feat: added @kgpian.iitkgp.ac.in verification on frontend and backend

Devansh-bit · Devansh-bit · commit 82e5617b70cc · 2025-11-09T13:09:46.000+05:30
diff --git a/backend/src/api/handlers/auth.rs b/backend/src/api/handlers/auth.rs
@@ -107,6 +107,13 @@ pub async fn google_auth_callback(
 
     let claims = token_data.claims;
 
+    // Validate email domain - only allow @kgpian.iitkgp.ac.in
+    if !claims.email.ends_with("@kgpian.iitkgp.ac.in") {
+        return Err(crate::api::errors::AuthError::BadResponse(
+            "Only @kgpian.iitkgp.ac.in email addresses are allowed to sign in".to_string()
+        ).into());
+    }
+
     let user_info = GoogleUserInfo {
         google_id: claims.sub,
         email: claims.email,
diff --git a/dev-startup.sh b/dev-startup.sh
@@ -194,7 +194,9 @@ create_directories() {
 
     # Default paths if not set in .env
     STATIC_STORAGE="${STATIC_FILE_STORAGE_LOCATION:-${HOME}/static}"
-    LOG_DIR="${LOG_LOCATION:-${HOME}/log}"
+    # Extract directory from LOG_LOCATION file path (e.g., /path/to/backend.log -> /path/to)
+    LOG_FILE="${LOG_LOCATION:-${HOME}/log/backend.log}"
+    LOG_DIR="$(dirname "${LOG_FILE}")"
 
     # Create directories
     mkdir -p "${STATIC_STORAGE}/cfmn/notes/uploaded"
diff --git a/frontend/src/contexts/AuthContext.tsx b/frontend/src/contexts/AuthContext.tsx
@@ -150,6 +150,8 @@ export const AuthProvider: React.FC<AuthProviderProps> = ({
                     use_fedcm_for_prompt: false,
                     ux_mode: 'popup',
                     context: 'signin',
+                    // Restrict to @kgpian.iitkgp.ac.in domain only
+                    hd: 'kgpian.iitkgp.ac.in',
                     // One Tap specific configurations
                     itp_support: true,
                     state_cookie_domain: window.location.hostname,
@@ -294,10 +296,27 @@ export const AuthProvider: React.FC<AuthProviderProps> = ({
             } else {
                 const errorText = await result.text();
                 console.error('Authentication failed:', result.status, errorText);
-                throw new Error(`Authentication failed: ${result.status}`);
+
+                // Check if it's an email domain restriction error
+                let errorMessage = `Authentication failed: ${result.status}`;
+                try {
+                    const errorData = JSON.parse(errorText);
+                    if (errorData.error && errorData.error.includes('@kgpian.iitkgp.ac.in')) {
+                        errorMessage = 'Only @kgpian.iitkgp.ac.in email addresses are allowed. Please sign in with your institutional email.';
+                    } else if (errorData.error) {
+                        errorMessage = errorData.error;
+                    }
+                } catch {
+                    // If JSON parsing fails, use the status-based message
+                }
+
+                throw new Error(errorMessage);
             }
         } catch (error) {
-            console.error('Authentication error:', error instanceof Error ? error.message : String(error));
+            const errorMsg = error instanceof Error ? error.message : String(error);
+            console.error('Authentication error:', errorMsg);
+            // Display user-friendly error message
+            alert(errorMsg);
         } finally {
             setIsLoading(false);
         }
