feat(auth): implement authentication modal with sign in, sign up, and forgot password functionality

- Added `AuthModal` component to manage user authentication flows, including sign in, sign up, and password recovery.
- Introduced `AccountIcon` for triggering the authentication modal.
- Created forms for sign in, sign up, and forgot password, utilizing Zod for validation.
- Implemented tab navigation between sign in and sign up views.
- Integrated Google OAuth sign-in functionality.
- Established context and hooks for managing modal state and feature flags.
- Added comprehensive tests for modal behavior and form validation.

Author: tyler-dane

packages/web/src/auth/schemas/auth.schemas.test.ts

@@ -0,0 +1,240 @@
+import {
+  emailSchema,
+  forgotPasswordSchema,
+  nameSchema,
+  passwordSchema,
+  signInSchema,
+  signUpSchema,
+} from "./auth.schemas";
+
+describe("auth.schemas", () => {
+  describe("emailSchema", () => {
+    it("validates a correct email", () => {
+      const result = emailSchema.safeParse("test@example.com");
+      expect(result.success).toBe(true);
+      if (result.success) {
+        expect(result.data).toBe("test@example.com");
+      }
+    });
+
+    it("transforms email to lowercase", () => {
+      const result = emailSchema.safeParse("Test@EXAMPLE.com");
+      expect(result.success).toBe(true);
+      if (result.success) {
+        expect(result.data).toBe("test@example.com");
+      }
+    });
+
+    it("trims whitespace", () => {
+      const result = emailSchema.safeParse("  test@example.com  ");
+      expect(result.success).toBe(true);
+      if (result.success) {
+        expect(result.data).toBe("test@example.com");
+      }
+    });
+
+    it("rejects empty string", () => {
+      const result = emailSchema.safeParse("");
+      expect(result.success).toBe(false);
+      if (!result.success) {
+        expect(result.error.errors[0].message).toBe("Email is required");
+      }
+    });
+
+    it("rejects invalid email format", () => {
+      const result = emailSchema.safeParse("not-an-email");
+      expect(result.success).toBe(false);
+      if (!result.success) {
+        expect(result.error.errors[0].message).toBe(
+          "Please enter a valid email address",
+        );
+      }
+    });
+
+    it("rejects email without domain", () => {
+      const result = emailSchema.safeParse("test@");
+      expect(result.success).toBe(false);
+    });
+  });
+
+  describe("passwordSchema", () => {
+    it("validates password with 8+ characters", () => {
+      const result = passwordSchema.safeParse("password123");
+      expect(result.success).toBe(true);
+    });
+
+    it("validates password with exactly 8 characters", () => {
+      const result = passwordSchema.safeParse("12345678");
+      expect(result.success).toBe(true);
+    });
+
+    it("rejects empty password", () => {
+      const result = passwordSchema.safeParse("");
+      expect(result.success).toBe(false);
+      if (!result.success) {
+        expect(result.error.errors[0].message).toBe("Password is required");
+      }
+    });
+
+    it("rejects password shorter than 8 characters", () => {
+      const result = passwordSchema.safeParse("1234567");
+      expect(result.success).toBe(false);
+      if (!result.success) {
+        expect(result.error.errors[0].message).toBe(
+          "Password must be at least 8 characters",
+        );
+      }
+    });
+  });
+
+  describe("nameSchema", () => {
+    it("validates a non-empty name", () => {
+      const result = nameSchema.safeParse("John Doe");
+      expect(result.success).toBe(true);
+      if (result.success) {
+        expect(result.data).toBe("John Doe");
+      }
+    });
+
+    it("trims whitespace", () => {
+      const result = nameSchema.safeParse("  John Doe  ");
+      expect(result.success).toBe(true);
+      if (result.success) {
+        expect(result.data).toBe("John Doe");
+      }
+    });
+
+    it("rejects empty string", () => {
+      const result = nameSchema.safeParse("");
+      expect(result.success).toBe(false);
+      if (!result.success) {
+        expect(result.error.errors[0].message).toBe("Name is required");
+      }
+    });
+
+    it("rejects whitespace-only string", () => {
+      const result = nameSchema.safeParse("   ");
+      expect(result.success).toBe(false);
+    });
+  });
+
+  describe("signUpSchema", () => {
+    it("validates complete sign up data", () => {
+      const result = signUpSchema.safeParse({
+        name: "John Doe",
+        email: "john@example.com",
+        password: "password123",
+      });
+      expect(result.success).toBe(true);
+      if (result.success) {
+        expect(result.data).toEqual({
+          name: "John Doe",
+          email: "john@example.com",
+          password: "password123",
+        });
+      }
+    });
+
+    it("transforms email and trims name", () => {
+      const result = signUpSchema.safeParse({
+        name: "  John Doe  ",
+        email: "JOHN@EXAMPLE.COM",
+        password: "password123",
+      });
+      expect(result.success).toBe(true);
+      if (result.success) {
+        expect(result.data.name).toBe("John Doe");
+        expect(result.data.email).toBe("john@example.com");
+      }
+    });
+
+    it("rejects missing name", () => {
+      const result = signUpSchema.safeParse({
+        email: "john@example.com",
+        password: "password123",
+      });
+      expect(result.success).toBe(false);
+    });
+
+    it("rejects invalid email", () => {
+      const result = signUpSchema.safeParse({
+        name: "John",
+        email: "invalid",
+        password: "password123",
+      });
+      expect(result.success).toBe(false);
+    });
+
+    it("rejects short password", () => {
+      const result = signUpSchema.safeParse({
+        name: "John",
+        email: "john@example.com",
+        password: "short",
+      });
+      expect(result.success).toBe(false);
+    });
+  });
+
+  describe("signInSchema", () => {
+    it("validates complete sign in data", () => {
+      const result = signInSchema.safeParse({
+        email: "john@example.com",
+        password: "anypassword",
+      });
+      expect(result.success).toBe(true);
+    });
+
+    it("accepts any non-empty password (no min length)", () => {
+      const result = signInSchema.safeParse({
+        email: "john@example.com",
+        password: "a",
+      });
+      expect(result.success).toBe(true);
+    });
+
+    it("rejects empty password", () => {
+      const result = signInSchema.safeParse({
+        email: "john@example.com",
+        password: "",
+      });
+      expect(result.success).toBe(false);
+    });
+
+    it("transforms email to lowercase", () => {
+      const result = signInSchema.safeParse({
+        email: "JOHN@EXAMPLE.COM",
+        password: "password",
+      });
+      expect(result.success).toBe(true);
+      if (result.success) {
+        expect(result.data.email).toBe("john@example.com");
+      }
+    });
+  });
+
+  describe("forgotPasswordSchema", () => {
+    it("validates a correct email", () => {
+      const result = forgotPasswordSchema.safeParse({
+        email: "john@example.com",
+      });
+      expect(result.success).toBe(true);
+    });
+
+    it("rejects invalid email", () => {
+      const result = forgotPasswordSchema.safeParse({
+        email: "not-an-email",
+      });
+      expect(result.success).toBe(false);
+    });
+
+    it("transforms email to lowercase", () => {
+      const result = forgotPasswordSchema.safeParse({
+        email: "JOHN@EXAMPLE.COM",
+      });
+      expect(result.success).toBe(true);
+      if (result.success) {
+        expect(result.data.email).toBe("john@example.com");
+      }
+    });
+  });
+});

packages/web/src/auth/schemas/auth.schemas.ts

@@ -0,0 +1,73 @@
+import { z } from "zod";
+
+/**
+ * Email validation schema
+ * - Required with meaningful error
+ * - Validates email format
+ * - Transforms to lowercase and trims whitespace
+ *
+ * Note: We use preprocess to trim/lowercase BEFORE validation so that
+ * "  test@example.com  " validates correctly after trimming.
+ */
+export const emailSchema = z.preprocess(
+  (val) => (typeof val === "string" ? val.trim().toLowerCase() : val),
+  z
+    .string()
+    .min(1, "Email is required")
+    .email("Please enter a valid email address"),
+);
+
+/**
+ * Password validation schema
+ * - Required with meaningful error
+ * - Minimum 8 characters for security
+ */
+export const passwordSchema = z
+  .string()
+  .min(1, "Password is required")
+  .min(8, "Password must be at least 8 characters");
+
+/**
+ * Name validation schema
+ * - Required with meaningful error
+ * - Trims whitespace
+ *
+ * Note: We use preprocess to trim BEFORE validation, then refine to check
+ * that the trimmed result is non-empty (rejects whitespace-only strings).
+ */
+export const nameSchema = z.preprocess(
+  (val) => (typeof val === "string" ? val.trim() : val),
+  z.string().min(1, "Name is required"),
+);
+
+/**
+ * Sign up form schema
+ * Combines name, email, and password validation
+ */
+export const signUpSchema = z.object({
+  name: nameSchema,
+  email: emailSchema,
+  password: passwordSchema,
+});
+
+/**
+ * Sign in form schema
+ * Email validation + password presence check (no min length on sign in)
+ */
+export const signInSchema = z.object({
+  email: emailSchema,
+  password: z.string().min(1, "Password is required"),
+});
+
+/**
+ * Forgot password form schema
+ * Only requires valid email
+ */
+export const forgotPasswordSchema = z.object({
+  email: emailSchema,
+});
+
+// Type exports for form data
+export type SignUpFormData = z.infer<typeof signUpSchema>;
+export type SignInFormData = z.infer<typeof signInSchema>;
+export type ForgotPasswordFormData = z.infer<typeof forgotPasswordSchema>;

packages/web/src/components/AuthModal/AccountIcon.tsx

@@ -0,0 +1,40 @@
+import { FC } from "react";
+import { User } from "@phosphor-icons/react";
+import { useSession } from "@web/auth/hooks/session/useSession";
+import { TooltipWrapper } from "@web/components/Tooltip/TooltipWrapper";
+import { useAuthFeatureFlag } from "./hooks/useAuthFeatureFlag";
+import { useAuthModal } from "./hooks/useAuthModal";
+
+/**
+ * Account icon button for triggering the auth modal
+ *
+ * Only renders when:
+ * - User is not authenticated
+ * - Feature flag ?enableAuth=true is present in URL
+ *
+ * Clicking opens the auth modal with sign-in view
+ */
+export const AccountIcon: FC = () => {
+  const { authenticated } = useSession();
+  const isEnabled = useAuthFeatureFlag();
+  const { openModal } = useAuthModal();
+
+  // Don't show if user is already authenticated or feature is disabled
+  if (authenticated || !isEnabled) {
+    return null;
+  }
+
+  const handleClick = () => {
+    openModal("signIn");
+  };
+
+  return (
+    <TooltipWrapper description="Sign in" onClick={handleClick}>
+      <User
+        size={24}
+        className="cursor-pointer text-white/70 transition-colors hover:text-white"
+        aria-label="Sign in"
+      />
+    </TooltipWrapper>
+  );
+};