auth

[wtfdivyansh]

Summary by CodeRabbit

Release Notes

• New Features

  • Updated the sign-in and sign-up components to improve structure and organization.

• Bug Fixes

  • Ensured continued functionality of authentication and session management across endpoints.

• Refactor

  • Renamed components for consistency: SignIn to SignInComponent and SignUp to SignUpComponent.
  • Removed outdated layout and page components related to sign-in.

• Dependencies

  • Updated React and React DOM to the latest release candidate versions.
  • Removed unnecessary dependencies to streamline the project.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
plura-api	❌ Failed (Inspect)			Nov 10, 2024 1:50pm
plura-app	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Nov 10, 2024 1:50pm
plura-web	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Nov 10, 2024 1:50pm

[vercel]

@github-actions[bot] is attempting to deploy a commit to the BlueFinZ Team on Vercel.

A member of the Team first needs to authorize it.

[coderabbitai]

Walkthrough

The pull request introduces several modifications across multiple files in the API and web application components. Key changes include the adjustment of the OPTIONS handler's export status in route.ts, renaming of sign-in and sign-up components, and the removal of specific layout and page components. Additionally, updates to the package.json file reflect changes in dependencies, including the removal of certain packages and updates to react and react-dom versions. These changes collectively impact component structure and dependency management within the project.

Changes

File Path	Change Summary
apps/api/app/api/[[...route]]/route.ts	- Changed OPTIONS from an export to a local constant. - Updated export statement to include OPTIONS with other HTTP methods.
apps/www/app/(auth)/sign-in/page.tsx	- Renamed SignIn to SignInComponent and updated import path.
apps/www/app/(auth)/sign-up/page.tsx	- Renamed SignUp to SignUpComponent and updated import path.
apps/www/app/sign-in/[[...sign-in]]/layout.tsx	- Removed AppLayout component.
apps/www/app/sign-in/[[...sign-in]]/page.tsx	- Removed SignInPage component.
apps/www/components/custom/signinComponent.tsx	- Renamed export from SignIn to SignInComponent, with unchanged form schema and validation logic.
apps/www/components/custom/signupComponent.tsx	- Renamed export from SignUp to SignUpComponent, with unchanged form schema and submission logic.
apps/www/package.json	- Removed dependencies: @radix-ui/react-scroll-area, react-icons. - Updated react and react-dom to version 19.0.0-rc-02c0e824-20241028.

Possibly related PRs

• route error fix #18: The changes in this PR involve modifications to the route.ts file, which is directly related to the changes made in the main PR regarding the OPTIONS handler's export status in the same file.
• feat/(usage_page) #21: This PR introduces a new layout component and modifies routing, which may indirectly relate to the changes in the main PR as they both involve API routing and layout management.
• Feature/auth page #24: Although primarily focused on the .gitignore file, it also includes changes to the layout.tsx file, which may relate to the overall structure and routing of the application, similar to the changes in the main PR.

🐇 In the code we hop and play,
With components bright as day.
SignIn and SignUp, new names they wear,
Dependencies trimmed with utmost care.
Options now local, a change in sight,
Our app's a delight, oh what a flight! 🌟

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (10)

apps/www/app/(auth)/sign-in/page.tsx (1)

3-9: Add metadata for SEO and security.

Consider adding page metadata using Next.js metadata API to improve SEO and security for the authentication page.

Add the following metadata configuration:

export const metadata = {
  title: 'Sign In',
  description: 'Sign in to your account',
  robots: {
    index: false,
    follow: false,
  },
};

apps/www/app/(auth)/sign-up/page.tsx (1)

3-9: Consider using PascalCase for the page component name.

While the implementation is correct, consider renaming the default export function from page to SignUpPage to follow React component naming conventions.

-export default function page() {
+export default function SignUpPage() {
   return (
     <div className="w-full h-screen flex items-center justify-center">
       <SignUpComponent />
     </div>
   );
 }

apps/www/components/custom/signinComponent.tsx (3)

Line range hint 49-67: Improve form field labels and placeholders for better UX.

The current implementation has several UX issues:

1. Placeholders show "shadcn" which is not descriptive
2. Form labels are lowercase which doesn't follow conventional capitalization

Consider applying these improvements:

  <FormField
    control={form.control}
    name="email"
    render={({ field }) => (
      <FormItem>
-       <FormLabel>email</FormLabel>
+       <FormLabel>Email</FormLabel>
        <FormControl>
-         <Input placeholder="shadcn" {...field} />
+         <Input placeholder="Enter your email" {...field} />
        </FormControl>
        <FormMessage />
      </FormItem>
    )}
  />
  <FormField
    control={form.control}
    name="password"
    render={({ field }) => (
      <FormItem>
-       <FormLabel>password</FormLabel>
+       <FormLabel>Password</FormLabel>
        <FormControl>
-         <Input placeholder="shadcn" type="password" {...field} />
+         <Input placeholder="Enter your password" type="password" {...field} />
        </FormControl>
        <FormMessage />
      </FormItem>
    )}
  />

---

Line range hint 31-45: Enhance error handling and user feedback.

Current implementation has several areas for improvement:

1. Uses basic alert() for error messages which isn't user-friendly
2. No loading state during form submission
3. Empty success and request handlers

Consider implementing:

1. Toast notifications for errors instead of alerts
2. Loading state during submission
3. Proper success handling for better UX

  const onSubmit = async (SignInData: z.infer<typeof formSchema>) => {
+   form.setError("root", { message: "" }); // Clear previous errors
+   const [isLoading, setIsLoading] = useState(false);
+   setIsLoading(true);
    const { data, error } = await authClient.signIn.email(
      {
        email: SignInData.email,
        password: SignInData.password,
        callbackURL: "/dashboard",
      },
      {
-       onRequest: (ctx) => {},
+       onRequest: (ctx) => {
+         setIsLoading(true);
+       },
-       onSuccess: (ctx) => {},
+       onSuccess: (ctx) => {
+         toast.success("Successfully signed in!");
+       },
        onError: (ctx) => {
-         alert(ctx.error.message);
+         toast.error(ctx.error.message);
+         form.setError("root", { message: ctx.error.message });
        },
      },
    );
+   setIsLoading(false);
  };

Also update the submit button to show loading state:

- <Button type="submit">Submit</Button>
+ <Button type="submit" disabled={isLoading}>
+   {isLoading ? "Signing in..." : "Sign in"}
+ </Button>

---

Line range hint 18-21: Consider strengthening password validation requirements.

The current password validation only checks for minimum length. Consider adding more robust requirements for better security.

  const formSchema = z.object({
    email: z.string().email(),
-   password: z.string().min(8),
+   password: z.string()
+     .min(8, "Password must be at least 8 characters")
+     .regex(/[A-Z]/, "Password must contain at least one uppercase letter")
+     .regex(/[a-z]/, "Password must contain at least one lowercase letter")
+     .regex(/[0-9]/, "Password must contain at least one number")
+     .regex(/[^A-Za-z0-9]/, "Password must contain at least one special character"),
  });

apps/api/app/api/[[...route]]/route.ts (1)

Line range hint 8-12: Consider environment-based configuration for allowed origins.

While the CORS configuration is secure, consider moving the allowedOrigins array to environment variables for better maintainability and environment-specific configuration.

Example implementation:

const allowedOrigins = process.env.ALLOWED_ORIGINS?.split(',') ?? [
  "http://localhost:3003",
  "https://www.plura.pro",
  "http://app.plura.pro",
];

apps/www/components/custom/signupComponent.tsx (4)

Line range hint 19-23: Strengthen form validation rules for better security

The current validation schema could be enhanced with stronger rules:

• Add minimum length for name field
• Implement password complexity requirements
• Add maximum length constraints to prevent abuse

 const formSchema = z.object({
-  name: z.string(),
+  name: z.string().min(2).max(50),
   email: z.string().email(),
-  password: z.string().min(8),
+  password: z.string()
+    .min(8)
+    .max(100)
+    .regex(
+      /^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]+$/,
+      'Password must contain at least one uppercase letter, one lowercase letter, one number, and one special character'
+    ),
 });

---

Line range hint 29-45: Improve error handling and user feedback

The current implementation uses alert() for errors and lacks proper loading/success states:

1. Replace alert() with a proper toast/notification system
2. Add loading state during form submission
3. Provide success feedback

+ const [isLoading, setIsLoading] = useState(false);
  const onSubmit = async (SignInData: z.infer<typeof formSchema>) => {
+   setIsLoading(true);
    const { data, error } = await authClient.signUp.email(
      {
        name: SignInData.name,
        email: SignInData.email,
        password: SignInData.password,
      },
      {
        onRequest: (ctx) => {},
-       onSuccess: (ctx) => {},
+       onSuccess: (ctx) => {
+         toast.success("Account created successfully!");
+       },
        onError: (ctx) => {
-         alert(ctx.error.message);
+         toast.error(ctx.error.message);
        },
      },
    );
+   setIsLoading(false);
  };

---

Line range hint 52-91: Enhance form fields UX and accessibility

The form fields need improvements:

1. Generic "shadcn" placeholder text should be replaced
2. Add proper aria-labels and accessibility attributes
3. Add helper text for password requirements

 <FormField
   control={form.control}
   name="name"
   render={({ field }) => (
     <FormItem>
       <FormLabel>name</FormLabel>
       <FormControl>
-        <Input placeholder="shadcn" {...field} />
+        <Input 
+          placeholder="Enter your full name"
+          aria-label="Full name"
+          {...field}
+        />
       </FormControl>
       <FormMessage />
     </FormItem>
   )}
 />
 // Similar changes for email field...
 <FormField
   control={form.control}
   name="password"
   render={({ field }) => (
     <FormItem>
       <FormLabel>password</FormLabel>
       <FormControl>
-        <Input placeholder="shadcn" type="password" {...field} />
+        <Input 
+          placeholder="Enter your password"
+          type="password"
+          aria-label="Password"
+          {...field}
+        />
       </FormControl>
+      <FormDescription>
+        Password must be at least 8 characters long and contain uppercase, lowercase, 
+        number, and special character
+      </FormDescription>
       <FormMessage />
     </FormItem>
   )}
 />

---

Line range hint 29-30: Improve form submission handling and fix naming inconsistency

1. The parameter name SignInData is inconsistent in a signup component
2. Add protection against multiple submissions

- const onSubmit = async (SignInData: z.infer<typeof formSchema>) => {
+ const onSubmit = async (signUpData: z.infer<typeof formSchema>) => {
+   if (isLoading) return;

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 3da4b84 and 09dfa97.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (8)

• apps/api/app/api/[[...route]]/route.ts (1 hunks)
• apps/www/app/(auth)/sign-in/page.tsx (1 hunks)
• apps/www/app/(auth)/sign-up/page.tsx (1 hunks)
• apps/www/app/sign-in/[[...sign-in]]/layout.tsx (0 hunks)
• apps/www/app/sign-in/[[...sign-in]]/page.tsx (0 hunks)
• apps/www/components/custom/signinComponent.tsx (1 hunks)
• apps/www/components/custom/signupComponent.tsx (1 hunks)
• apps/www/package.json (0 hunks)

💤 Files with no reviewable changes (3)

• apps/www/app/sign-in/[[...sign-in]]/layout.tsx
• apps/www/app/sign-in/[[...sign-in]]/page.tsx
• apps/www/package.json

🔇 Additional comments (4)

apps/www/app/(auth)/sign-up/page.tsx (1)

1-1: LGTM! Good improvements in import structure and naming.

The switch to absolute imports using the @ alias and the consistent camelCase naming for the component improves code maintainability and follows better naming conventions.

apps/www/components/custom/signinComponent.tsx (1)

24-24: LGTM: Component renaming is consistent with naming conventions.

The renaming from SignIn to SignInComponent follows better naming practices by being more explicit about the component's nature.

apps/api/app/api/[[...route]]/route.ts (2)

101-103: LGTM! Consistent export pattern for all handlers.

The change improves code organization by making the OPTIONS handler export consistent with other HTTP method handlers.

---

101-103: Verify impact of OPTIONS handler export change.

While the change improves consistency, let's verify that no other parts of the codebase directly import the OPTIONS handler.

✅ Verification successful

No impact found from OPTIONS handler export change

The verification shows that the OPTIONS handler is only exported in the route file itself (apps/api/app/api/[[...route]]/route.ts) and there are no direct imports or references to it elsewhere in the codebase. This change is safe to proceed with.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for direct imports of OPTIONS from this route file
# Expected: No direct imports of OPTIONS should exist

# Search for direct imports of OPTIONS from this route file
rg -l "import.*\{.*OPTIONS.*\}.*from.*\[\[\.\.\.route\]\]/route" 

# Search for potential dynamic imports
rg -l "import.*from.*\[\[\.\.\.route\]\]/route.*OPTIONS"

Length of output: 125

---

Script:

#!/bin/bash
# Let's try a broader search approach to find any references to OPTIONS from route files
# First, let's find the full path of the route file
fd "route.ts" apps/api

# Then search for any imports or references to OPTIONS in the codebase
rg -i "OPTIONS.*route" 

# Also search for any direct references to OPTIONS handler
rg -i "export.*OPTIONS"

# And check for any dynamic route handlers that might use OPTIONS
rg -i "handler.*OPTIONS"

Length of output: 224

[coderabbitai]

🛠️ Refactor suggestion

Update file naming convention to follow React best practices.

The import path signinComponent doesn't follow standard React component file naming conventions. React components and their files typically use PascalCase.

Consider renaming:

-import SignInComponent from "@/components/custom/signinComponent";
+import SignInComponent from "@/components/custom/SignInComponent";

And rename the actual file from signinComponent.tsx to SignInComponent.tsx.

Committable suggestion skipped: line range outside the PR's diff.