Another Contributing to the Future of the Steemit Wallet — SSR State Isolation Fix - PR 274

in #steemitwallet12 days ago

Another contribution to the Steemit Wallet Repository has now been completed and submitted for review.

My previous PR, PR #272, was already merged into the upcoming wallet release by ety001.

After that merge, I opened a new issue while reviewing the SSR implementation of the wallet:

The issue identified a potentially serious Server-Side Rendering (SSR) problem:

one user's auth state leaks into another user's rendered HTML
Fix: wrap in a factory and create per-request on the server. On the client, keep a single instance.

After investigating the architecture further, I prepared and submitted another pull request:

What This PR Fixes

SSR Redux Store Isolation

The wallet previously used a module-level singleton Redux store during SSR rendering.

That can become dangerous in server-rendered applications because multiple users may share the same store instance while requests are processed concurrently.

This creates the possibility of authentication state or user-specific data leaking into another user's rendered HTML response.

To fix this:

  • The singleton Redux store was replaced with a makeStore() factory.
  • Providers now initializes the store using:
useState(() => makeStore())

This ensures:

  • Every server request receives its own isolated Redux store.
  • User authentication state remains fully separated during SSR rendering.
  • The client still preserves a single persistent store instance for normal browser usage.

This change improves both security and SSR correctness.

Additional Improvements Included

Type Exports Refactored

The following types are now derived directly from the factory return type:

  • AppStore
  • RootState
  • AppDispatch

This keeps typings accurate and future-proof without requiring changes in consumer files.

Theme Utility Cleanup

getCurrentTheme() was simplified by removing the redundant localStorage.getItem() call.

The function now returns _theme directly, creating a cleaner single source of truth inside the module-level store.

SSR Utility Documentation

Added clearer documentation comments explaining the intentional no-op subscription inside useSyncExternalStore.

This helps future maintainers understand that the implementation is an SSR-safe initializer rather than a live subscription mechanism.

Current Status

  • All tests passed successfully
  • Issue #273 has been closed
  • PR #274 is now ready for review and merge

Open-source contribution is often about noticing small architectural problems before they become larger production issues.

Happy to continue contributing improvements to the Steemit ecosystem and helping modernize parts of the wallet infrastructure.

If you think my contributions matter and you want to support further development for the STEEM ecosystem, please consider voting for my witness: blaze.apps

🗳️ Vote Here:
Vote for blaze.apps Witness

#opensource #witnesscategory #developers #steemdevelopment #development
12 days ago in #steemitwallet by
$15.84
  • Past Payouts $15.84
  • - Author $8.14
  • - Curators $7.70
29 votes
Reply 2
Sort:  
  • Trending
    • [-]
     12 days ago 

    You did a good job!!!

    $31.66
    • Past Payouts $31.66
    • - Author $18.42
    • - Curators $13.25
    4 votes
    Reply
    [-]
     11 days ago 

    Thank you !!

    $0.00
      Reply