-0
Timestamp: 2025-07-20T09:00:41.968Z
Learning: Applies to apps/web/app/api/**/*.{ts,js} : Review all new withError usage in API routes to ensure custom authentication is implemented where required.

Applied to files:

  • apps/web/utils/actions/email-account-cookie.ts
📚 Learning: 2025-07-18T15:05:26.713Z 
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/get-api-route.mdc:0-0
Timestamp: 2025-07-18T15:05:26.713Z
Learning: Applies to app/api/**/route.ts : Do not use try/catch in GET API route handlers, as `withAuth` and `withEmailAccount` handle error catching.

Applied to files:

  • apps/web/utils/actions/email-account-cookie.ts
📚 Learning: 2025-07-18T17:27:58.249Z 
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/server-actions.mdc:0-0
Timestamp: 2025-07-18T17:27:58.249Z
Learning: Applies to apps/web/utils/actions/*.ts : Access necessary context (like `userId`, `emailAccountId`, etc.) provided by the safe action client via the `ctx` object in the `.action()` handler.

Applied to files:

  • apps/web/utils/actions/email-account-cookie.ts
📚 Learning: 2025-07-18T17:27:46.389Z 
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/security.mdc:0-0
Timestamp: 2025-07-18T17:27:46.389Z
Learning: Applies to **/api/**/route.ts : Use `withEmailAccount` middleware for API routes that operate on a specific email account (i.e., use or require `emailAccountId`).

Applied to files:

  • apps/web/utils/actions/email-account-cookie.ts
  • apps/web/providers/EmailAccountProvider.tsx
📚 Learning: 2025-07-08T13:14:07.449Z 
Learnt from: elie222
Repo: elie222/inbox-zero PR: 537
File: apps/web/app/(app)/[emailAccountId]/clean/onboarding/page.tsx:30-34
Timestamp: 2025-07-08T13:14:07.449Z
Learning: The clean onboarding page in apps/web/app/(app)/[emailAccountId]/clean/onboarding/page.tsx is intentionally Gmail-specific and should show an error for non-Google email accounts rather than attempting to support multiple providers.

Applied to files:

  • apps/web/providers/EmailAccountProvider.tsx
🧬 Code graph analysis (2)
apps/web/utils/actions/email-account-cookie.ts (2)
apps/web/utils/actions/safe-action.ts (1)
  • actionClientUser (116-140)
apps/web/utils/cookies.ts (1)
  • LAST_EMAIL_ACCOUNT_COOKIE (4-4)
apps/web/providers/EmailAccountProvider.tsx (1)
apps/web/utils/actions/email-account-cookie.ts (1)
  • setLastEmailAccountAction (12-25)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)
  • GitHub Check: cubic · AI code reviewer
  • GitHub Check: test
  • GitHub Check: Analyze (javascript-typescript)
🔇 Additional comments (3)
apps/web/utils/actions/email-account-cookie.ts (2)

1-6: LGTM! Proper server action setup.

The file correctly uses the "use server" directive and imports the necessary dependencies for implementing server actions with next-safe-action. The refactoring follows the project's server action patterns.

12-25: LGTM! Correct server action implementation.

The refactoring correctly uses actionClientUser since only authenticated user context is needed (not a specific emailAccountId context). The metadata, zod schema, and cookie security settings are all properly configured.

Based on learnings.

apps/web/providers/EmailAccountProvider.tsx (1)

60-60: LGTM! Correctly updated to match the new action signature.

The call now properly passes an object with the emailAccountId property, matching the zod schema defined in the refactored server action.

cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Nov 1, 2025
View reviewed changes
Copy link
Contributor

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 2 files

coderabbitai[bot]
coderabbitai bot reviewed Nov 1, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

♻️ Duplicate comments (1)
apps/web/utils/actions/email-account-cookie.ts (1)

36-45: Add error handling for unhandled promise rejection.

Since this action is called without await in apps/web/utils/user.ts (as noted in past review), errors will become unhandled promise rejections. While next-safe-action provides centralized error handling, the un-awaited call means the caller won't be notified of failures.

Add try-catch with logging using the context logger:

 export const clearLastEmailAccountAction = actionClientUser
   .metadata({ name: "clearLastEmailAccount" })
-  .action(async () => {
-    const cookieStore = await cookies();
-    cookieStore.delete(LAST_EMAIL_ACCOUNT_COOKIE);
+  .action(async ({ ctx: { logger } }) => {
+    try {
+      const cookieStore = await cookies();
+      cookieStore.delete(LAST_EMAIL_ACCOUNT_COOKIE);
+    } catch (error) {
+      logger.error("Failed to clear last email account cookie", { error });
+      // Swallow error - logout should continue even if cookie clear fails
+    }
   });

As per coding guidelines

🧹 Nitpick comments (1)
apps/web/utils/account.ts (1)

146-169: Excellent backward-compatible implementation.

The function properly handles both the new JSON format and legacy plain-string cookies while validating userId to prevent cross-user data leakage. The error handling strategy (returning null on failures) is appropriate since the caller has a safe fallback to the first account.

Consider adding a brief inline comment explaining the backward compatibility strategy:

 async function getLastEmailAccountFromCookie(
   userId: string,
 ): Promise<string | null> {
   try {
     const cookieStore = await cookies();
     const cookieValue = cookieStore.get(LAST_EMAIL_ACCOUNT_COOKIE)?.value;
     if (!cookieValue) return null;
 
-    // Handle backward compatibility: old cookies stored just the emailAccountId as a plain string
-    // New cookies store JSON with { userId, emailAccountId }
+    // Backward compatibility: legacy cookies store emailAccountId as a plain string,
+    // while new cookies store JSON { userId, emailAccountId } for per-user validation
     try {
       const parsed = JSON.parse(cookieValue) as LastEmailAccountCookieValue;
📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 533f9e4 and d5a0ef6.

📒 Files selected for processing (3)
  • apps/web/utils/account.ts (4 hunks)
  • apps/web/utils/actions/email-account-cookie.ts (1 hunks)
  • apps/web/utils/cookies.ts (1 hunks)
🧰 Additional context used
📓 Path-based instructions (10)
apps/web/**/*.{ts,tsx}

📄 CodeRabbit inference engine (apps/web/CLAUDE.md)

apps/web/**/*.{ts,tsx}: Use TypeScript with strict null checks
Path aliases: Use @/ for imports from project root
Use proper error handling with try/catch blocks
Format code with Prettier
Leverage TypeScript inference for better DX

Files:

  • apps/web/utils/account.ts
  • apps/web/utils/cookies.ts
  • apps/web/utils/actions/email-account-cookie.ts
!{.cursor/rules/*.mdc}

📄 CodeRabbit inference engine (.cursor/rules/cursor-rules.mdc)

Never place rule files in the project root, in subdirectories outside .cursor/rules, or in any other location

Files:

  • apps/web/utils/account.ts
  • apps/web/utils/cookies.ts
  • apps/web/utils/actions/email-account-cookie.ts
**/*.ts

📄 CodeRabbit inference engine (.cursor/rules/form-handling.mdc)

**/*.ts: The same validation should be done in the server action too
Define validation schemas using Zod

Files:

  • apps/web/utils/account.ts
  • apps/web/utils/cookies.ts
  • apps/web/utils/actions/email-account-cookie.ts
**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/logging.mdc)

**/*.{ts,tsx}: Use createScopedLogger for logging in backend TypeScript files
Typically add the logger initialization at the top of the file when using createScopedLogger
Only use .with() on a logger instance within a specific function, not for a global logger

Import Prisma in the project using import prisma from "@/utils/prisma";

**/*.{ts,tsx}: Don't use TypeScript enums.
Don't use TypeScript const enum.
Don't use the TypeScript directive @ts-ignore.
Don't use primitive type aliases or misleading types.
Don't use empty type parameters in type aliases and interfaces.
Don't use any or unknown as type constraints.
Don't use implicit any type on variable declarations.
Don't let variables evolve into any type through reassignments.
Don't use non-null assertions with the ! postfix operator.
Don't misuse the non-null assertion operator (!) in TypeScript files.
Don't use user-defined types.
Use as const instead of literal types and type annotations.
Use export type for types.
Use import type for types.
Don't declare empty interfaces.
Don't merge interfaces and classes unsafely.
Don't use overload signatures that aren't next to each other.
Use the namespace keyword instead of the module keyword to declare TypeScript namespaces.
Don't use TypeScript namespaces.
Don't export imported variables.
Don't add type annotations to variables, parameters, and class properties that are initialized with literal expressions.
Don't use parameter properties in class constructors.
Use either T[] or Array consistently.
Initialize each enum member value explicitly.
Make sure all enum members are literal values.

Files:

  • apps/web/utils/account.ts
  • apps/web/utils/cookies.ts
  • apps/web/utils/actions/email-account-cookie.ts
apps/web/utils/**

📄 CodeRabbit inference engine (.cursor/rules/project-structure.mdc)

Create utility functions in utils/ folder for reusable logic

Files:

  • apps/web/utils/account.ts
  • apps/web/utils/cookies.ts
  • apps/web/utils/actions/email-account-cookie.ts
apps/web/utils/**/*.ts

📄 CodeRabbit inference engine (.cursor/rules/project-structure.mdc)

apps/web/utils/**/*.ts: Use lodash utilities for common operations (arrays, objects, strings)
Import specific lodash functions to minimize bundle size

Files:

  • apps/web/utils/account.ts
  • apps/web/utils/cookies.ts
  • apps/web/utils/actions/email-account-cookie.ts
**/*.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/ultracite.mdc)

**/*.{js,jsx,ts,tsx}: Don't use elements in Next.js projects.
Don't use elements in Next.js projects.
Don't use namespace imports.
Don't access namespace imports dynamically.
Don't use global eval().
Don't use console.
Don't use debugger.
Don't use var.
Don't use with statements in non-strict contexts.
Don't use the arguments object.
Don't use consecutive spaces in regular expression literals.
Don't use the comma operator.
Don't use unnecessary boolean casts.
Don't use unnecessary callbacks with flatMap.
Use for...of statements instead of Array.forEach.
Don't create classes that only have static members (like a static namespace).
Don't use this and super in static contexts.
Don't use unnecessary catch clauses.
Don't use unnecessary constructors.
Don't use unnecessary continue statements.
Don't export empty modules that don't change anything.
Don't use unnecessary escape sequences in regular expression literals.
Don't use unnecessary labels.
Don't use unnecessary nested block statements.
Don't rename imports, exports, and destructured assignments to the same name.
Don't use unnecessary string or template literal concatenation.
Don't use String.raw in template literals when there are no escape sequences.
Don't use useless case statements in switch statements.
Don't use ternary operators when simpler alternatives exist.
Don't use useless this aliasing.
Don't initialize variables to undefined.
Don't use the void operators (they're not familiar).
Use arrow functions instead of function expressions.
Use Date.now() to get milliseconds since the Unix Epoch.
Use .flatMap() instead of map().flat() when possible.
Use literal property access instead of computed property access.
Don't use parseInt() or Number.parseInt() when binary, octal, or hexadecimal literals work.
Use concise optional chaining instead of chained logical expressions.
Use regular expression literals instead of the RegExp constructor when possible.
Don't use number literal object member names th...

Files:

  • apps/web/utils/account.ts
  • apps/web/utils/cookies.ts
  • apps/web/utils/actions/email-account-cookie.ts
!pages/_document.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/ultracite.mdc)

!pages/_document.{js,jsx,ts,tsx}: Don't import next/document outside of pages/_document.jsx in Next.js projects.
Don't import next/document outside of pages/_document.jsx in Next.js projects.

Files:

  • apps/web/utils/account.ts
  • apps/web/utils/cookies.ts
  • apps/web/utils/actions/email-account-cookie.ts
apps/web/utils/actions/**/*.ts

📄 CodeRabbit inference engine (apps/web/CLAUDE.md)

apps/web/utils/actions/**/*.ts: Use server actions for all mutations (create/update/delete operations)
next-safe-action provides centralized error handling
Use Zod schemas for validation on both client and server
Use revalidatePath in server actions for cache invalidation

apps/web/utils/actions/**/*.ts: Use server actions (with next-safe-action) for all mutations (create/update/delete operations); do NOT use POST API routes for mutations.
Use revalidatePath in server actions to invalidate cache after mutations.

Files:

  • apps/web/utils/actions/email-account-cookie.ts
apps/web/utils/actions/*.ts

📄 CodeRabbit inference engine (.cursor/rules/server-actions.mdc)

apps/web/utils/actions/*.ts: Implement all server actions using the next-safe-action library for type safety, input validation, context management, and error handling. Refer to apps/web/utils/actions/safe-action.ts for client definitions (actionClient, actionClientUser, adminActionClient).
Use actionClientUser when only authenticated user context (userId) is needed.
Use actionClient when both authenticated user context and a specific emailAccountId are needed. The emailAccountId must be bound when calling the action from the client.
Use adminActionClient for actions restricted to admin users.
Access necessary context (like userId, emailAccountId, etc.) provided by the safe action client via the ctx object in the .action() handler.
Server Actions are strictly for mutations (operations that change data, e.g., creating, updating, deleting). Do NOT use Server Actions for data fetching (GET operations). For data fetching, use dedicated GET API Routes combined with SWR Hooks.
Use SafeError for expected/handled errors within actions if needed. next-safe-action provides centralized error handling.
Use the .metadata({ name: "actionName" }) method to provide a meaningful name for monitoring. Sentry instrumentation is automatically applied via withServerActionInstrumentation within the safe action clients.
If an action modifies data displayed elsewhere, use revalidatePath or revalidateTag from next/cache within the action handler as needed.

Server action files must start with use server

Files:

  • apps/web/utils/actions/email-account-cookie.ts
🧠 Learnings (20)
📓 Common learnings 
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/server-actions.mdc:0-0
Timestamp: 2025-07-18T17:27:58.249Z
Learning: Applies to apps/web/utils/actions/*.ts : Use `actionClient` when both authenticated user context and a specific `emailAccountId` are needed. The `emailAccountId` must be bound when calling the action from the client.
📚 Learning: 2025-07-18T15:04:30.467Z 
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: apps/web/CLAUDE.md:0-0
Timestamp: 2025-07-18T15:04:30.467Z
Learning: Applies to apps/web/app/api/**/route.ts : Use `withEmailAccount` for email-account-level operations

Applied to files:

  • apps/web/utils/account.ts
  • apps/web/utils/actions/email-account-cookie.ts
📚 Learning: 2025-10-02T23:23:48.064Z 
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/llm-test.mdc:0-0
Timestamp: 2025-10-02T23:23:48.064Z
Learning: Applies to apps/web/__tests__/**/*.test.ts : Prefer existing helpers from @/__tests__/helpers.ts (getEmailAccount, getEmail, getRule, getMockMessage, getMockExecutedRule) over custom helpers

Applied to files:

  • apps/web/utils/account.ts
📚 Learning: 2025-07-18T17:27:58.249Z 
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/server-actions.mdc:0-0
Timestamp: 2025-07-18T17:27:58.249Z
Learning: Applies to apps/web/utils/actions/*.ts : Use `actionClient` when both authenticated user context and a specific `emailAccountId` are needed. The `emailAccountId` must be bound when calling the action from the client.

Applied to files:

  • apps/web/utils/account.ts
  • apps/web/utils/actions/email-account-cookie.ts
📚 Learning: 2025-07-18T17:27:46.389Z 
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/security.mdc:0-0
Timestamp: 2025-07-18T17:27:46.389Z
Learning: Applies to **/api/**/route.ts : Use `withEmailAccount` middleware for API routes that operate on a specific email account (i.e., use or require `emailAccountId`).

Applied to files:

  • apps/web/utils/account.ts
  • apps/web/utils/actions/email-account-cookie.ts
📚 Learning: 2025-07-18T15:05:26.713Z 
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/get-api-route.mdc:0-0
Timestamp: 2025-07-18T15:05:26.713Z
Learning: Applies to app/api/**/route.ts : Always wrap the handler with `withAuth` or `withEmailAccount` for consistent error handling and authentication in GET API routes.

Applied to files:

  • apps/web/utils/account.ts
📚 Learning: 2025-07-19T17:50:28.270Z 
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/utilities.mdc:0-0
Timestamp: 2025-07-19T17:50:28.270Z
Learning: The `utils` folder also contains core app logic such as Next.js Server Actions and Gmail API requests.

Applied to files:

  • apps/web/utils/account.ts
  • apps/web/utils/actions/email-account-cookie.ts
📚 Learning: 2025-07-08T13:14:07.449Z 
Learnt from: elie222
Repo: elie222/inbox-zero PR: 537
File: apps/web/app/(app)/[emailAccountId]/clean/onboarding/page.tsx:30-34
Timestamp: 2025-07-08T13:14:07.449Z
Learning: The clean onboarding page in apps/web/app/(app)/[emailAccountId]/clean/onboarding/page.tsx is intentionally Gmail-specific and should show an error for non-Google email accounts rather than attempting to support multiple providers.

Applied to files:

  • apps/web/utils/account.ts
📚 Learning: 2025-07-18T17:27:58.249Z 
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/server-actions.mdc:0-0
Timestamp: 2025-07-18T17:27:58.249Z
Learning: Applies to apps/web/utils/actions/*.ts : Implement all server actions using the `next-safe-action` library for type safety, input validation, context management, and error handling. Refer to `apps/web/utils/actions/safe-action.ts` for client definitions (`actionClient`, `actionClientUser`, `adminActionClient`).

Applied to files:

  • apps/web/utils/actions/email-account-cookie.ts
📚 Learning: 2025-07-18T17:27:58.249Z 
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/server-actions.mdc:0-0
Timestamp: 2025-07-18T17:27:58.249Z
Learning: Applies to apps/web/utils/actions/*.ts : Use `actionClientUser` when only authenticated user context (`userId`) is needed.

Applied to files:

  • apps/web/utils/actions/email-account-cookie.ts
📚 Learning: 2025-07-18T17:27:58.249Z 
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/server-actions.mdc:0-0
Timestamp: 2025-07-18T17:27:58.249Z
Learning: Applies to apps/web/utils/actions/*.ts : Use `adminActionClient` for actions restricted to admin users.

Applied to files:

  • apps/web/utils/actions/email-account-cookie.ts
📚 Learning: 2025-07-18T17:27:58.249Z 
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/server-actions.mdc:0-0
Timestamp: 2025-07-18T17:27:58.249Z
Learning: Applies to apps/web/utils/actions/*.ts : Access necessary context (like `userId`, `emailAccountId`, etc.) provided by the safe action client via the `ctx` object in the `.action()` handler.

Applied to files:

  • apps/web/utils/actions/email-account-cookie.ts
📚 Learning: 2025-07-18T15:04:30.467Z 
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: apps/web/CLAUDE.md:0-0
Timestamp: 2025-07-18T15:04:30.467Z
Learning: Applies to apps/web/utils/actions/**/*.ts : Use server actions for all mutations (create/update/delete operations)

Applied to files:

  • apps/web/utils/actions/email-account-cookie.ts
📚 Learning: 2025-07-18T15:05:16.146Z 
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/fullstack-workflow.mdc:0-0
Timestamp: 2025-07-18T15:05:16.146Z
Learning: Applies to apps/web/utils/actions/**/*.ts : Use server actions (with `next-safe-action`) for all mutations (create/update/delete operations); do NOT use POST API routes for mutations.

Applied to files:

  • apps/web/utils/actions/email-account-cookie.ts
📚 Learning: 2025-07-18T17:27:58.249Z 
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/server-actions.mdc:0-0
Timestamp: 2025-07-18T17:27:58.249Z
Learning: Applies to apps/web/utils/actions/*.ts : Use the `.metadata({ name: "actionName" })` method to provide a meaningful name for monitoring. Sentry instrumentation is automatically applied via `withServerActionInstrumentation` within the safe action clients.

Applied to files:

  • apps/web/utils/actions/email-account-cookie.ts
📚 Learning: 2025-09-17T22:05:28.646Z 
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/llm.mdc:0-0
Timestamp: 2025-09-17T22:05:28.646Z
Learning: Applies to apps/web/utils/ai/**/*.{ts,tsx} : Use proper error types and logging for failures

Applied to files:

  • apps/web/utils/actions/email-account-cookie.ts
📚 Learning: 2025-07-18T15:04:30.467Z 
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: apps/web/CLAUDE.md:0-0
Timestamp: 2025-07-18T15:04:30.467Z
Learning: Applies to apps/web/**/*.{ts,tsx} : Use proper error handling with try/catch blocks

Applied to files:

  • apps/web/utils/actions/email-account-cookie.ts
📚 Learning: 2025-07-18T17:27:58.249Z 
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/server-actions.mdc:0-0
Timestamp: 2025-07-18T17:27:58.249Z
Learning: Applies to apps/web/utils/actions/*.ts : Use `SafeError` for expected/handled errors within actions if needed. `next-safe-action` provides centralized error handling.

Applied to files:

  • apps/web/utils/actions/email-account-cookie.ts
📚 Learning: 2025-07-20T09:00:41.968Z 
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/security-audit.mdc:0-0
Timestamp: 2025-07-20T09:00:41.968Z
Learning: Applies to apps/web/app/api/**/*.{ts,js} : Review all new withError usage in API routes to ensure custom authentication is implemented where required.

Applied to files:

  • apps/web/utils/actions/email-account-cookie.ts
📚 Learning: 2025-07-18T15:05:26.713Z 
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/get-api-route.mdc:0-0
Timestamp: 2025-07-18T15:05:26.713Z
Learning: Applies to app/api/**/route.ts : Do not use try/catch in GET API route handlers, as `withAuth` and `withEmailAccount` handle error catching.

Applied to files:

  • apps/web/utils/actions/email-account-cookie.ts
🧬 Code graph analysis (2)
apps/web/utils/account.ts (1)
apps/web/utils/cookies.ts (2)
  • LAST_EMAIL_ACCOUNT_COOKIE (4-4)
  • LastEmailAccountCookieValue (6-9)
apps/web/utils/actions/email-account-cookie.ts (2)
apps/web/utils/actions/safe-action.ts (1)
  • actionClientUser (116-140)
apps/web/utils/cookies.ts (2)
  • LastEmailAccountCookieValue (6-9)
  • LAST_EMAIL_ACCOUNT_COOKIE (4-4)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)
  • GitHub Check: Static Code Analysis Js
  • GitHub Check: cubic · AI code reviewer
  • GitHub Check: Jit Security
  • GitHub Check: test
🔇 Additional comments (4)
apps/web/utils/cookies.ts (1)

6-9: LGTM! Well-structured type definition.

The LastEmailAccountCookieValue type provides clear structure for the new JSON-based cookie format and improves type safety across the codebase.

apps/web/utils/account.ts (2)

1-2: LGTM! Imports align with new cookie handling.

The added imports support the new per-user cookie structure and backward-compatible parsing logic.

Also applies to: 14-17

125-125: Good security improvement.

Passing userId to getLastEmailAccountFromCookie ensures the cookie is validated against the current user, preventing stale or cross-user account selection.

apps/web/utils/actions/email-account-cookie.ts (1)

15-34: LGTM! Server action properly implemented.

The action correctly uses actionClientUser (only needs userId), includes metadata for monitoring, validates input with Zod, and sets secure cookie options (httpOnly, secure in production, sameSite: lax). The JSON-stringified cookie value with userId prevents cross-user data leakage.

Based on learnings

cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Nov 1, 2025
View reviewed changes
Copy link
Contributor

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 3 files

@elie222 elie222 merged commit c7553d2 into main Nov 1, 2025
16 checks passed
@coderabbitai coderabbitai bot mentioned this pull request Nov 9, 2025
Merged
@elie222 elie222 deleted the fix/clear-last-email-account-on-log-out branch December 18, 2025 23:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

+1 more reviewer

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@elie222

Comments