feat(desktop): show team dashboard link

[paustint]

This pull request implements several security and maintainability improvements to the authentication flow for both the desktop app and web extension, focusing on token management, validation, and logging. The changes include migrating stored tokens to an encrypted format, reworking token reuse logic, improving error handling, and modernizing the way device and token information is passed in API requests. Additionally, logging is standardized across controllers for better observability.

Authentication and Token Management Improvements

• Migrated stored tokens for both desktop and web extension to use encrypted format, including automatic upgrading of legacy plaintext tokens on access, and storing a hash for efficient lookup. (web-extension.db.ts, jwt-token-encryption.service usage) [1] [2]
• Updated token reuse logic: when a valid token exists (within a refresh buffer), it is decrypted and reused instead of issuing a new one, reducing unnecessary token churn. (desktop-app.controller.ts, web-extension.controller.ts) [1] [2]
• Token validation and logout endpoints now prefer device and token information from headers, with body fields marked as deprecated for backward compatibility. (routeDefinition in both controllers) [1] [2] [3] [4]

API Response and Logging Enhancements

• Enhanced API responses for token verification to optionally include the user profile, and improved error logging to include user and device context. (desktop-app.controller.ts, web-extension.controller.ts) [1] [2]
• Standardized logging by replacing console.error with the shared logger utility in asset download endpoints. (desktop-assets.controller.ts) [1] [2] [3]

Code Quality and Maintainability

• Refactored imports and controller logic for clarity, including extracting shared utilities and marking deprecated request patterns. (desktop-app.controller.ts, web-extension.controller.ts) [1] [2] [3] [4]
• Added user activity tracking for token issuance actions for both desktop and web extension logins. (desktop-app.controller.ts, web-extension.controller.ts) [1] [2]

These changes significantly improve the security, reliability, and maintainability of authentication flows for client applications.

[Copilot]

Pull request overview

This PR adds team dashboard functionality for desktop users by redirecting to the web version, fixes user profile data mapping issues, and modifies the JWT token authentication flow to always re-issue tokens while preventing duplicate requests on page refresh.

Key Changes:

• Desktop users now open team dashboard in external browser instead of navigating within the app
• JWT tokens are re-issued on every authentication request instead of reusing existing valid tokens
• Page refresh protection added via localStorage to prevent duplicate token generation

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
libs/shared/ui-core/src/app/HeaderNavbar.tsx	Opens team dashboard link in external browser for desktop users
libs/desktop-types/src/lib/desktop-app.types.ts	Expands user profile schema to include additional fields (userId, emailVerified, picture, billingAccount, entitlements, teamMembership)
libs/auth/acl/src/lib/acl.ts	Adds Team read permission for desktop billing/admin users
apps/landing/hooks/desktop-auth.hooks.ts	Implements localStorage-based check to prevent re-authentication on page refresh
apps/jetstream-desktop/src/services/persistence.service.ts	Fixes swapped email/name mapping and adds picture and teamMembership to user profile
apps/jetstream-desktop/src/browser/browser.ts	Changes hostname check to host check for better port handling in external link detection
apps/api/src/app/controllers/desktop-app.controller.ts	Removes token reuse logic and always issues new JWT tokens

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 25 out of 25 changed files in this pull request and generated 7 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 28 out of 28 changed files in this pull request and generated 6 comments.

Comments suppressed due to low confidence (1)

apps/api/src/app/routes/openapi.routes.ts:581

• The path should be '/desktop-app/auth/logout' not '/desktop-app/logout' to match the actual route definition. The actual route is defined as '/auth/logout' under the '/desktop-app' prefix.

      '/desktop-app/logout': {
        delete: { ...getRequest({ ...desktopController.logout.validators, tags: ['desktop'] }) },
      },

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 28 out of 28 changed files in this pull request and generated 6 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 35 out of 35 changed files in this pull request and generated 21 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	react@​19.2.0
	prism-react-renderer@​2.4.1
	typescript@​5.9.3
	react-dom@​19.2.0

View full report

[Copilot]

Pull request overview

Copilot reviewed 48 out of 49 changed files in this pull request and generated 7 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.