AuthGuard

Author: kanekoshoyu

src/components/interactive/AuthGuard.tsx

@@ -0,0 +1,54 @@
+import React, { useEffect, useState } from 'react';
+import { EXTERNAL } from '@/constant';
+import { getUserProfile, type UserProfile } from '@/lib/utils';
+
+interface AuthGuardProps {
+  children: React.ReactNode;
+}
+
+export default function AuthGuard({ children }: AuthGuardProps) {
+  const [isAuthenticated, setIsAuthenticated] = useState<boolean | null>(null);
+  const [userProfile, setUserProfile] = useState<UserProfile | null>(null);
+
+  useEffect(() => {
+    async function checkAuth() {
+      const profile = await getUserProfile(EXTERNAL.directus_url);
+      if (profile) {
+        setUserProfile(profile);
+        setIsAuthenticated(true);
+      } else {
+        setIsAuthenticated(false);
+        // Redirect to login
+        window.location.href = `${EXTERNAL.directus_url}/auth/login/authentik?redirect=${encodeURIComponent(window.location.href)}`;
+      }
+    }
+
+    checkAuth();
+  }, []);
+
+  // Show loading while checking auth
+  if (isAuthenticated === null) {
+    return (
+      <div className="min-h-screen flex items-center justify-center">
+        <div className="text-center">
+          <div className="animate-spin rounded-full h-8 w-8 border-b-2 border-gray-900 mx-auto mb-4"></div>
+          <p>Checking authentication...</p>
+        </div>
+      </div>
+    );
+  }
+
+  // Show children if authenticated
+  if (isAuthenticated) {
+    return <>{children}</>;
+  }
+
+  // This shouldn't render as we redirect above, but just in case
+  return (
+    <div className="min-h-screen flex items-center justify-center">
+      <div className="text-center">
+        <p>Redirecting to login...</p>
+      </div>
+    </div>
+  );
+}

src/components/interactive/RoleFitIndexForm.tsx

@@ -19,6 +19,7 @@ import { zodResolver } from "@hookform/resolvers/zod";
 import DragAndDropUpload from "./DragAndDropUpload";
 import { Loader2, Check, X } from "lucide-react";
 import { EXTERNAL } from '@/constant';
+import { getUserProfile, type UserProfile } from '@/lib/utils';
 
 const schema = z.object({
   jobDescription: z.string().min(1, "Paste the JD or provide a URL"),
@@ -27,7 +28,7 @@ const schema = z.object({
 
 type FormValues = z.infer<typeof schema>;
 
-type Me = { id: string } | null;
+type Me = UserProfile | null;
 type BalanceRow = {
   id: number;
   user: string;
@@ -78,25 +79,28 @@ export default function RoleFitForm() {
 
   const DIRECTUS_URL = EXTERNAL.directus_url;
 
+  // Helper function to get authorization header
+  const getAuthHeaders = (): Record<string, string> => {
+    return isAuthed
+      ? {} // No auth header needed for authenticated users (using session cookies)
+      : { Authorization: `Bearer ${EXTERNAL.directus_key}` }; // Guest token for unauthenticated users
+  };
+
   // --- Auth & Quota fetch (session cookies) ---
   useEffect(() => {
     let cancelled = false;
 
     (async () => {
       try {
         // who am I?
-        const meRes = await fetch(`${DIRECTUS_URL}/users/me`, {
-          credentials: "include",
-        });
-        if (!meRes.ok) {
+        const meData = await getUserProfile(DIRECTUS_URL);
+        if (!meData) {
           setIsAuthed(false);
           setMe(null);
           setQuotaUsed(null);
           setQuotaRemaining(null);
           return;
         }
-        const meJson = await meRes.json();
-        const meData: Me = meJson?.data ?? null;
         if (cancelled) return;
 
         setMe(meData);
@@ -167,7 +171,8 @@ export default function RoleFitForm() {
     url.searchParams.set("limit", "1");
 
     const res = await fetch(url.toString(), {
-      headers: { Authorization: `Bearer ${EXTERNAL.directus_key}` },
+      credentials: isAuthed ? "include" : "omit",
+      headers: getAuthHeaders(),
     });
     const js = await res.json();
     if (!res.ok) throw new Error(js?.errors?.[0]?.message || "Checksum lookup failed");
@@ -193,7 +198,8 @@ export default function RoleFitForm() {
     fd.append("file", file, file.name || "cv.pdf");
     const uploadRes = await fetch(`${DIRECTUS_URL}/files`, {
       method: "POST",
-      headers: { Authorization: `Bearer ${EXTERNAL.directus_key}` },
+      credentials: isAuthed ? "include" : "omit",
+      headers: getAuthHeaders(),
       body: fd,
     });
     const uploadJs = await uploadRes.json();
@@ -207,17 +213,21 @@ export default function RoleFitForm() {
 
   /** Create submission */
   const createSubmission = async (jd: string, fileId: string) => {
+    const body = {
+      cv_file: fileId,
+      status: "submitted",
+      job_description: { raw_input: jd },
+      ...(isAuthed && me?.id ? { user: me.id } : {}),
+    };
+    
     const res = await fetch(`${DIRECTUS_URL}/items/role_fit_index_submission`, {
       method: "POST",
+      credentials: isAuthed ? "include" : "omit",
       headers: {
-        Authorization: `Bearer ${EXTERNAL.directus_key}`,
+        ...getAuthHeaders(),
         "Content-Type": "application/json",
       },
-      body: JSON.stringify({
-        cv_file: fileId,
-        status: "submitted",
-        job_description: { raw_input: jd },
-      }),
+      body: JSON.stringify(body),
     });
     const js = await res.json();
     if (!res.ok) throw new Error(js?.errors?.[0]?.message || "Submission failed");
@@ -235,7 +245,8 @@ export default function RoleFitForm() {
         url.searchParams.set("sort", "-date_created");
         url.searchParams.set("filter[submission][_eq]", id);
         const res = await fetch(url.toString(), {
-          headers: { Authorization: `Bearer ${EXTERNAL.directus_key}` },
+          credentials: isAuthed ? "include" : "omit",
+          headers: getAuthHeaders(),
         });
         const js = await res.json();
         if (res.ok && js?.data?.length) {
@@ -279,7 +290,10 @@ export default function RoleFitForm() {
         }, 90_000);
 
         ws.onopen = () => {
-          ws.send(JSON.stringify({ type: "auth", access_token: EXTERNAL.directus_key }));
+          const authToken = isAuthed ? undefined : EXTERNAL.directus_key;
+          if (authToken) {
+            ws.send(JSON.stringify({ type: "auth", access_token: authToken }));
+          }
         };
 
         ws.onmessage = async (evt) => {
@@ -313,7 +327,8 @@ export default function RoleFitForm() {
                 url.searchParams.set("sort", "-date_created");
                 url.searchParams.set("filter[submission][_eq]", String(id));
                 const res = await fetch(url.toString(), {
-                  headers: { Authorization: `Bearer ${EXTERNAL.directus_key}` },
+                  credentials: isAuthed ? "include" : "omit",
+                  headers: getAuthHeaders(),
                 });
                 const js = await res.json();
                 if (res.ok && js?.data?.length) {
@@ -519,14 +534,27 @@ export default function RoleFitForm() {
               ) : null}
             </div>
 
-            <Button
-              type="submit"
-              variant="default"
-              className="w-full"
-              disabled={submitting || step !== 0}
-            >
-              {buttonText}
-            </Button>
+            {/* Conditionally show button or top-up link based on quota */}
+            {isAuthed === true && quotaRemaining === 0 ? (
+              <Button
+                asChild
+                variant="default"
+                className="w-full"
+              >
+                <a href="/dashboard/role-fit-index/top-up">
+                  Top Up Credits to Continue
+                </a>
+              </Button>
+            ) : (
+              <Button
+                type="submit"
+                variant="default"
+                className="w-full"
+                disabled={submitting || step !== 0}
+              >
+                {buttonText}
+              </Button>
+            )}
           </form>
         </Form>
       </CardContent>

src/lib/utils.ts

@@ -4,3 +4,29 @@ import { twMerge } from "tailwind-merge"
 export function cn(...inputs: ClassValue[]) {
   return twMerge(clsx(inputs))
 }
+
+export type UserProfile = {
+  id: string;
+  first_name?: string;
+  last_name?: string;
+  email?: string;
+  [key: string]: any;
+}
+
+export async function getUserProfile(directusUrl: string): Promise<UserProfile | null> {
+  try {
+    const res = await fetch(`${directusUrl}/users/me`, {
+      credentials: "include",
+      headers: { Accept: "application/json" },
+    });
+    
+    if (!res.ok) {
+      return null;
+    }
+    
+    const json = await res.json();
+    return json?.data ?? json;
+  } catch {
+    return null;
+  }
+}

src/pages/dashboard/index.astro

@@ -3,28 +3,31 @@ import Layout from "@/layouts/Layout.astro";
 import Header from "@/components/Header.astro";
 import Footer from "@/components/Footer.astro";
 import { Sidebar } from "@/components/interactive/Sidebar";
+import AuthGuard from "@/components/interactive/AuthGuard";
 ---
 
 <Layout title="Home - Bounteer">
-  <Header />
+  <AuthGuard client:load>
+    <Header />
 
-  <main class="bg-gray-50">
-    <section class="container-custom lg:max-w-none lg:px-0 py-10 lg:py-14">
-      <div class="lg:flex">
-        <Sidebar />
+    <main class="bg-gray-50">
+      <section class="container-custom lg:max-w-none lg:px-0 py-10 lg:py-14">
+        <div class="lg:flex">
+          <Sidebar />
 
-        <div class="w-full lg:pl-6 lg:pr-8">
-          <div class="mb-6 py-6">
-            <h1 class="text-2xl font-semibold tracking-tight">Dashboard</h1>
-            <p class="text-sm text-muted-foreground">
-              Choose a credit package to add funds to your account.
-            </p>
+          <div class="w-full lg:pl-6 lg:pr-8">
+            <div class="mb-6 py-6">
+              <h1 class="text-2xl font-semibold tracking-tight">Dashboard</h1>
+              <p class="text-sm text-muted-foreground">
+                Choose a credit package to add funds to your account.
+              </p>
+            </div>
+            something here
           </div>
-          something here
         </div>
-      </div>
-    </section>
-  </main>
+      </section>
+    </main>
 
-  <Footer />
+    <Footer />
+  </AuthGuard>
 </Layout>

src/pages/dashboard/role-fit-index/index.astro

@@ -5,30 +5,33 @@ import Footer from "@/components/Footer.astro";
 import RoleFitForm from "@/components/interactive/RoleFitIndexForm";
 import { Sidebar } from "@/components/interactive/Sidebar";
 import UserReportTable from "@/components/interactive/UserReportTable";
+import AuthGuard from "@/components/interactive/AuthGuard";
 
 const USER_ID = "51bad019-1d3b-4f7a-9a89-87355fbcde84";
 ---
 
 <Layout title="Role Fit Index - Bounteer">
-  <Header />
+  <AuthGuard client:load>
+    <Header />
 
-  <main class="bg-gray-50">
-    <section class="container-custom lg:max-w-none lg:px-0 py-10 lg:py-14">
-      <div class="lg:flex">
-        <Sidebar />
+    <main class="bg-gray-50">
+      <section class="container-custom lg:max-w-none lg:px-0 py-10 lg:py-14">
+        <div class="lg:flex">
+          <Sidebar />
 
-        <div class="w-full lg:pl-6 lg:pr-8">
-          <div class="mb-6 py-6">
-            <h1 class="text-2xl font-semibold tracking-tight">
-              Role Fit Index Reports
-            </h1>
-          </div>
+          <div class="w-full lg:pl-6 lg:pr-8">
+            <div class="mb-6 py-6">
+              <h1 class="text-2xl font-semibold tracking-tight">
+                Role Fit Index Reports
+              </h1>
+            </div>
 
-          <UserReportTable userId={USER_ID} pageSize={10} client:load />
+            <UserReportTable userId={USER_ID} pageSize={10} client:load />
+          </div>
         </div>
-      </div>
-    </section>
-  </main>
+      </section>
+    </main>
 
-  <Footer />
+    <Footer />
+  </AuthGuard>
 </Layout>

src/pages/dashboard/role-fit-index/top-up/confirm.astro

@@ -4,23 +4,26 @@ import Footer from "@/components/Footer.astro";
 import { Sidebar } from "@/components/interactive/Sidebar";
 import { Button } from "@/components/ui/button";
 import Header from "@/components/Header.astro";
+import AuthGuard from "@/components/interactive/AuthGuard";
 ---
 
 <Layout title="Top Up Confirmation — Bounteer">
-  <Header />
+  <AuthGuard client:load>
+    <Header />
 
-  <main class="bg-gray-50 min-h-screen flex">
-    <Sidebar />
+    <main class="bg-gray-50 min-h-screen flex">
+      <Sidebar />
 
-    <section class="flex-1 flex flex-col items-center justify-center px-6">
-      <h1 class="text-2xl font-semibold tracking-tight mb-6 text-center">
-        Payment confirmed, Thank you!
-      </h1>
-      <Button className="w-fit">
-        <a href="/dashboard/role-fit-index/top-up/">Return</a>
-      </Button>
-    </section>
-  </main>
+      <section class="flex-1 flex flex-col items-center justify-center px-6">
+        <h1 class="text-2xl font-semibold tracking-tight mb-6 text-center">
+          Payment confirmed, Thank you!
+        </h1>
+        <Button className="w-fit">
+          <a href="/dashboard/role-fit-index/top-up/">Return</a>
+        </Button>
+      </section>
+    </main>
 
-  <Footer />
+    <Footer />
+  </AuthGuard>
 </Layout>