diff --git a/app/api/auth/route.js b/app/api/auth/route.js index 6633ff2..9894e1f 100644 --- a/app/api/auth/route.js +++ b/app/api/auth/route.js @@ -7,14 +7,19 @@ const supabase = createClient( export async function POST(req) { try { - const { email, password, captchaToken, action } = await req.json() + // Parse JSON body safely + const body = await req.json() + const { email, password, captchaToken, action } = body || {} - if (!email || !password) - return new Response(JSON.stringify({ message: 'Email and password required' }), { status: 400 }) + // Validate required fields + if (!email || !password) { + return new Response(JSON.stringify({ success: false, message: 'Email and password are required' }), { status: 400 }) + } if (action === 'signup') { - if (!captchaToken) - return new Response(JSON.stringify({ message: 'Captcha token missing' }), { status: 400 }) + if (!captchaToken) { + return new Response(JSON.stringify({ success: false, message: 'Captcha token missing' }), { status: 400 }) + } // Verify Turnstile token const verifyRes = await fetch('https://challenges.cloudflare.com/turnstile/v0/siteverify', { @@ -26,27 +31,32 @@ export async function POST(req) { }), }) - const data = await verifyRes.json() - if (!data.success) - return new Response(JSON.stringify({ message: 'Captcha verification failed' }), { status: 400 }) + const verifyData = await verifyRes.json() + if (!verifyData.success) { + return new Response(JSON.stringify({ success: false, message: 'Captcha verification failed' }), { status: 400 }) + } // Create Supabase user const { user, error } = await supabase.auth.admin.createUser({ email, password }) - if (error) - return new Response(JSON.stringify({ message: error.message }), { status: 400 }) + if (error) { + return new Response(JSON.stringify({ success: false, message: error.message }), { status: 400 }) + } - return new Response(JSON.stringify({ message: 'Signup successful! Check your email.' }), { status: 200 }) + return new Response(JSON.stringify({ success: true, message: 'Signup successful! Check your email.' }), { status: 200 }) } + // Login stays frontend-only else if (action === 'login') { - return new Response(JSON.stringify({ message: 'Use frontend login with anon key' }), { status: 400 }) + return new Response(JSON.stringify({ success: false, message: 'Use frontend login with anon key' }), { status: 400 }) } + // Invalid action else { - return new Response(JSON.stringify({ message: 'Invalid action' }), { status: 400 }) + return new Response(JSON.stringify({ success: false, message: 'Invalid action' }), { status: 400 }) } + } catch (err) { - console.error(err) - return new Response(JSON.stringify({ message: 'Internal server error' }), { status: 500 }) + console.error('API Error:', err) + return new Response(JSON.stringify({ success: false, message: 'Internal server error' }), { status: 500 }) } } \ No newline at end of file diff --git a/app/login/page.jsx b/app/login/page.jsx index ac91dde..f1cfa59 100644 --- a/app/login/page.jsx +++ b/app/login/page.jsx @@ -41,7 +41,7 @@ export default function LoginPage() { try { if (isLogin) { - // Login with frontend anon key + // Login using frontend anon key only, no captcha const { error } = await supabase.auth.signInWithPassword({ email, password }) if (error) throw error router.push('/dashboard') @@ -56,13 +56,13 @@ export default function LoginPage() { }) const data = await res.json() - if (!res.ok) throw new Error(data.message) + if (!data.success) throw new Error(data.message || 'Signup failed') alert(data.message) setIsLogin(true) // switch to login after signup } } catch (err) { - setError(err.message) + setError(err.message || 'Something went wrong') } finally { setLoading(false) } @@ -141,6 +141,7 @@ export default function LoginPage() { )} + {/* Turnstile only for signup */} {!isLogin && (
- Continue with Google + + Continue with Google
diff --git a/public/google.webp b/public/google.webp new file mode 100644 index 0000000..4355fce Binary files /dev/null and b/public/google.webp differ