Add auth #6
Add auth #6
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
There was a problem hiding this comment.
Pull Request Overview
Adds Supabase-based authentication, including Google/GitHub OAuth login, and integrates auth UI elements into the navbar.
- Introduces Supabase SSR/browser clients and an OAuth callback route
- Adds login page with OAuth and email/password, plus new UI primitives (card, field, input, label, separator)
- Updates navbar to show auth buttons
Reviewed Changes
Copilot reviewed 15 out of 16 changed files in this pull request and generated 15 comments.
Show a summary per file
| File | Description |
|---|---|
| package.json | Adds Radix Label/Separator and @supabase/ssr dependencies to support new UI and auth. |
| lib/supabase/server.ts | Server-side Supabase client for cookie-based session handling. |
| lib/supabase/middleware.ts | Middleware helper for cookie syncing (naming/return issues noted). |
| lib/supabase/client.ts | Browser Supabase client for client-side auth flows. |
| components/ui/separator.tsx | New separator UI component. |
| components/ui/label.tsx | New label UI component. |
| components/ui/input.tsx | New input UI component (should be client component). |
| components/ui/field.tsx | Field composition primitives for forms. |
| components/ui/card.tsx | Card UI component (should be client component). |
| components/ui/button.tsx | Adds cursor-pointer to button base styles. |
| components/NavbarComponents/Navbar.tsx | Hooks up AuthButtons to navbar. |
| components/NavbarComponents/AuthButtons.tsx | Renders login/logout controls (missing sign-out action). |
| app/signup/page.tsx | Placeholder signup page. |
| app/login/page.tsx | Login page with OAuth and email/password flows (callback URL issues, minor import issues). |
| app/api/auth/callback/route.ts | OAuth callback route to exchange code for session and redirect. |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| const { error } = await supabase.auth.signInWithOAuth({ | ||
| provider, | ||
| options: { | ||
| redirectTo: `${process.env.SITE_URL}/auth/callback`, |
There was a problem hiding this comment.
redirectTo points to /auth/callback and uses process.env.SITE_URL in a client component. Client-side env vars must be prefixed with NEXT_PUBLIC_, and your callback route is implemented at /api/auth/callback. Update to use the correct path and a client-safe origin, e.g.: redirectTo: ${window.location.origin}/api/auth/callback.
| redirectTo: `${process.env.SITE_URL}/auth/callback`, | |
| redirectTo: `${window.location.origin}/api/auth/callback`, |
lib/supabase/middleware.ts
Outdated
| setAll(cookiesToSet) { | ||
| cookiesToSet.forEach(({ name, value, options }) => | ||
| request.cookies.set(name, value), | ||
| ); | ||
| supabaseResponse = NextResponse.next({ | ||
| request, | ||
| }); | ||
| cookiesToSet.forEach(({ name, value, options }) => | ||
| supabaseResponse.cookies.set(name, value, options), | ||
| ); | ||
| }, |
There was a problem hiding this comment.
In middleware, request.cookies is read-only; setting cookies on the request has no effect. Also, NextResponse.next expects request: { headers: Headers }, not the full request object. Remove the request.cookies.set call and construct NextResponse.next with headers only, then set cookies on the response.
| const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL; | ||
| const supabaseKey = process.env.NEXT_PUBLIC_SUPABASE_PUBLISHABLE_OR_ANON_KEY; | ||
|
|
||
| export const createClient = (request: NextRequest) => { |
There was a problem hiding this comment.
[nitpick] This function is named createClient but returns a NextResponse, not the Supabase client. Either return the Supabase client (and/or a tuple like { supabase, response }) or rename this to reflect its purpose (e.g., updateSession) and clearly document the return shape.
| export const createClient = (request: NextRequest) => { | |
| /** | |
| * Updates the session cookies and returns a NextResponse object. | |
| * @param {NextRequest} request - The incoming Next.js request. | |
| * @returns {NextResponse} The modified NextResponse with updated cookies. | |
| */ | |
| export const updateSessionResponse = (request: NextRequest) => { |
| return supabaseResponse; | ||
| }; |
There was a problem hiding this comment.
[nitpick] This function is named createClient but returns a NextResponse, not the Supabase client. Either return the Supabase client (and/or a tuple like { supabase, response }) or rename this to reflect its purpose (e.g., updateSession) and clearly document the return shape.
| import * as React from "react"; | ||
|
|
||
| import { cn } from "@/lib/utils"; |
There was a problem hiding this comment.
This component is imported by client components (e.g., the login page). Without 'use client' at the top, it'll be treated as a Server Component and cannot be imported into Client Components. Add 'use client' to avoid build/runtime errors.
| <button className="hidden sm:flex text-xs border border-emerald-500 dark:border-purple-500 px-3 py-1.5 rounded-md hover:bg-emerald-100 dark:hover:bg-violet-900 transition-colors duration-200 items-center gap-1.5"> | ||
| <span>Logout</span> | ||
| {!loading && ( | ||
| <span className="text-xs opacity-70">{`(${user.user_metadata.name})`}</span> | ||
| )} | ||
| </button> |
There was a problem hiding this comment.
The Logout button has no onClick handler, so it won't sign the user out. Add a sign-out call, e.g., onClick={async () => { await supabase.auth.signOut(); location.reload(); }} or use router.refresh()/push after sign-out.
| export function createClient() { | ||
| return createBrowserClient( | ||
| process.env.NEXT_PUBLIC_SUPABASE_URL!, | ||
| process.env.NEXT_PUBLIC_SUPABASE_PUBLISHABLE_OR_ANON_KEY!, |
There was a problem hiding this comment.
[nitpick] The env var name NEXT_PUBLIC_SUPABASE_PUBLISHABLE_OR_ANON_KEY is non-standard and ambiguous. Prefer the conventional NEXT_PUBLIC_SUPABASE_ANON_KEY to reduce misconfiguration risk and align with Supabase docs.
| process.env.NEXT_PUBLIC_SUPABASE_PUBLISHABLE_OR_ANON_KEY!, | |
| process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!, |
| import { cookies } from "next/headers"; | ||
|
|
||
| const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL; | ||
| const supabaseKey = process.env.NEXT_PUBLIC_SUPABASE_PUBLISHABLE_OR_ANON_KEY; |
There was a problem hiding this comment.
[nitpick] Use a clear, conventional name for the anon key, e.g., NEXT_PUBLIC_SUPABASE_ANON_KEY. This avoids confusion with the service role key and aligns with Supabase examples.
| const supabaseKey = process.env.NEXT_PUBLIC_SUPABASE_PUBLISHABLE_OR_ANON_KEY; | |
| const supabaseKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY; |
Co-authored-by: Copilot <[email protected]>
Co-authored-by: Copilot <[email protected]>
Co-authored-by: Copilot <[email protected]>
add google login