Merge Add hardware tier to signup and improve auth UX pull request #9 from mjunaidca/feat/signup-profile-ux-improvements

feat: Add hardware tier to signup and improve auth UX

Author: mjunaidca

auth-server/drizzle/0001_misty_toad_men.sql

@@ -0,0 +1 @@
+ALTER TABLE "user_profile" ADD COLUMN "hardware_tier" text;

auth-server/src/app/api/profile/route.ts

@@ -2,7 +2,7 @@ import { NextRequest, NextResponse } from "next/server";
 import { auth } from "@/lib/auth";
 import { headers } from "next/headers";
 import { db } from "@/lib/db";
-import { userProfile, SoftwareBackground } from "@/lib/db/schema";
+import { userProfile, user, SoftwareBackground, HardwareTier } from "@/lib/db/schema";
 import { eq } from "drizzle-orm";
 import { randomUUID } from "crypto";
 
@@ -35,6 +35,7 @@ export async function GET() {
       profile: profile
         ? {
             softwareBackground: profile.softwareBackground,
+            hardwareTier: profile.hardwareTier,
             createdAt: profile.createdAt,
             updatedAt: profile.updatedAt,
           }
@@ -52,19 +53,52 @@ export async function GET() {
 // POST /api/profile - Create user profile (called after signup)
 export async function POST(request: NextRequest) {
   try {
-    const session = await auth.api.getSession({
-      headers: await headers(),
-    });
-
-    if (!session) {
-      return NextResponse.json(
-        { error: "Unauthorized" },
-        { status: 401 }
-      );
-    }
-
     const body = await request.json();
-    const { softwareBackground } = body;
+    const { softwareBackground, hardwareTier, userId } = body;
+
+    let targetUserId: string;
+
+    // Allow creating profile during signup with userId (user not verified yet)
+    // OR with authenticated session (user is signed in)
+    if (userId) {
+      // Validate user exists and was created recently (within 5 minutes)
+      // This prevents abuse while allowing signup-time profile creation
+      const userRecord = await db.query.user.findFirst({
+        where: eq(user.id, userId),
+      });
+
+      if (!userRecord) {
+        return NextResponse.json(
+          { error: "User not found" },
+          { status: 404 }
+        );
+      }
+
+      // Check if user was created recently (within 5 minutes)
+      const fiveMinutesAgo = new Date(Date.now() - 5 * 60 * 1000);
+      if (userRecord.createdAt < fiveMinutesAgo) {
+        return NextResponse.json(
+          { error: "Profile creation window expired. Please sign in and update your profile." },
+          { status: 403 }
+        );
+      }
+
+      targetUserId = userId;
+    } else {
+      // Fallback to session-based authentication
+      const session = await auth.api.getSession({
+        headers: await headers(),
+      });
+
+      if (!session) {
+        return NextResponse.json(
+          { error: "Unauthorized. Provide userId for signup or sign in first." },
+          { status: 401 }
+        );
+      }
+
+      targetUserId = session.user.id;
+    }
 
     // Validate software background
     const validBackgrounds: SoftwareBackground[] = ["beginner", "intermediate", "advanced"];
@@ -75,9 +109,18 @@ export async function POST(request: NextRequest) {
       );
     }
 
+    // Validate hardware tier
+    const validTiers: HardwareTier[] = ["tier1", "tier2", "tier3", "tier4"];
+    if (!hardwareTier || !validTiers.includes(hardwareTier)) {
+      return NextResponse.json(
+        { error: "Invalid hardware tier. Must be: tier1, tier2, tier3, or tier4" },
+        { status: 400 }
+      );
+    }
+
     // Check if profile already exists
     const existingProfile = await db.query.userProfile.findFirst({
-      where: eq(userProfile.userId, session.user.id),
+      where: eq(userProfile.userId, targetUserId),
     });
 
     if (existingProfile) {
@@ -92,14 +135,16 @@ export async function POST(request: NextRequest) {
       .insert(userProfile)
       .values({
         id: randomUUID(),
-        userId: session.user.id,
+        userId: targetUserId,
         softwareBackground,
+        hardwareTier,
       })
       .returning();
 
     return NextResponse.json({
       profile: {
         softwareBackground: newProfile[0].softwareBackground,
+        hardwareTier: newProfile[0].hardwareTier,
         createdAt: newProfile[0].createdAt,
         updatedAt: newProfile[0].updatedAt,
       },
@@ -128,24 +173,41 @@ export async function PUT(request: NextRequest) {
     }
 
     const body = await request.json();
-    const { softwareBackground } = body;
+    const { softwareBackground, hardwareTier } = body;
+
+    // Validate software background (if provided)
+    if (softwareBackground) {
+      const validBackgrounds: SoftwareBackground[] = ["beginner", "intermediate", "advanced"];
+      if (!validBackgrounds.includes(softwareBackground)) {
+        return NextResponse.json(
+          { error: "Invalid software background. Must be: beginner, intermediate, or advanced" },
+          { status: 400 }
+        );
+      }
+    }
 
-    // Validate software background
-    const validBackgrounds: SoftwareBackground[] = ["beginner", "intermediate", "advanced"];
-    if (!validBackgrounds.includes(softwareBackground)) {
-      return NextResponse.json(
-        { error: "Invalid software background. Must be: beginner, intermediate, or advanced" },
-        { status: 400 }
-      );
+    // Validate hardware tier (if provided)
+    if (hardwareTier) {
+      const validTiers: HardwareTier[] = ["tier1", "tier2", "tier3", "tier4"];
+      if (!validTiers.includes(hardwareTier)) {
+        return NextResponse.json(
+          { error: "Invalid hardware tier. Must be: tier1, tier2, tier3, or tier4" },
+          { status: 400 }
+        );
+      }
     }
 
+    // Build update object with only provided fields
+    const updateData: { softwareBackground?: SoftwareBackground; hardwareTier?: HardwareTier; updatedAt: Date } = {
+      updatedAt: new Date(),
+    };
+    if (softwareBackground) updateData.softwareBackground = softwareBackground;
+    if (hardwareTier) updateData.hardwareTier = hardwareTier;
+
     // Update profile
     const updatedProfile = await db
       .update(userProfile)
-      .set({
-        softwareBackground,
-        updatedAt: new Date(),
-      })
+      .set(updateData)
       .where(eq(userProfile.userId, session.user.id))
       .returning();
 
@@ -159,6 +221,7 @@ export async function PUT(request: NextRequest) {
     return NextResponse.json({
       profile: {
         softwareBackground: updatedProfile[0].softwareBackground,
+        hardwareTier: updatedProfile[0].hardwareTier,
         createdAt: updatedProfile[0].createdAt,
         updatedAt: updatedProfile[0].updatedAt,
       },

auth-server/src/app/auth/layout.tsx

@@ -4,17 +4,50 @@ export default function AuthLayout({
   children: React.ReactNode;
 }) {
   return (
-    <div className="min-h-screen flex items-center justify-center py-12 px-4 sm:px-6 lg:px-8">
-      <div className="max-w-md w-full">
-        <div className="text-center mb-8">
-          <h1 className="text-3xl font-bold text-gray-900">RoboLearn</h1>
-          <p className="mt-2 text-sm text-gray-600">
+    <div className="min-h-screen flex items-center justify-center py-12 px-4 sm:px-6 lg:px-8 relative overflow-hidden">
+      {/* Animated background mesh */}
+      <div className="absolute inset-0 gradient-mesh opacity-60" />
+      
+      {/* Subtle grid pattern */}
+      <div 
+        className="absolute inset-0 opacity-[0.03]"
+        style={{
+          backgroundImage: `
+            linear-gradient(to right, #0f172a 1px, transparent 1px),
+            linear-gradient(to bottom, #0f172a 1px, transparent 1px)
+          `,
+          backgroundSize: '48px 48px'
+        }}
+      />
+
+      <div className="max-w-sm lg:max-w-md w-full relative z-10">
+        {/* Logo/Brand */}
+        <div className="text-center mb-10 animate-in slide-in-from-top">
+          <h1 className="text-4xl font-bold mb-2">
+            <span className="text-gradient">RoboLearn</span>
+          </h1>
+          <p className="text-sm text-slate-600 font-medium tracking-wide uppercase">
             Physical AI & Humanoid Robotics
           </p>
+          <div className="mt-3 flex items-center justify-center gap-2">
+            <div className="h-px w-12 bg-gradient-to-r from-transparent via-slate-300 to-transparent" />
+            <div className="w-1.5 h-1.5 rounded-full bg-indigo-500" />
+            <div className="h-px w-12 bg-gradient-to-r from-transparent via-slate-300 to-transparent" />
+          </div>
         </div>
-        <div className="bg-white py-8 px-6 shadow-lg rounded-xl">
+
+        {/* Form container with glass effect */}
+        <div className="glass-effect rounded-2xl shadow-2xl shadow-indigo-500/10 p-8 md:p-10 animate-in scale-in">
           {children}
         </div>
+
+        {/* Footer */}
+        <div className="mt-8 text-center animate-in slide-in-from-bottom">
+          <p className="text-xs text-slate-500">
+            Secure authentication powered by{' '}
+            <span className="font-medium text-slate-700">Better Auth</span>
+          </p>
+        </div>
       </div>
     </div>
   );

auth-server/src/app/auth/sign-in/page.tsx

@@ -1,21 +1,28 @@
 import { SignInForm } from "@/components/sign-in-form";
 import { Suspense } from "react";
+import { redirect } from "next/navigation";
+import { auth } from "@/lib/auth";
+import { headers } from "next/headers";
+
+export default async function SignInPage() {
+  // Redirect authenticated users away from sign-in page
+  const session = await auth.api.getSession({
+    headers: await headers(),
+  });
+
+  if (session) {
+    redirect("/");
+  }
 
-export default function SignInPage() {
   return (
-    <div>
-      <h2 className="text-2xl font-semibold text-gray-900 text-center mb-6">
-        Welcome back
-      </h2>
-      <Suspense
-        fallback={
-          <div className="flex items-center justify-center py-8">
-            <div className="animate-spin rounded-full h-8 w-8 border-b-2 border-blue-600"></div>
-          </div>
-        }
-      >
-        <SignInForm />
-      </Suspense>
-    </div>
+    <Suspense
+      fallback={
+        <div className="flex items-center justify-center py-8">
+          <div className="animate-spin rounded-full h-8 w-8 border-b-2 border-indigo-600"></div>
+        </div>
+      }
+    >
+      <SignInForm />
+    </Suspense>
   );
 }

auth-server/src/app/auth/sign-up/page.tsx

@@ -1,21 +1,28 @@
 import { SignUpForm } from "@/components/sign-up-form";
 import { Suspense } from "react";
+import { redirect } from "next/navigation";
+import { auth } from "@/lib/auth";
+import { headers } from "next/headers";
+
+export default async function SignUpPage() {
+  // Redirect authenticated users away from sign-up page
+  const session = await auth.api.getSession({
+    headers: await headers(),
+  });
+
+  if (session) {
+    redirect("/");
+  }
 
-export default function SignUpPage() {
   return (
-    <div>
-      <h2 className="text-2xl font-semibold text-gray-900 text-center mb-6">
-        Create your account
-      </h2>
-      <Suspense
-        fallback={
-          <div className="flex items-center justify-center py-8">
-            <div className="animate-spin rounded-full h-8 w-8 border-b-2 border-blue-600"></div>
-          </div>
-        }
-      >
-        <SignUpForm />
-      </Suspense>
-    </div>
+    <Suspense
+      fallback={
+        <div className="flex items-center justify-center py-8">
+          <div className="animate-spin rounded-full h-8 w-8 border-b-2 border-indigo-600"></div>
+        </div>
+      }
+    >
+      <SignUpForm />
+    </Suspense>
   );
 }