Improved first-time login algorithm on rusro

[kis1yi]

Summary by CodeRabbit

• Bug Fixes
  • Enhanced authentication flow and account selection handling.
  • Improved device identifier security during token acquisition.
  • Optimized authentication service communications and request processing.

[coderabbitai]

Warning

Review limit reached

@kis1yi, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 37 minutes and 22 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 22368029-077a-47e1-8977-2c5018faa32d

📥 Commits

Reviewing files that changed from the base of the PR and between c512389 and fa5a2c8.

📒 Files selected for processing (1)

• Plugins/RSBot.General/Components/RuSroAuthService.cs

📝 Walkthrough

Walkthrough

RuSroAuthService.cs removes debug logging from the Auth() method and refactors TokenResponse() to extract sessionId and endpoint variables, conditionally reset hardware identifiers when appropriate, improve HTTP header handling, and add proper resource disposal via a using block around the token request content.

Changes

RuSroAuthService Authentication Refactoring

Layer / File(s)	Summary
Auth method logging cleanup Plugins/RSBot.General/Components/RuSroAuthService.cs	Removed debug logging statement that printed selectedAccount?.Username before credential extraction in the Auth() method.
TokenResponse refactoring with variable extraction and resource management Plugins/RSBot.General/Components/RuSroAuthService.cs	Extracted explicit sessionId and endpoint local variables; added conditional logic to reset RSBot.RuSro.hwid and RSBot.RuSro.launcherid to random values when sessionId exists but both refresh and access tokens are empty; refactored HTTP header handling to Remove() then Add() for Hardware-Id and Launcher-Id; wrapped token POST request in a using block to dispose tokenRequestContent after execution.

Estimated Code Review Effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

A rabbit hops through auth's refrain,
Removes some logs to clean the main,
With variables clear and headers bright,
Hardware IDs reset just right,
Resources freed—a tidy flight! 🐰✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The pull request title 'Improved first-time login algorithm on rusro' accurately reflects the main change, which involves refactoring the token acquisition and authentication flow in RuSroAuthService to improve first-time login handling.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

Plugins/RSBot.General/Components/RuSroAuthService.cs (1)

163-166: 💤 Low value

Consider using per-request headers instead of DefaultRequestHeaders.

Modifying DefaultRequestHeaders on a static HttpClient is not thread-safe. While the current desktop app flow appears single-threaded, this pattern can cause header corruption if TokenResponse is ever called concurrently.

A more robust approach uses HttpRequestMessage:

♻️ Suggested refactor

-        client.DefaultRequestHeaders.Remove("Hardware-Id");
-        client.DefaultRequestHeaders.Remove("Launcher-Id");
-        client.DefaultRequestHeaders.Add("Hardware-Id", hwid);
-        client.DefaultRequestHeaders.Add("Launcher-Id", launcherId);
-
-        using (tokenRequestContent)
-        {
-            var tokenResponse = await client.PostAsync(endpoint, tokenRequestContent);
+        using (tokenRequestContent)
+        using (var request = new HttpRequestMessage(HttpMethod.Post, endpoint) { Content = tokenRequestContent })
+        {
+            request.Headers.Add("Hardware-Id", hwid);
+            request.Headers.Add("Launcher-Id", launcherId);
+            var tokenResponse = await client.SendAsync(request);
             var tokenResponseContent = await tokenResponse.Content.ReadAsStringAsync();
             return tokenResponseContent;
         }

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Plugins/RSBot.General/Components/RuSroAuthService.cs` around lines 163 - 166,
TokenResponse currently mutates the shared HttpClient.DefaultRequestHeaders
(removing/adding "Hardware-Id" and "Launcher-Id"), which is not thread-safe;
instead create a per-request HttpRequestMessage inside TokenResponse, set the
hwid and launcherId on request.Headers (or request.Content.Headers if
appropriate) and send that message with the existing HttpClient (e.g.,
SendAsync/PostAsync overload that accepts HttpRequestMessage); remove all
DefaultRequestHeaders mutation and ensure TokenResponse uses the request-local
headers so concurrent calls cannot clash.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@Plugins/RSBot.General/Components/RuSroAuthService.cs`:
- Around line 163-166: TokenResponse currently mutates the shared
HttpClient.DefaultRequestHeaders (removing/adding "Hardware-Id" and
"Launcher-Id"), which is not thread-safe; instead create a per-request
HttpRequestMessage inside TokenResponse, set the hwid and launcherId on
request.Headers (or request.Content.Headers if appropriate) and send that
message with the existing HttpClient (e.g., SendAsync/PostAsync overload that
accepts HttpRequestMessage); remove all DefaultRequestHeaders mutation and
ensure TokenResponse uses the request-local headers so concurrent calls cannot
clash.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 34447214-5332-41bc-95b2-3bc85647de8d

📥 Commits

Reviewing files that changed from the base of the PR and between 39d2554 and c512389.

📒 Files selected for processing (1)

• Plugins/RSBot.General/Components/RuSroAuthService.cs