From c8b1a7e6fcf85a37307fc7ebde4a00576691e691 Mon Sep 17 00:00:00 2001
From: estib <stron@me.com>
Date: Mon, 16 Jun 2025 17:29:33 +0200
Subject: [PATCH 1/8] feat(web): add GitHub and Google OAuth button components

Add reusable OAuth login button components (GitHub and Google) for use on login/signup pages. Each button includes style and click logic for OAuth redirect.
---
 .../lib/components/login/GitHubButton.svelte  | 51 ++++++++++++++++
 .../lib/components/login/GoogleButton.svelte  | 61 +++++++++++++++++++
 2 files changed, 112 insertions(+)
 create mode 100644 apps/web/src/lib/components/login/GitHubButton.svelte
 create mode 100644 apps/web/src/lib/components/login/GoogleButton.svelte

diff --git a/apps/web/src/lib/components/login/GitHubButton.svelte b/apps/web/src/lib/components/login/GitHubButton.svelte
new file mode 100644
index 0000000000..595048ba1a
--- /dev/null
+++ b/apps/web/src/lib/components/login/GitHubButton.svelte
@@ -0,0 +1,51 @@
+<script lang="ts">
+	import { env } from '$env/dynamic/public';
+</script>
+
+<a
+	class="oauth-login"
+	href={`${env.PUBLIC_APP_HOST}auth/github?origin=${encodeURIComponent(window.location.href)}`}
+	title="Sign in with GitHub"
+	aria-label="Sign in with GitHub"
+>
+	<svg class="oauth-logo" viewBox="0 0 100 100" xmlns="http://www.w3.org/2000/svg">
+		<title>Sign in with GitHub</title>
+		<path
+			fill-rule="evenodd"
+			clip-rule="evenodd"
+			d="M48.854 0C21.839 0 0 22 0 49.217c0 21.756 13.993 40.172 33.405 46.69 2.427.49 3.316-1.059 3.316-2.362 0-1.141-.08-5.052-.08-9.127-13.59 2.934-16.42-5.867-16.42-5.867-2.184-5.704-5.42-7.17-5.42-7.17-4.448-3.015.324-3.015.324-3.015 4.934.326 7.523 5.052 7.523 5.052 4.367 7.496 11.404 5.378 14.235 4.074.404-3.178 1.699-5.378 3.074-6.6-10.839-1.141-22.243-5.378-22.243-24.283 0-5.378 1.94-9.778 5.014-13.2-.485-1.222-2.184-6.275.486-13.038 0 0 4.125-1.304 13.426 5.052a46.97 46.97 0 0 1 12.214-1.63c4.125 0 8.33.571 12.213 1.63 9.302-6.356 13.427-5.052 13.427-5.052 2.67 6.763.97 11.816.485 13.038 3.155 3.422 5.015 7.822 5.015 13.2 0 18.905-11.404 23.06-22.324 24.283 1.78 1.548 3.316 4.481 3.316 9.126 0 6.6-.08 11.897-.08 13.526 0 1.304.89 2.853 3.316 2.364 19.412-6.52 33.405-24.935 33.405-46.691C97.707 22 75.788 0 48.854 0z"
+			fill="#000"
+		/>
+	</svg>
+	<span>Sign in with GitHub</span>
+</a>
+
+<style lang="postcss">
+	.oauth-login {
+		display: flex;
+		align-items: center;
+		padding: 8px;
+		gap: 8px;
+		border: 1px solid var(--clr-border-2);
+		border-radius: var(--radius-m);
+		background-color: var(--clr-bg-1);
+		color: var(--clr-scale-ntrl-0);
+		cursor: pointer;
+
+		&:hover {
+			background-color: var(--clr-bg-2);
+		}
+
+		span {
+			width: 100%;
+			font-weight: 500;
+			font-size: 14px;
+			text-align: center;
+		}
+	}
+
+	.oauth-logo {
+		width: 24px;
+		height: 24px;
+	}
+</style>
diff --git a/apps/web/src/lib/components/login/GoogleButton.svelte b/apps/web/src/lib/components/login/GoogleButton.svelte
new file mode 100644
index 0000000000..4d48d7a282
--- /dev/null
+++ b/apps/web/src/lib/components/login/GoogleButton.svelte
@@ -0,0 +1,61 @@
+<script lang="ts">
+	import { env } from '$env/dynamic/public';
+</script>
+
+<a
+	class="oauth-login"
+	href={`${env.PUBLIC_APP_HOST}auth/google_oauth2?origin=${encodeURIComponent(window.location.href)}`}
+	title="Sign in with Google"
+	aria-label="Sign in with Google"
+>
+	<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" class="oauth-logo">
+		<title>Sign in with Google</title>
+		<path
+			d="M22.56 12.25c0-.78-.07-1.53-.2-2.25H12v4.26h5.92c-.26 1.37-1.04 2.53-2.21 3.31v2.77h3.57c2.08-1.92 3.28-4.74 3.28-8.09z"
+			fill="#4285f4"
+		></path>
+		<path
+			d="M12 23c2.97 0 5.46-.98 7.28-2.66l-3.57-2.77c-.98.66-2.23 1.06-3.71 1.06-2.86 0-5.29-1.93-6.16-4.53H2.18v2.84C3.99 20.53 7.7 23 12 23z"
+			fill="#34a853"
+		></path>
+		<path
+			d="M5.84 14.09c-.22-.66-.35-1.36-.35-2.09s.13-1.43.35-2.09V7.07H2.18C1.43 8.55 1 10.22 1 12s.43 3.45 1.18 4.93l2.85-2.22.81-.62z"
+			fill="#fbbc05"
+		></path>
+		<path
+			d="M12 5.38c1.62 0 3.06.56 4.21 1.64l3.15-3.15C17.45 2.09 14.97 1 12 1 7.7 1 3.99 3.47 2.18 7.07l3.66 2.84c.87-2.6 3.3-4.53 6.16-4.53z"
+			fill="#ea4335"
+		></path>
+	</svg>
+	<span>Sign in with Google</span>
+</a>
+
+<style lang="postcss">
+	.oauth-login {
+		display: flex;
+		align-items: center;
+		padding: 8px;
+		gap: 8px;
+		border: 1px solid var(--clr-border-2);
+		border-radius: var(--radius-m);
+		background-color: var(--clr-bg-1);
+		color: var(--clr-scale-ntrl-0);
+		cursor: pointer;
+
+		&:hover {
+			background-color: var(--clr-bg-2);
+		}
+
+		span {
+			width: 100%;
+			font-weight: 500;
+			font-size: 14px;
+			text-align: center;
+		}
+	}
+
+	.oauth-logo {
+		width: 24px;
+		height: 24px;
+	}
+</style>

From 88a3b32fd61a65aa48d54789f6b8a7d1fd88345d Mon Sep 17 00:00:00 2001
From: estib <stron@me.com>
Date: Mon, 16 Jun 2025 17:29:33 +0200
Subject: [PATCH 2/8] feat(web/auth): add redirect guard components

Add Svelte components for handling redirect logic:
- RedirectIfLoggedIn redirects authenticated users away from login/signup/reset pages.
- RedirectIfNotFinalized redirects logged-in users missing required data to finalize account.
---
 .../src/lib/auth/RedirectIfLoggedIn.svelte    | 18 ++++++++++++
 .../lib/auth/RedirectIfNotFinalized.svelte    | 28 +++++++++++++++++++
 2 files changed, 46 insertions(+)
 create mode 100644 apps/web/src/lib/auth/RedirectIfLoggedIn.svelte
 create mode 100644 apps/web/src/lib/auth/RedirectIfNotFinalized.svelte

diff --git a/apps/web/src/lib/auth/RedirectIfLoggedIn.svelte b/apps/web/src/lib/auth/RedirectIfLoggedIn.svelte
new file mode 100644
index 0000000000..ccb886fc88
--- /dev/null
+++ b/apps/web/src/lib/auth/RedirectIfLoggedIn.svelte
@@ -0,0 +1,18 @@
+<script lang="ts">
+	import { goto } from '$app/navigation';
+	import { USER_SERVICE } from '$lib/user/userService';
+	import { inject } from '@gitbutler/shared/context';
+	import { WEB_ROUTES_SERVICE } from '@gitbutler/shared/routing/webRoutes.svelte';
+
+	const routesService = inject(WEB_ROUTES_SERVICE);
+	const userService = inject(USER_SERVICE);
+	const user = userService.user;
+	const isLoggedIn = $derived($user !== undefined);
+
+	// If there is a user, redirect to the home page
+	$effect(() => {
+		if (isLoggedIn) {
+			goto(routesService.homePath());
+		}
+	});
+</script>
diff --git a/apps/web/src/lib/auth/RedirectIfNotFinalized.svelte b/apps/web/src/lib/auth/RedirectIfNotFinalized.svelte
new file mode 100644
index 0000000000..ee12c931d7
--- /dev/null
+++ b/apps/web/src/lib/auth/RedirectIfNotFinalized.svelte
@@ -0,0 +1,28 @@
+<script lang="ts">
+	import { afterNavigate, goto } from '$app/navigation';
+	import { USER_SERVICE } from '$lib/user/userService';
+	import { inject } from '@gitbutler/shared/context';
+	import { WEB_ROUTES_SERVICE } from '@gitbutler/shared/routing/webRoutes.svelte';
+
+	const routesService = inject(WEB_ROUTES_SERVICE);
+	const userService = inject(USER_SERVICE);
+	const user = userService.user;
+	const userEmail = $derived($user?.email);
+	const userLogin = $derived($user?.login);
+	const isLoggedIn = $derived($user !== undefined);
+	// Logged in but missing email or login
+	const accountNotFinalized = $derived(isLoggedIn && (!userEmail || !userLogin));
+	let currentPathName = $state<string>(location.pathname);
+
+	// Keep track of the current path name to avoid redirect loops
+	afterNavigate((navigation) => {
+		currentPathName = navigation.to?.url.pathname || '';
+	});
+
+	// If the user account is not finalized, redirect to the finalization page
+	$effect(() => {
+		if (accountNotFinalized && currentPathName !== routesService.finalizeAccountPath()) {
+			goto(routesService.finalizeAccountPath());
+		}
+	});
+</script>

From 54c96b80508b162347cc8a402b7fb4ee07300a7d Mon Sep 17 00:00:00 2001
From: estib <stron@me.com>
Date: Mon, 16 Jun 2025 17:29:33 +0200
Subject: [PATCH 3/8] feat(web): update Navigation/Header for new login/signup

Refactor navigation components for new login/signup flow:
- Navigation now uses webRoutes for login/signup links instead of direct link logic.
- Remove old env-based login redirect logic from Navigation.
- Home Header shows login/signup via webRoutes.
---
 apps/web/src/lib/components/Navigation.svelte     | 15 +++++++--------
 .../src/routes/(home)/components/Header.svelte    | 15 ++++-----------
 2 files changed, 11 insertions(+), 19 deletions(-)

diff --git a/apps/web/src/lib/components/Navigation.svelte b/apps/web/src/lib/components/Navigation.svelte
index 4ede786c6c..584216961f 100644
--- a/apps/web/src/lib/components/Navigation.svelte
+++ b/apps/web/src/lib/components/Navigation.svelte
@@ -7,7 +7,6 @@
 	import { inject } from '@gitbutler/shared/context';
 	import { WEB_ROUTES_SERVICE } from '@gitbutler/shared/routing/webRoutes.svelte';
 	import { Button, ContextMenu, ContextMenuItem, ContextMenuSection, Icon } from '@gitbutler/ui';
-
 	import { env } from '$env/dynamic/public';
 
 	const authService = inject(AUTH_SERVICE);
@@ -21,13 +20,9 @@
 	let ctxUserTriggerButton = $state<HTMLButtonElement | undefined>();
 	let isCtxMenuOpen = $state(false);
 
-	function login() {
-		window.location.href = `${env.PUBLIC_APP_HOST}cloud/login?callback=${window.location.href}`;
-	}
-
 	function logout() {
 		authService.clearToken();
-		window.location.href = `${env.PUBLIC_APP_HOST}cloud/logout?returnTo=${window.location.href}`;
+		window.location.href = `${env.PUBLIC_APP_HOST}cloud/logout`;
 	}
 </script>
 
@@ -79,8 +74,12 @@
 			>
 		{:else}
 			<div class="login-signup-wrap">
-				<Button kind="outline" onclick={login}>Join GitButler</Button>
-				<Button style="pop" icon="signin" onclick={login}>Log in</Button>
+				<a href={routes.signupPath()}>
+					<Button kind="outline">Join GitButler</Button>
+				</a>
+				<a href={routes.loginPath()} title="Log in" aria-label="Log in">
+					<Button style="pop" icon="signin">Log in</Button>
+				</a>
 			</div>
 		{/if}
 	</div>
diff --git a/apps/web/src/routes/(home)/components/Header.svelte b/apps/web/src/routes/(home)/components/Header.svelte
index eaf8c07efc..5603bfae82 100644
--- a/apps/web/src/routes/(home)/components/Header.svelte
+++ b/apps/web/src/routes/(home)/components/Header.svelte
@@ -4,8 +4,8 @@
 	import * as jsonLinks from '$home/data/links.json';
 	import { AUTH_SERVICE } from '$lib/auth/authService.svelte';
 	import { inject } from '@gitbutler/shared/context';
+	import { WEB_ROUTES_SERVICE } from '@gitbutler/shared/routing/webRoutes.svelte';
 	import { fly } from 'svelte/transition';
-	import { env } from '$env/dynamic/public';
 
 	let isMobileMenuOpen = $state(false);
 
@@ -14,6 +14,7 @@
 	}
 
 	const authService = inject(AUTH_SERVICE);
+	const routes = inject(WEB_ROUTES_SERVICE);
 	let token = $derived(authService.tokenReadable);
 </script>
 
@@ -115,11 +116,7 @@
 			{#if $token}
 				<HeaderLink label="My Dashboard" href="/" icon="dashboard" />
 			{:else}
-				<HeaderLink
-					label="Sign up / Log in"
-					href={`${env.PUBLIC_APP_HOST}cloud/login?callback=${window.location.href}`}
-					icon="login"
-				/>
+				<HeaderLink label="Sign up / Log in" href={routes.loginPath()} icon="login" />
 			{/if}
 		</section>
 	</nav>
@@ -171,11 +168,7 @@
 					{#if $token}
 						<HeaderMobileLink label="My Dashboard" href="/" icon="dashboard" />
 					{:else}
-						<HeaderMobileLink
-							label="Sign up / Log in"
-							href={`${env.PUBLIC_APP_HOST}cloud/login?callback=${window.location.href}`}
-							icon="login"
-						/>
+						<HeaderMobileLink label="Sign up / Log in" href={routes.loginPath()} icon="login" />
 					{/if}
 				</section>
 			</nav>

From 17185ca5bf2c3cba952135768e11a3304873c673 Mon Sep 17 00:00:00 2001
From: estib <stron@me.com>
Date: Mon, 16 Jun 2025 17:29:33 +0200
Subject: [PATCH 4/8] refactor(web): update layout for new authentication state
 and redirects

Update the app layout:
- Provide the LoginService for downstream components.
- Integrate RedirectIfNotFinalized component at the top-level.
- Only show Navigation if not on commit/login/signup page.
---
 apps/web/src/routes/(app)/+layout.svelte | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/apps/web/src/routes/(app)/+layout.svelte b/apps/web/src/routes/(app)/+layout.svelte
index 7564e8f532..a49663c902 100644
--- a/apps/web/src/routes/(app)/+layout.svelte
+++ b/apps/web/src/routes/(app)/+layout.svelte
@@ -2,6 +2,7 @@
 	import '$lib/styles/global.css';
 	import { page } from '$app/state';
 	import { ButlerAIClient, BUTLER_AI_CLIENT } from '$lib/ai/service';
+	import RedirectIfNotFinalized from '$lib/auth/RedirectIfNotFinalized.svelte';
 	import { AUTH_SERVICE } from '$lib/auth/authService.svelte';
 	import Footer from '$lib/components/Footer.svelte';
 	import Navigation from '$lib/components/Navigation.svelte';
@@ -20,6 +21,7 @@
 	} from '@gitbutler/shared/chat/chatChannelsService';
 	import { inject, provide } from '@gitbutler/shared/context';
 	import { FeedService, FEED_SERVICE } from '@gitbutler/shared/feeds/service';
+	import LoginService, { LOGIN_SERVICE } from '@gitbutler/shared/login/loginService';
 	import { HttpClient, HTTP_CLIENT } from '@gitbutler/shared/network/httpClient';
 	import {
 		OrganizationService,
@@ -71,6 +73,9 @@
 	const httpClient = new HttpClient(window.fetch, env.PUBLIC_APP_HOST, authService.tokenReadable);
 	provide(HTTP_CLIENT, httpClient);
 
+	const loginService = new LoginService(httpClient);
+	provide(LOGIN_SERVICE, loginService);
+
 	const aiService = new ButlerAIClient(httpClient);
 	provide(BUTLER_AI_CLIENT, aiService);
 
@@ -142,10 +147,15 @@
 	provide(RULES_SERVICE, rulesService);
 
 	const isCommitPage = $derived(page.url.pathname.includes('/commit/'));
+	const isLoginPage = $derived(page.url.pathname.includes('/login'));
+	const isSignupPage = $derived(page.url.pathname.includes('/signup'));
+	const hasNavigation = $derived(!isCommitPage && !isLoginPage && !isSignupPage);
 </script>
 
+<RedirectIfNotFinalized />
+
 <div class="app">
-	{#if !isCommitPage}
+	{#if hasNavigation}
 		<Navigation />
 	{/if}
 

From 11b3f664915fb2e73ddb9bb1130ac7195abee699 Mon Sep 17 00:00:00 2001
From: estib <stron@me.com>
Date: Wed, 30 Jul 2025 12:22:26 +0200
Subject: [PATCH 5/8] feat(web): show logged out view in main app page

Show a logged out friendly message and prompt if user is not logged in. Previously checked for recent projects regardless of login state.
---
 apps/web/src/routes/(app)/+page.svelte | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/apps/web/src/routes/(app)/+page.svelte b/apps/web/src/routes/(app)/+page.svelte
index 0e3cff6880..2100deab63 100644
--- a/apps/web/src/routes/(app)/+page.svelte
+++ b/apps/web/src/routes/(app)/+page.svelte
@@ -1,13 +1,22 @@
 <script lang="ts">
 	import { goto } from '$app/navigation';
+	import { AUTH_SERVICE } from '$lib/auth/authService.svelte';
 	import DashboardLayout from '$lib/components/dashboard/DashboardLayout.svelte';
+	import { USER_SERVICE } from '$lib/user/userService';
 	import { inject } from '@gitbutler/shared/context';
 	import { isFound } from '@gitbutler/shared/network/loadable';
 	import { getRecentlyPushedProjects } from '@gitbutler/shared/organizations/projectsPreview.svelte';
 	import { WEB_ROUTES_SERVICE } from '@gitbutler/shared/routing/webRoutes.svelte';
 	import { Button } from '@gitbutler/ui';
 
+	const authService = inject(AUTH_SERVICE);
+	const persistedToken = authService.token;
+
 	const routes = inject(WEB_ROUTES_SERVICE);
+	const userService = inject(USER_SERVICE);
+	const user = userService.user;
+
+	const loggedIn = $derived($user !== undefined);
 	const recentProjects = getRecentlyPushedProjects();
 	let hasRecentProjects = $state(false);
 
@@ -25,9 +34,18 @@
 			}
 		}
 	});
+
+	$effect(() => {
+		if (!loggedIn && persistedToken.current) {
+			// Clear any stale tokens if the user is not logged in
+			authService.clearToken();
+		}
+	});
 </script>
 
-{#if hasRecentProjects}
+{#if !loggedIn}
+	<p>Loading...</p>
+{:else if hasRecentProjects}
 	<DashboardLayout>
 		<p>You have no recent projects!</p>
 	</DashboardLayout>

From d0fbd1cd9c37126bfecd5f6422d63d7e301c2f92 Mon Sep 17 00:00:00 2001
From: estib <stron@me.com>
Date: Wed, 30 Jul 2025 12:22:59 +0200
Subject: [PATCH 6/8] fix(web): check for logged in user by USER_SERVICE, not
 token

Update project reviews and rules pages to check for logged-in user by USER_SERVICE and redirect home if not logged in, rather than by auth token.

Also add refreshUser method to userService.ts to refresh user state and handle errors.
---
 apps/web/src/lib/user/userService.ts                   | 10 ++++++++++
 .../[ownerSlug]/[projectSlug]/reviews/+page.svelte     |  9 +++++----
 .../src/routes/(app)/[ownerSlug]/rules/+page.svelte    |  9 +++++----
 3 files changed, 20 insertions(+), 8 deletions(-)

diff --git a/apps/web/src/lib/user/userService.ts b/apps/web/src/lib/user/userService.ts
index a19b4ec198..b3923de15c 100644
--- a/apps/web/src/lib/user/userService.ts
+++ b/apps/web/src/lib/user/userService.ts
@@ -73,6 +73,16 @@ export class UserService {
 		return user;
 	}
 
+	async refreshUser() {
+		try {
+			const user = await this.fetchUser();
+			this.user.set(user);
+			this.error.set(undefined);
+		} catch (error) {
+			this.error.set(error);
+		}
+	}
+
 	clearUser() {
 		this.user.set(undefined);
 	}
diff --git a/apps/web/src/routes/(app)/[ownerSlug]/[projectSlug]/reviews/+page.svelte b/apps/web/src/routes/(app)/[ownerSlug]/[projectSlug]/reviews/+page.svelte
index c601423c37..15b1e0a2cd 100644
--- a/apps/web/src/routes/(app)/[ownerSlug]/[projectSlug]/reviews/+page.svelte
+++ b/apps/web/src/routes/(app)/[ownerSlug]/[projectSlug]/reviews/+page.svelte
@@ -1,9 +1,9 @@
 <script lang="ts">
 	import { goto } from '$app/navigation';
-	import { AUTH_SERVICE } from '$lib/auth/authService.svelte';
 	import BranchIndexCard from '$lib/components/branches/BranchIndexCard.svelte';
 	import DashboardLayout from '$lib/components/dashboard/DashboardLayout.svelte';
 	import Table from '$lib/components/table/Table.svelte';
+	import { USER_SERVICE } from '$lib/user/userService';
 	import { getBranchReviewsForRepository } from '@gitbutler/shared/branches/branchesPreview.svelte';
 	import { BranchStatus } from '@gitbutler/shared/branches/types';
 	import { inject } from '@gitbutler/shared/context';
@@ -14,12 +14,13 @@
 	import { Button, Select, SelectItem } from '@gitbutler/ui';
 
 	// Get authentication service and check if user is logged in
-	const authService = inject(AUTH_SERVICE);
 	const routes = inject(WEB_ROUTES_SERVICE);
+	const userService = inject(USER_SERVICE);
+	const user = userService.user;
 
-	// If there is no token (user not logged in), redirect to home
+	// If there is no user (user not logged in), redirect to home
 	$effect(() => {
-		if (!authService.token.current) {
+		if ($user === undefined) {
 			goto(routes.homePath());
 		}
 	});
diff --git a/apps/web/src/routes/(app)/[ownerSlug]/rules/+page.svelte b/apps/web/src/routes/(app)/[ownerSlug]/rules/+page.svelte
index ac9c41f9bb..ce0d87066a 100644
--- a/apps/web/src/routes/(app)/[ownerSlug]/rules/+page.svelte
+++ b/apps/web/src/routes/(app)/[ownerSlug]/rules/+page.svelte
@@ -1,6 +1,6 @@
 <script lang="ts">
 	import { goto } from '$app/navigation';
-	import { AUTH_SERVICE } from '$lib/auth/authService.svelte';
+	import { USER_SERVICE } from '$lib/user/userService';
 	import { eventTimeStamp } from '@gitbutler/shared/branches/utils';
 	import { inject } from '@gitbutler/shared/context';
 	import Loading from '@gitbutler/shared/network/Loading.svelte';
@@ -11,12 +11,13 @@
 	import type { Rule } from '@gitbutler/shared/rules/types';
 
 	// Get authentication service and check if user is logged in
-	const authService = inject(AUTH_SERVICE);
 	const routes = inject(WEB_ROUTES_SERVICE);
+	const userService = inject(USER_SERVICE);
+	const user = userService.user;
 
-	// If there is no token (user not logged in), redirect to home
+	// If there is no user (user not logged in), redirect to home
 	$effect(() => {
-		if (!authService.token.current) {
+		if ($user === undefined) {
 			goto(routes.homePath());
 		}
 	});

From 09f22e7e26f651704944ee0bcf5f59a0426911ca Mon Sep 17 00:00:00 2001
From: estib <stron@me.com>
Date: Wed, 30 Jul 2025 12:22:38 +0200
Subject: [PATCH 7/8] feat(web): add all new auth/user pages

Add all new authentication/user-related pages. This commit includes:
- Svelte-based login page
- Finalize account page
- Signup page
- Resend confirmation email page
- Password reset start and confirmation pages
Each page handles its specific logic, error display, and integrates with LoginService or the OAuth buttons as required. Navigation links, redirects, and user states are managed according to the new auth flow.
---
 apps/web/src/routes/(app)/login/+page.svelte  | 210 +++++++++++++++++
 .../(app)/login/confirm-password/+page.svelte | 177 ++++++++++++++
 .../(app)/login/reset-password/+page.svelte   | 153 +++++++++++++
 .../web/src/routes/(app)/profile/+page.svelte |   7 +-
 .../(app)/profile/finalize/+page.svelte       | 215 ++++++++++++++++++
 apps/web/src/routes/(app)/signup/+page.svelte | 195 ++++++++++++++++
 .../signup/resend-confirmation/+page.svelte   | 175 ++++++++++++++
 7 files changed, 1126 insertions(+), 6 deletions(-)
 create mode 100644 apps/web/src/routes/(app)/login/+page.svelte
 create mode 100644 apps/web/src/routes/(app)/login/confirm-password/+page.svelte
 create mode 100644 apps/web/src/routes/(app)/login/reset-password/+page.svelte
 create mode 100644 apps/web/src/routes/(app)/profile/finalize/+page.svelte
 create mode 100644 apps/web/src/routes/(app)/signup/+page.svelte
 create mode 100644 apps/web/src/routes/(app)/signup/resend-confirmation/+page.svelte

diff --git a/apps/web/src/routes/(app)/login/+page.svelte b/apps/web/src/routes/(app)/login/+page.svelte
new file mode 100644
index 0000000000..7f0222eb96
--- /dev/null
+++ b/apps/web/src/routes/(app)/login/+page.svelte
@@ -0,0 +1,210 @@
+<script lang="ts">
+	import RedirectIfLoggedIn from '$lib/auth/RedirectIfLoggedIn.svelte';
+	import { AUTH_SERVICE } from '$lib/auth/authService.svelte';
+	import GitHubButton from '$lib/components/login/GitHubButton.svelte';
+	import GoogleButton from '$lib/components/login/GoogleButton.svelte';
+	import { inject } from '@gitbutler/shared/context';
+	import { LOGIN_SERVICE } from '@gitbutler/shared/login/loginService';
+	import { WEB_ROUTES_SERVICE } from '@gitbutler/shared/routing/webRoutes.svelte';
+	import { Button, SectionCard } from '@gitbutler/ui';
+	import { env } from '$env/dynamic/public';
+
+	let email = $state<string>();
+	let password = $state<string>();
+
+	let error = $state<string>();
+	let errorCode = $state<string>();
+
+	const loginService = inject(LOGIN_SERVICE);
+	const routesService = inject(WEB_ROUTES_SERVICE);
+	const authService = inject(AUTH_SERVICE);
+
+	async function handleSubmit(event: Event) {
+		event.preventDefault();
+		if (!email || !password) {
+			console.error('Email and password are required');
+			return;
+		}
+
+		const response = await loginService.loginWithEmail(email, password);
+
+		if (response.type === 'error') {
+			error = response.errorMessage;
+			errorCode = response.errorCode;
+			console.error('Login failed:', response.raw ?? response.errorMessage);
+		} else {
+			const token = response.data;
+			authService.setToken(token);
+			window.location.href = `${env.PUBLIC_APP_HOST}successful_login?access_token=${token}`;
+		}
+	}
+
+	async function resendConfirmationEmail() {
+		if (!email) {
+			error = 'Please enter your email to resend the confirmation email.';
+			return;
+		}
+		const response = await loginService.resendConfirmationEmail(email);
+		if (response.type === 'error') {
+			error = response.errorMessage;
+			errorCode = response.errorCode;
+			console.error('Failed to resend confirmation email:', response.raw ?? response.errorMessage);
+		} else {
+			error = 'Confirmation email resent. Please check your inbox.';
+		}
+	}
+</script>
+
+<svelte:head>
+	<title>GitButler | Login</title>
+</svelte:head>
+
+<RedirectIfLoggedIn />
+
+<div class="main-links">
+	<a href={routesService.homePath()} class="logo" aria-label="main nav" title="Home">
+		<svg width="23" height="22" viewBox="0 0 23 22" fill="none" xmlns="http://www.w3.org/2000/svg">
+			<path d="M0 22V0L11.4819 9.63333L23 0V22L11.4819 12.4L0 22Z" fill="var(--clr-text-1)" />
+		</svg>
+	</a>
+</div>
+
+<form onsubmit={handleSubmit} class="login-form">
+	<div class="login-form__content">
+		<SectionCard>
+			<div class="field">
+				<label for="email">Email</label>
+				<input id="email" type="email" bind:value={email} required />
+			</div>
+			<div class="field">
+				<label for="password">Password</label>
+				<input id="password" type="password" bind:value={password} required />
+			</div>
+		</SectionCard>
+
+		<div class="reset-password-link">
+			Or did you forget your password?
+			<br />
+			Wow. That sounds irresponsible.
+			<a href={routesService.resetPasswordPath()}>I mean... it's fine. Reset it</a>
+		</div>
+
+		<Button type="submit">Log in</Button>
+
+		<div class="signup-link">
+			Don't have an account?
+			<a href={routesService.signupPath()}>Sign up</a>
+		</div>
+
+		{#if error}
+			<div class="error-message">
+				<span>
+					{error}
+				</span>
+			</div>
+			{#if errorCode === 'email_not_verified'}
+				<span>
+					Please verify your email address before logging in. Check your inbox for a verification
+					email or
+				</span>
+				<Button
+					type="button"
+					onclick={resendConfirmationEmail}
+					disabled={!email}
+					tooltip={!email
+						? 'Please enter your email in the field above to resend the confirmation email.'
+						: 'Resend confirmation email'}
+				>
+					resend the confirmation email</Button
+				>
+			{/if}
+		{/if}
+
+		<SectionCard>
+			<GitHubButton />
+			<GoogleButton />
+		</SectionCard>
+	</div>
+</form>
+
+<style lang="postcss">
+	.main-links {
+		display: flex;
+		align-items: center;
+		margin-bottom: 16px;
+		overflow: hidden;
+		gap: 16px;
+	}
+
+	.logo {
+		display: flex;
+	}
+
+	.login-form__content {
+		display: flex;
+		flex-direction: column;
+		max-width: 400px;
+		margin: auto;
+		gap: 16px;
+	}
+
+	.field {
+		display: flex;
+		flex-direction: column;
+		gap: 4px;
+
+		label {
+			color: var(--clr-scale-ntrl-30);
+			font-size: 14px;
+		}
+
+		input {
+			padding: 8px 12px;
+			border: 1px solid var(--clr-border-2);
+			border-radius: var(--radius-m);
+			background-color: var(--clr-bg-1);
+			color: var(--clr-scale-ntrl-0);
+			font-size: 14px;
+
+			&:read-only {
+				cursor: not-allowed;
+				opacity: 0.7;
+			}
+
+			&:not(:read-only) {
+				&:focus {
+					border-color: var(--clr-scale-pop-70);
+					outline: none;
+				}
+			}
+		}
+	}
+
+	.error-message {
+		display: flex;
+		flex-direction: column;
+		padding: 8px;
+		gap: 8px;
+		border: 1px solid var(--clr-scale-err-60);
+		border-radius: var(--radius-m);
+
+		background-color: var(--clr-theme-err-bg-muted);
+		color: var(--clr-scale-err-10);
+		font-size: 14px;
+	}
+
+	.signup-link,
+	.reset-password-link {
+		display: flex;
+		flex-direction: column;
+		align-items: center;
+		justify-content: center;
+
+		gap: 4px;
+		font-size: 14px;
+
+		a {
+			text-decoration: underline;
+		}
+	}
+</style>
diff --git a/apps/web/src/routes/(app)/login/confirm-password/+page.svelte b/apps/web/src/routes/(app)/login/confirm-password/+page.svelte
new file mode 100644
index 0000000000..3ff7423003
--- /dev/null
+++ b/apps/web/src/routes/(app)/login/confirm-password/+page.svelte
@@ -0,0 +1,177 @@
+<script lang="ts">
+	import { page } from '$app/state';
+	import RedirectIfLoggedIn from '$lib/auth/RedirectIfLoggedIn.svelte';
+	import { AUTH_SERVICE } from '$lib/auth/authService.svelte';
+	import { inject } from '@gitbutler/shared/context';
+	import { LOGIN_SERVICE } from '@gitbutler/shared/login/loginService';
+	import { WEB_ROUTES_SERVICE } from '@gitbutler/shared/routing/webRoutes.svelte';
+	import { Button, SectionCard } from '@gitbutler/ui';
+	import { env } from '$env/dynamic/public';
+
+	const loginService = inject(LOGIN_SERVICE);
+	const routesService = inject(WEB_ROUTES_SERVICE);
+	const authService = inject(AUTH_SERVICE);
+
+	let password = $state<string>();
+	let passwordConfirmation = $state<string>();
+	let error = $state<string>();
+	let message = $state<string>();
+
+	const confirmationMatches = $derived(password === passwordConfirmation);
+
+	async function handleSubmit() {
+		const token = page.url.searchParams.get('t');
+
+		if (!token) {
+			error = 'Invalid or missing token';
+			// TODO: Probably redirect to the login page or show a more user-friendly error
+			return;
+		}
+
+		if (!confirmationMatches) {
+			error = 'Passwords do not match';
+			return;
+		}
+
+		if (!password || !passwordConfirmation) {
+			error = 'Password are required';
+			return;
+		}
+
+		const response = await loginService.confirmPasswordReset(token, password, passwordConfirmation);
+		if (response.type === 'error') {
+			error = response.errorMessage;
+			console.error('Confirm password failed:', response.raw ?? response.errorMessage);
+			message = '';
+			return;
+		}
+
+		error = undefined;
+		message = response.data.message;
+		authService.setToken(response.data.token);
+		window.location.href = `${env.PUBLIC_APP_HOST}successful_login?access_token=${token}`;
+	}
+</script>
+
+<svelte:head>
+	<title>GitButler | Confirm Password</title>
+</svelte:head>
+
+<RedirectIfLoggedIn />
+
+<div class="main-links">
+	<a href={routesService.homePath()} class="logo" aria-label="main nav" title="Home">
+		<svg width="23" height="22" viewBox="0 0 23 22" fill="none" xmlns="http://www.w3.org/2000/svg">
+			<path d="M0 22V0L11.4819 9.63333L23 0V22L11.4819 12.4L0 22Z" fill="var(--clr-text-1)" />
+		</svg>
+	</a>
+</div>
+
+<form onsubmit={handleSubmit} class="signin-form">
+	<div class="signup-form__content">
+		<SectionCard>
+			<div class="field">
+				<label for="password">Password</label>
+				<input
+					id="password"
+					type="password"
+					bind:value={password}
+					required
+					autocomplete="new-password"
+				/>
+			</div>
+			<div class="field">
+				<label for="passwordConfirmation">Password confirmation</label>
+				<input
+					id="passwordConfirmation"
+					type="password"
+					bind:value={passwordConfirmation}
+					required
+					autocomplete="new-password"
+				/>
+			</div>
+		</SectionCard>
+
+		<Button type="submit">Log in</Button>
+
+		{#if error}
+			<div class="error-message">{error}</div>
+		{/if}
+
+		{#if message}
+			<div class="message">{message}</div>
+		{/if}
+	</div>
+</form>
+
+<style lang="postcss">
+	.main-links {
+		display: flex;
+		align-items: center;
+		margin-bottom: 16px;
+		overflow: hidden;
+		gap: 16px;
+	}
+
+	.logo {
+		display: flex;
+	}
+
+	.signup-form__content {
+		display: flex;
+		flex-direction: column;
+		max-width: 400px;
+		margin: auto;
+		gap: 16px;
+	}
+
+	.field {
+		display: flex;
+		flex-direction: column;
+		gap: 4px;
+
+		label {
+			color: var(--clr-scale-ntrl-30);
+			font-size: 14px;
+		}
+
+		input {
+			padding: 8px 12px;
+			border: 1px solid var(--clr-border-2);
+			border-radius: var(--radius-m);
+			background-color: var(--clr-bg-1);
+			color: var(--clr-scale-ntrl-0);
+			font-size: 14px;
+
+			&:read-only {
+				cursor: not-allowed;
+				opacity: 0.7;
+			}
+
+			&:not(:read-only) {
+				&:focus {
+					border-color: var(--clr-scale-pop-70);
+					outline: none;
+				}
+			}
+		}
+	}
+
+	.error-message {
+		padding: 8px;
+		border: 1px solid var(--clr-scale-err-60);
+		border-radius: var(--radius-m);
+		background-color: var(--clr-theme-err-bg-muted);
+		color: var(--clr-scale-err-10);
+		font-size: 14px;
+	}
+
+	.message {
+		padding: 8px;
+		border: 1px solid var(--clr-scale-succ-60);
+		border-radius: var(--radius-m);
+		background-color: var(--clr-theme-succ-bg-muted);
+		color: var(--clr-scale-err-10);
+		font-size: 14px;
+	}
+</style>
diff --git a/apps/web/src/routes/(app)/login/reset-password/+page.svelte b/apps/web/src/routes/(app)/login/reset-password/+page.svelte
new file mode 100644
index 0000000000..308c4e00d2
--- /dev/null
+++ b/apps/web/src/routes/(app)/login/reset-password/+page.svelte
@@ -0,0 +1,153 @@
+<script lang="ts">
+	import RedirectIfLoggedIn from '$lib/auth/RedirectIfLoggedIn.svelte';
+	import { inject } from '@gitbutler/shared/context';
+	import { LOGIN_SERVICE } from '@gitbutler/shared/login/loginService';
+	import { WEB_ROUTES_SERVICE } from '@gitbutler/shared/routing/webRoutes.svelte';
+	import { Button, SectionCard } from '@gitbutler/ui';
+
+	const loginService = inject(LOGIN_SERVICE);
+	const routesService = inject(WEB_ROUTES_SERVICE);
+
+	let email = $state<string>();
+	let error = $state<string>();
+	let message = $state<string>();
+
+	async function handleSubmit() {
+		if (!email) {
+			error = 'Email is required';
+			return;
+		}
+
+		const response = await loginService.resetPassword(email);
+		if (response.type === 'error') {
+			error = response.errorMessage;
+			console.error('Reset password failed:', response.raw ?? response.errorMessage);
+		} else {
+			error = undefined;
+			message = response.data.message;
+		}
+	}
+</script>
+
+<svelte:head>
+	<title>GitButler | Login</title>
+</svelte:head>
+
+<RedirectIfLoggedIn />
+
+<div class="main-links">
+	<a href={routesService.homePath()} class="logo" aria-label="main nav" title="Home">
+		<svg width="23" height="22" viewBox="0 0 23 22" fill="none" xmlns="http://www.w3.org/2000/svg">
+			<path d="M0 22V0L11.4819 9.63333L23 0V22L11.4819 12.4L0 22Z" fill="var(--clr-text-1)" />
+		</svg>
+	</a>
+</div>
+
+<form onsubmit={handleSubmit} class="signin-form">
+	<div class="signup-form__content">
+		<SectionCard>
+			<div class="field">
+				<label for="email">Email</label>
+				<input id="email" type="email" bind:value={email} required />
+			</div>
+		</SectionCard>
+
+		<Button type="submit">Send password reset mail</Button>
+
+		<div class="login-link">
+			You rather just create a new account?
+			<a href={routesService.signupPath()}>Sound easier, I guess</a>
+		</div>
+
+		{#if error}
+			<div class="error-message">{error}</div>
+		{/if}
+
+		{#if message}
+			<div class="message">{message}</div>
+		{/if}
+	</div>
+</form>
+
+<style lang="postcss">
+	.main-links {
+		display: flex;
+		align-items: center;
+		margin-bottom: 16px;
+		overflow: hidden;
+		gap: 16px;
+	}
+
+	.logo {
+		display: flex;
+	}
+
+	.signup-form__content {
+		display: flex;
+		flex-direction: column;
+		max-width: 400px;
+		margin: auto;
+		gap: 16px;
+	}
+
+	.field {
+		display: flex;
+		flex-direction: column;
+		gap: 4px;
+
+		label {
+			color: var(--clr-scale-ntrl-30);
+			font-size: 14px;
+		}
+
+		input {
+			padding: 8px 12px;
+			border: 1px solid var(--clr-border-2);
+			border-radius: var(--radius-m);
+			background-color: var(--clr-bg-1);
+			color: var(--clr-scale-ntrl-0);
+			font-size: 14px;
+
+			&:read-only {
+				cursor: not-allowed;
+				opacity: 0.7;
+			}
+
+			&:not(:read-only) {
+				&:focus {
+					border-color: var(--clr-scale-pop-70);
+					outline: none;
+				}
+			}
+		}
+	}
+
+	.error-message {
+		padding: 8px;
+		border: 1px solid var(--clr-scale-err-60);
+		border-radius: var(--radius-m);
+		background-color: var(--clr-theme-err-bg-muted);
+		color: var(--clr-scale-err-10);
+		font-size: 14px;
+	}
+
+	.message {
+		padding: 8px;
+		border: 1px solid var(--clr-scale-succ-60);
+		border-radius: var(--radius-m);
+		background-color: var(--clr-theme-succ-bg-muted);
+		color: var(--clr-scale-err-10);
+		font-size: 14px;
+	}
+
+	.login-link {
+		display: flex;
+		justify-content: center;
+		gap: 4px;
+		font-size: 14px;
+
+		a {
+			text-decoration: underline;
+		}
+	}
+</style>
diff --git a/apps/web/src/routes/(app)/profile/+page.svelte b/apps/web/src/routes/(app)/profile/+page.svelte
index 4046ef458b..219e362291 100644
--- a/apps/web/src/routes/(app)/profile/+page.svelte
+++ b/apps/web/src/routes/(app)/profile/+page.svelte
@@ -232,12 +232,7 @@
 
 <div class="profile-page">
 	<div class="content">
-		{#if !$token}
-			<SectionCard>
-				<h1 class="title">Who this?</h1>
-				<p>Log into your butler account, create one or do whatever you please.</p>
-			</SectionCard>
-		{:else if !$user?.id}
+		{#if !$token || !$user?.id}
 			<p>Loading...</p>
 		{:else}
 			<h1 class="title">My Preferences</h1>
diff --git a/apps/web/src/routes/(app)/profile/finalize/+page.svelte b/apps/web/src/routes/(app)/profile/finalize/+page.svelte
new file mode 100644
index 0000000000..03ac9eefa9
--- /dev/null
+++ b/apps/web/src/routes/(app)/profile/finalize/+page.svelte
@@ -0,0 +1,215 @@
+<script lang="ts">
+	import { goto } from '$app/navigation';
+	import { AUTH_SERVICE } from '$lib/auth/authService.svelte';
+	import { USER_SERVICE } from '$lib/user/userService';
+	import { inject } from '@gitbutler/shared/context';
+	import { LOGIN_SERVICE } from '@gitbutler/shared/login/loginService';
+	import { WEB_ROUTES_SERVICE } from '@gitbutler/shared/routing/webRoutes.svelte';
+	import { Button, SectionCard } from '@gitbutler/ui';
+
+	const userService = inject(USER_SERVICE);
+	const loginService = inject(LOGIN_SERVICE);
+	const user = userService.user;
+	const isLoggedIn = $derived($user !== undefined);
+	const userEmail = $derived($user?.email);
+	const userLogin = $derived($user?.login);
+	const authService = inject(AUTH_SERVICE);
+	const token = authService.tokenReadable;
+
+	const isFinalized = $derived(isLoggedIn && userEmail && userLogin);
+	const routesService = inject(WEB_ROUTES_SERVICE);
+
+	let agreeToTerms = $state<boolean>(false);
+	let email = $state<string>();
+	let username = $state<string>();
+
+	let error = $state<string>();
+	let message = $state<string>();
+	const effectiveEmail = $derived(email ?? userEmail);
+	const effectiveUsername = $derived(username ?? userLogin);
+	const canSubmit = $derived(agreeToTerms && !!effectiveEmail && !!effectiveUsername);
+
+	async function handleSubmit(event: Event) {
+		event.preventDefault();
+		if (!$token) {
+			// should not happen
+			error = 'You must be logged in to finalize your account.';
+			return;
+		}
+
+		if (!effectiveEmail) {
+			error = 'Email is required.';
+			return;
+		}
+
+		if (!effectiveUsername) {
+			error = 'Username is required.';
+			return;
+		}
+
+		if (!agreeToTerms) {
+			error = 'You must agree to the terms and conditions.';
+			return;
+		}
+
+		const response = await loginService.finalizeAccount($token, effectiveEmail, effectiveUsername);
+		if (response.type === 'error') {
+			error = response.errorMessage;
+			console.error('Finalize account failed:', response.raw ?? response.errorMessage);
+			return;
+		}
+
+		error = undefined;
+		message = response.data.message;
+		await userService.refreshUser();
+	}
+
+	$effect(() => {
+		if (!isLoggedIn) {
+			goto(routesService.loginPath());
+		} else if (isFinalized) {
+			goto(routesService.homePath());
+		}
+	});
+</script>
+
+<svelte:head>
+	<title>GitButler | Login</title>
+</svelte:head>
+
+<form onsubmit={handleSubmit} class="finalize-form">
+	<div class="finalize-form__content">
+		<SectionCard>
+			{#if !userLogin}
+				<div class="field">
+					<label for="username">Username</label>
+					<input id="username" type="text" bind:value={username} required />
+				</div>
+			{/if}
+			{#if !userEmail}
+				<div class="field">
+					<label for="email">Email</label>
+					<input id="email" type="email" bind:value={email} required />
+				</div>
+			{/if}
+		</SectionCard>
+		<div class="terms">
+			<label for="comments" class="text-13">Terms and Conditions Agreement</label>
+			<div class="terms-checkbox">
+				<input
+					id="terms"
+					name="terms"
+					type="checkbox"
+					value={agreeToTerms}
+					onchange={(e) => (agreeToTerms = e.currentTarget.checked)}
+				/>
+				<p class="text-12">
+					I agree to GitButler's
+					<a
+						href="https://app.termly.io/document/terms-and-conditions/7924c71d-80bb-4444-9381-947237b9fc0f"
+						>Terms and Conditions</a
+					>
+					and
+					<a
+						href="https://app.termly.io/document/privacy-policy/a001c8b7-505b-4eab-81e3-fcd1c72bdd79"
+						>Privacy Policy</a
+					>
+				</p>
+			</div>
+		</div>
+
+		<Button style="pop" type="submit" disabled={!canSubmit}>🔥FINISH IT🔥</Button>
+
+		{#if error}
+			<div class="error-message">
+				<span>
+					{error}
+				</span>
+			</div>
+		{/if}
+
+		{#if message}
+			<div class="message">{message}</div>
+		{/if}
+	</div>
+</form>
+
+<style lang="postcss">
+	.finalize-form__content {
+		display: flex;
+		flex-direction: column;
+		max-width: 400px;
+		margin: auto;
+		gap: 16px;
+	}
+
+	.field {
+		display: flex;
+		flex-direction: column;
+		gap: 4px;
+
+		label {
+			color: var(--clr-scale-ntrl-30);
+			font-size: 14px;
+		}
+
+		input {
+			padding: 8px 12px;
+			border: 1px solid var(--clr-border-2);
+			border-radius: var(--radius-m);
+			background-color: var(--clr-bg-1);
+			color: var(--clr-scale-ntrl-0);
+			font-size: 14px;
+
+			&:read-only {
+				cursor: not-allowed;
+				opacity: 0.7;
+			}
+
+			&:not(:read-only) {
+				&:focus {
+					border-color: var(--clr-scale-pop-70);
+					outline: none;
+				}
+			}
+		}
+	}
+
+	.terms {
+		display: flex;
+		flex-direction: column;
+		padding: 4px;
+		gap: 8px;
+	}
+
+	.terms-checkbox {
+		display: flex;
+		align-items: center;
+		gap: 8px;
+		& a {
+			text-decoration: underline;
+		}
+	}
+
+	.error-message {
+		display: flex;
+		flex-direction: column;
+		padding: 8px;
+		gap: 8px;
+		border: 1px solid var(--clr-scale-err-60);
+		border-radius: var(--radius-m);
+
+		background-color: var(--clr-theme-err-bg-muted);
+		color: var(--clr-scale-err-10);
+		font-size: 14px;
+	}
+
+	.message {
+		padding: 8px;
+		border: 1px solid var(--clr-scale-succ-60);
+		border-radius: var(--radius-m);
+		background-color: var(--clr-theme-succ-bg-muted);
+		color: var(--clr-scale-err-10);
+		font-size: 14px;
+	}
+</style>
diff --git a/apps/web/src/routes/(app)/signup/+page.svelte b/apps/web/src/routes/(app)/signup/+page.svelte
new file mode 100644
index 0000000000..d7ae5eb3ed
--- /dev/null
+++ b/apps/web/src/routes/(app)/signup/+page.svelte
@@ -0,0 +1,195 @@
+<script lang="ts">
+	import RedirectIfLoggedIn from '$lib/auth/RedirectIfLoggedIn.svelte';
+	import GitHubButton from '$lib/components/login/GitHubButton.svelte';
+	import GoogleButton from '$lib/components/login/GoogleButton.svelte';
+	import { inject } from '@gitbutler/shared/context';
+	import { LOGIN_SERVICE } from '@gitbutler/shared/login/loginService';
+	import { WEB_ROUTES_SERVICE } from '@gitbutler/shared/routing/webRoutes.svelte';
+	import { Button, SectionCard } from '@gitbutler/ui';
+
+	let email = $state<string>();
+	let password = $state<string>();
+	let passwordConfirmation = $state<string>();
+	let error = $state<string>();
+	let message = $state<string>();
+
+	const passwordsMatch = $derived(password === passwordConfirmation);
+
+	const loginService = inject(LOGIN_SERVICE);
+	const routesService = inject(WEB_ROUTES_SERVICE);
+
+	async function handleSubmit(event: Event) {
+		event.preventDefault();
+		if (!email || !password || !passwordConfirmation) {
+			error = 'Email and password are required';
+			return;
+		}
+
+		if (!passwordsMatch) {
+			error = 'Passwords do not match';
+			return;
+		}
+
+		const response = await loginService.createAccountWithEmail(
+			email,
+			password,
+			passwordConfirmation
+		);
+
+		if (response.type === 'error') {
+			error = response.errorMessage;
+			console.error('Login failed:', response.raw ?? response.errorMessage);
+		} else {
+			error = undefined;
+			message = response.data.message;
+		}
+	}
+</script>
+
+<svelte:head>
+	<title>GitButler | Sign Up</title>
+</svelte:head>
+
+<RedirectIfLoggedIn />
+
+<div class="main-links">
+	<a href={routesService.homePath()} class="logo" aria-label="main nav" title="Home">
+		<svg width="23" height="22" viewBox="0 0 23 22" fill="none" xmlns="http://www.w3.org/2000/svg">
+			<path d="M0 22V0L11.4819 9.63333L23 0V22L11.4819 12.4L0 22Z" fill="var(--clr-text-1)" />
+		</svg>
+	</a>
+</div>
+
+<form onsubmit={handleSubmit} class="signin-form">
+	<div class="signup-form__content">
+		<SectionCard>
+			<div class="field">
+				<label for="email">Email</label>
+				<input id="email" type="email" bind:value={email} required />
+			</div>
+			<div class="field">
+				<label for="password">Password</label>
+				<input
+					id="password"
+					type="password"
+					bind:value={password}
+					required
+					autocomplete="new-password"
+				/>
+			</div>
+			<div class="field">
+				<label for="passwordConfirmation">Password confirmation</label>
+				<input
+					id="passwordConfirmation"
+					type="password"
+					bind:value={passwordConfirmation}
+					required
+					autocomplete="new-password"
+				/>
+			</div>
+		</SectionCard>
+
+		<Button type="submit">Create account</Button>
+
+		<div class="login-link">
+			Already have an account?
+			<a href={routesService.loginPath()}>Log in</a>
+		</div>
+
+		{#if error}
+			<div class="error-message">{error}</div>
+		{/if}
+
+		{#if message}
+			<div class="message">{message}</div>
+		{/if}
+
+		<SectionCard>
+			<GitHubButton />
+			<GoogleButton />
+		</SectionCard>
+	</div>
+</form>
+
+<style lang="postcss">
+	.main-links {
+		display: flex;
+		align-items: center;
+		margin-bottom: 16px;
+		overflow: hidden;
+		gap: 16px;
+	}
+
+	.logo {
+		display: flex;
+	}
+
+	.signup-form__content {
+		display: flex;
+		flex-direction: column;
+		max-width: 400px;
+		margin: auto;
+		gap: 16px;
+	}
+
+	.field {
+		display: flex;
+		flex-direction: column;
+		gap: 4px;
+
+		label {
+			color: var(--clr-scale-ntrl-30);
+			font-size: 14px;
+		}
+
+		input {
+			padding: 8px 12px;
+			border: 1px solid var(--clr-border-2);
+			border-radius: var(--radius-m);
+			background-color: var(--clr-bg-1);
+			color: var(--clr-scale-ntrl-0);
+			font-size: 14px;
+
+			&:read-only {
+				cursor: not-allowed;
+				opacity: 0.7;
+			}
+
+			&:not(:read-only) {
+				&:focus {
+					border-color: var(--clr-scale-pop-70);
+					outline: none;
+				}
+			}
+		}
+	}
+
+	.error-message {
+		padding: 8px;
+		border: 1px solid var(--clr-scale-err-60);
+		border-radius: var(--radius-m);
+		background-color: var(--clr-theme-err-bg-muted);
+		color: var(--clr-scale-err-10);
+		font-size: 14px;
+	}
+
+	.message {
+		padding: 8px;
+		border: 1px solid var(--clr-scale-succ-60);
+		border-radius: var(--radius-m);
+		background-color: var(--clr-theme-succ-bg-muted);
+		color: var(--clr-scale-err-10);
+		font-size: 14px;
+	}
+
+	.login-link {
+		display: flex;
+		justify-content: center;
+		gap: 4px;
+		font-size: 14px;
+
+		a {
+			text-decoration: underline;
+		}
+	}
+</style>
diff --git a/apps/web/src/routes/(app)/signup/resend-confirmation/+page.svelte b/apps/web/src/routes/(app)/signup/resend-confirmation/+page.svelte
new file mode 100644
index 0000000000..bed40afabb
--- /dev/null
+++ b/apps/web/src/routes/(app)/signup/resend-confirmation/+page.svelte
@@ -0,0 +1,175 @@
+<script lang="ts">
+	import { page } from '$app/state';
+	import { inject } from '@gitbutler/shared/context';
+	import { LOGIN_SERVICE } from '@gitbutler/shared/login/loginService';
+	import { Button, SectionCard } from '@gitbutler/ui';
+
+	let error = $state<string>();
+	let notice = $state<string>();
+
+	const loginService = inject(LOGIN_SERVICE);
+
+	const email = $derived(page.url.searchParams.get('email'));
+	const messageCode = $derived(page.url.searchParams.get('message_code'));
+	const banner = $derived(
+		messageCode === 'invalid_or_expired_token'
+			? 'It seems that your confirmation token is invalid or has expired. Please try resending the confirmation email.'
+			: undefined
+	);
+
+	let inputEmail = $state<string>();
+
+	const emailToSendTo = $derived(inputEmail ?? email ?? undefined);
+
+	async function resendConfirmationEmail() {
+		if (!emailToSendTo) {
+			error = 'Please enter your email to resend the confirmation email.';
+			return;
+		}
+		const response = await loginService.resendConfirmationEmail(emailToSendTo);
+		if (response.type === 'error') {
+			error = response.errorMessage;
+			console.error('Failed to resend confirmation email:', response.raw ?? response.errorMessage);
+		} else {
+			notice = 'Confirmation email resent. Please check your inbox.';
+		}
+	}
+</script>
+
+<svelte:head>
+	<title>GitButler | Sign Up</title>
+</svelte:head>
+
+{#if banner}
+	<div class="banner">
+		<span>{banner}</span>
+	</div>
+{/if}
+
+<div class="resend-confirmation-email">
+	<SectionCard>
+		<h1 class="title">Resend Confirmation Email</h1>
+		{#if email}
+			<p>
+				We will send a confirmation email to <strong>{email}</strong>.
+			</p>
+		{:else}
+			<p>Please provide your email address to resend the confirmation email.</p>
+
+			<div class="field">
+				<label for="email">Email</label>
+				<input id="email" type="email" bind:value={inputEmail} required />
+			</div>
+		{/if}
+
+		<Button style="pop" disabled={!emailToSendTo} onclick={resendConfirmationEmail}
+			>Resend Confirmation Email</Button
+		>
+
+		{#if error}
+			<div class="error-message">
+				<span>
+					{error}
+				</span>
+			</div>
+		{/if}
+
+		{#if notice}
+			<div class="notice-message">
+				<span>
+					{notice}
+				</span>
+			</div>
+		{/if}
+	</SectionCard>
+</div>
+
+<style lang="postcss">
+	.banner {
+		display: flex;
+		align-items: center;
+		justify-content: center;
+		max-width: 400px;
+		margin: 0 auto;
+		margin-bottom: 16px;
+		padding: 16px;
+		border: var(--clr-scale-err-60) 1px solid;
+		border-radius: var(--radius-m);
+		background-color: var(--clr-theme-err-bg-muted);
+		color: var(--clr-scale-err-10);
+		font-size: 14px;
+	}
+
+	.resend-confirmation-email {
+		display: flex;
+		flex-direction: column;
+		max-width: 400px;
+		margin: 0 auto;
+		gap: 16px;
+	}
+
+	.title {
+		align-self: flex-start;
+		color: var(--clr-scale-ntrl-0);
+		font-weight: 600;
+		font-size: 24px;
+	}
+
+	.field {
+		display: flex;
+		flex-direction: column;
+		gap: 4px;
+
+		label {
+			color: var(--clr-scale-ntrl-30);
+			font-size: 14px;
+		}
+
+		input {
+			padding: 8px 12px;
+			border: 1px solid var(--clr-border-2);
+			border-radius: var(--radius-m);
+			background-color: var(--clr-bg-1);
+			color: var(--clr-scale-ntrl-0);
+			font-size: 14px;
+
+			&:read-only {
+				cursor: not-allowed;
+				opacity: 0.7;
+			}
+
+			&:not(:read-only) {
+				&:focus {
+					border-color: var(--clr-scale-pop-70);
+					outline: none;
+				}
+			}
+		}
+	}
+
+	.error-message {
+		display: flex;
+		flex-direction: column;
+		padding: 8px;
+		gap: 8px;
+		border: 1px solid var(--clr-scale-err-60);
+		border-radius: var(--radius-m);
+
+		background-color: var(--clr-theme-err-bg-muted);
+		color: var(--clr-scale-err-10);
+		font-size: 14px;
+	}
+
+	.notice-message {
+		display: flex;
+		flex-direction: column;
+		padding: 8px;
+		gap: 8px;
+		border: 1px solid var(--clr-scale-succ-60);
+		border-radius: var(--radius-m);
+
+		background-color: var(--clr-theme-succ-bg-muted);
+		color: var(--clr-scale-succ-10);
+		font-size: 14px;
+	}
+</style>

From a26bbfd9ce703cf99d896c98630b1ef74e7b051a Mon Sep 17 00:00:00 2001
From: estib <stron@me.com>
Date: Mon, 16 Jun 2025 17:29:33 +0200
Subject: [PATCH 8/8] refactor(web): update root layout for auth/login routes

Update root layout logic:
- Refactor authentication + token restore on navigation.
- Use webRoutes for logic around the home page for login state check, not just token.
---
 apps/web/src/routes/+layout.svelte | 21 ++++++++++-----------
 1 file changed, 10 insertions(+), 11 deletions(-)

diff --git a/apps/web/src/routes/+layout.svelte b/apps/web/src/routes/+layout.svelte
index 9c38201fe9..73713963b9 100644
--- a/apps/web/src/routes/+layout.svelte
+++ b/apps/web/src/routes/+layout.svelte
@@ -15,7 +15,6 @@
 	import { provide } from '@gitbutler/shared/context';
 	import { WebRoutesService, WEB_ROUTES_SERVICE } from '@gitbutler/shared/routing/webRoutes.svelte';
 	import { type Snippet } from 'svelte';
-	import { get } from 'svelte/store';
 	import '$lib/styles/global.css';
 
 	interface Props {
@@ -30,17 +29,17 @@
 	const authService = new AuthService();
 	provide(AUTH_SERVICE, authService);
 
-	let token = $state<string | null>();
+	const persistedToken = authService.token;
 
 	$effect(() => {
-		token = get(authService.tokenReadable) || page.url.searchParams.get('gb_access_token');
-		if (token) {
-			authService.setToken(token);
-
-			if (page.url.searchParams.has('gb_access_token')) {
-				page.url.searchParams.delete('gb_access_token');
-				goto(`?${page.url.searchParams.toString()}`);
+		if (page.url.searchParams.has('gb_access_token')) {
+			const token = page.url.searchParams.get('gb_access_token');
+			if (token && token !== persistedToken.current) {
+				authService.setToken(token);
 			}
+
+			page.url.searchParams.delete('gb_access_token');
+			goto(`?${page.url.searchParams.toString()}`);
 		}
 	});
 
@@ -49,7 +48,7 @@
 			window.location.href = jsonLinks.legal.privacyPolicy.url;
 		}
 
-		if (!token && page.route.id === '/(app)/home') {
+		if (!persistedToken.current && page.route.id === '/(app)/home') {
 			goto('/');
 		}
 	});
@@ -69,7 +68,7 @@
 	{/if}
 </svelte:head>
 
-{#if (page.route.id === '/(app)' && !token) || page.route.id === '/(app)/home'}
+{#if (page.route.id === '/(app)' && !persistedToken.current) || page.route.id === '/(app)/home'}
 	<section class="marketing-page">
 		<Header />
 		<Hero />