fix: resolve authentication flow issues and eliminate no_session errors - remove client-side OAuth callback pages to prevent conflicts - enhance middleware with grace periods for signup/OAuth flows - add from=signup parameter to dashboard redirects - improve session establishment timing and retry logic - add success message handling in login component - resolves redirect issues after signup in production

Author: frckbrice

.coderabbit.yaml

@@ -12,49 +12,49 @@ frameworks:
 reviews:
   # Enable automatic reviews on pull requests
   auto_review: true
-  
+
   # Enable draft PR reviews
   draft_reviews: true
-  
+
   # Review scope
   scope:
-    - "src/**"
-    - "*.ts"
-    - "*.tsx"
-    - "*.js"
-    - "*.jsx"
-    - "*.json"
-    - "*.md"
-    - ".github/**"
-  
+    - 'src/**'
+    - '*.ts'
+    - '*.tsx'
+    - '*.js'
+    - '*.jsx'
+    - '*.json'
+    - '*.md'
+    - '.github/**'
+
   # Exclude patterns
   exclude:
-    - "node_modules/**"
-    - ".next/**"
-    - "dist/**"
-    - "build/**"
-    - "coverage/**"
-    - "*.min.js"
-    - "yarn.lock"
-    - "package-lock.json"
+    - 'node_modules/**'
+    - '.next/**'
+    - 'dist/**'
+    - 'build/**'
+    - 'coverage/**'
+    - '*.min.js'
+    - 'yarn.lock'
+    - 'package-lock.json'
 
 # Code quality checks
 quality:
   # Security checks
   security: true
-  
+
   # Performance analysis
   performance: true
-  
+
   # Best practices
   best_practices: true
-  
+
   # Code style and formatting
   style: true
-  
+
   # Type safety (TypeScript)
   type_safety: true
-  
+
   # Test coverage analysis
   test_coverage: true
 
@@ -66,21 +66,21 @@ rules:
     - use_proper_hooks_dependencies
     - avoid_inline_styles
     - proper_key_props
-  
+
   # TypeScript specific
   typescript:
     - strict_type_checking
     - no_any_types
     - proper_interface_naming
     - consistent_return_types
-  
+
   # Security specific
   security:
     - no_hardcoded_secrets
     - secure_api_endpoints
     - proper_authentication_checks
     - validate_user_inputs
-  
+
   # Performance specific
   performance:
     - optimize_database_queries
@@ -93,33 +93,33 @@ integrations:
   github:
     # Enable PR comments
     pr_comments: true
-    
+
     # Enable status checks
     status_checks: true
-    
+
     # Auto-approve minor changes (optional)
     auto_approve_minor: false
-    
+
     # Request reviews for major changes
     request_human_review: true
 
 # Notification settings
 notifications:
   # Notify on high-priority issues
   high_priority: true
-  
+
   # Notify on security issues
   security_issues: true
-  
+
   # Summary reports
   summary_reports: true
 
 # Custom prompts for this project
 custom_prompts:
-  - "Focus on real-time collaboration features and ensure proper handling of concurrent users"
-  - "Pay attention to Supabase integration and PostgREST query optimization"
-  - "Review authentication and authorization implementation carefully"
-  - "Check for proper error handling in async operations"
-  - "Ensure proper cleanup of real-time subscriptions and connections"
-  - "Validate proper use of React hooks and state management"
-  - "Review test coverage and quality of unit tests"
+  - 'Focus on real-time collaboration features and ensure proper handling of concurrent users'
+  - 'Pay attention to Supabase integration and PostgREST query optimization'
+  - 'Review authentication and authorization implementation carefully'
+  - 'Check for proper error handling in async operations'
+  - 'Ensure proper cleanup of real-time subscriptions and connections'
+  - 'Validate proper use of React hooks and state management'
+  - 'Review test coverage and quality of unit tests'

README.md

@@ -87,7 +87,6 @@
 
 ### 📝 Real-time Editor
 
-
 ![dashboard](/public/project-images/realtime-dashboard.png)
 ![Real-time Editor](public/project-images/3.png)
 ![Collaboration](public/project-images/13.png)
@@ -332,35 +331,41 @@ src/
 ### v2.0.0 - PostgREST Migration & Enhanced Collaboration
 
 #### 🔄 Database Layer Refactor
+
 - **Migrated from Drizzle ORM to PostgREST**: Improved performance and simplified database interactions
 - **Enhanced Query Optimization**: More efficient data fetching with PostgREST's built-in filtering and pagination
 - **Type Safety**: Maintained full TypeScript support throughout the migration
 
 #### 👥 Improved Collaborator System
+
 - **Complete Collaborator Visibility**: All workspace members (owners and invitees) can now see the full collaborator list
 - **Online Status Indicators**: Real-time green dots show who's currently active
 - **Avatar Fallbacks**: Proper avatar fallbacks for all collaborators
 - **Enhanced Tooltips**: Detailed collaborator information with online status
 
 #### 🎨 UI/UX Enhancements
+
 - **Breadcrumb Navigation**: Instant visibility of workspace/folder/file names
 - **Banner Inheritance**: Folders and files inherit workspace banners when not set
 - **Connection Status**: Real-time connection indicators
 - **Responsive Collaborator List**: Better mobile experience for collaboration features
 
 #### 🚀 Performance Optimizations
+
 - **Reduced Re-rendering**: Optimized React hooks and memoization
 - **Stable Realtime Connections**: Improved WebSocket connection management
 - **Memory Leak Prevention**: Proper cleanup of realtime subscriptions
 - **Concurrent Connection Limits**: Reduced Supabase realtime connection usage
 
 #### 🔧 Developer Experience
+
 - **Linting Improvements**: Fixed all ESLint warnings and errors
 - **Build Optimization**: Resolved TypeScript compilation issues
 - **Code Organization**: Better separation of concerns and cleaner architecture
 - **Error Handling**: Enhanced error boundaries and user feedback
 
 #### 🐛 Bug Fixes
+
 - **Redirect Loop Fix**: Resolved dashboard navigation issues
 - **Stripe Integration**: Fixed deprecated payment session properties
 - **Authentication Flow**: Improved server-side authentication handling

src/app/(auth)/auth/callback/page.tsx

@@ -7,7 +7,10 @@ vi.mock('@/components/features/landing-page', () => ({
   default: () => (
     <div data-testid="landing-page">
       <h1>Real-time Collaborative Platform</h1>
-      <p>Welcome to the real-time collaborative platform. Boost productivity and teamwork with seamless collaboration tools.</p>
+      <p>
+        Welcome to the real-time collaborative platform. Boost productivity and teamwork with
+        seamless collaboration tools.
+      </p>
       <section>
         <h2>Features</h2>
         <ul>
@@ -33,26 +36,26 @@ vi.mock('@/lib/utils/sync-stripe-products', () => ({
 describe('HomePage Component', () => {
   it('renders the home page with correct metadata', () => {
     render(<HomePage />);
-    
+
     // Check that the landing page component is rendered
     expect(screen.getByTestId('landing-page')).toBeInTheDocument();
   });
 
   it('displays the main heading', () => {
     render(<HomePage />);
-    
+
     expect(screen.getByText('Real-time Collaborative Platform')).toBeInTheDocument();
   });
 
   it('shows the welcome description', () => {
     render(<HomePage />);
-    
+
     expect(screen.getByText(/Welcome to the real-time collaborative platform/)).toBeInTheDocument();
   });
 
   it('displays features section', () => {
     render(<HomePage />);
-    
+
     expect(screen.getByText('Features')).toBeInTheDocument();
     expect(screen.getByText('Real-time editing')).toBeInTheDocument();
     expect(screen.getByText('Collaborative workspaces')).toBeInTheDocument();
@@ -61,7 +64,7 @@ describe('HomePage Component', () => {
 
   it('shows get started section with action buttons', () => {
     render(<HomePage />);
-    
+
     expect(screen.getByText('Get Started')).toBeInTheDocument();
     expect(screen.getByRole('button', { name: 'Sign Up' })).toBeInTheDocument();
     expect(screen.getByRole('button', { name: 'Learn More' })).toBeInTheDocument();

src/app/(auth)/callback/page.tsx

@@ -27,19 +27,43 @@ export async function POST(request: NextRequest) {
         success: !exchangeError,
         error: exchangeError?.message,
         user: data?.user ? 'present' : 'missing',
+        session: data?.session ? 'present' : 'missing',
       });
 
       if (exchangeError) {
         console.error('Code exchange error:', exchangeError);
         return NextResponse.redirect(new URL('/login?error=auth_failed', request.url));
       }
 
-      if (data?.user) {
+      if (data?.user && data?.session) {
         console.log('Auth callback - Successfully authenticated user:', data.user.email);
-        // Successful authentication
-        return NextResponse.redirect(new URL('/dashboard', request.url));
+        console.log('Auth callback - Session established, redirecting to dashboard');
+
+        // Set cookies and redirect to dashboard
+        const response = NextResponse.redirect(new URL('/dashboard?from=oauth', request.url));
+
+        // Ensure cookies are properly set for the session
+        if (data.session.access_token) {
+          response.cookies.set('sb-access-token', data.session.access_token, {
+            httpOnly: true,
+            secure: process.env.NODE_ENV === 'production',
+            sameSite: 'lax',
+            maxAge: 60 * 60 * 24 * 7, // 7 days
+          });
+        }
+
+        if (data.session.refresh_token) {
+          response.cookies.set('sb-refresh-token', data.session.refresh_token, {
+            httpOnly: true,
+            secure: process.env.NODE_ENV === 'production',
+            sameSite: 'lax',
+            maxAge: 60 * 60 * 24 * 30, // 30 days
+          });
+        }
+
+        return response;
       } else {
-        console.error('Auth callback - No user data after successful exchange');
+        console.error('Auth callback - No user or session data after successful exchange');
         return NextResponse.redirect(new URL('/login?error=no_user_data', request.url));
       }
     }
@@ -57,5 +81,3 @@ export async function GET(request: NextRequest) {
   // Handle GET requests (for direct browser navigation)
   return POST(request);
 }
-
-