sandboxnu · cherman23 · Oct 15, 2025 · Oct 8, 2025 · Copilot · Oct 14, 2025
diff --git a/package.json b/package.json
@@ -27,6 +27,8 @@
     },
     "dependencies": {
         "@prisma/client": "6.15.0",
+        "bcrypt": "^6.0.0",
+        "jose": "^6.1.0",
         "next": "15.5.2",
         "prisma": "^6.15.0",
         "react": "19.1.0",
@@ -36,6 +38,7 @@
     "devDependencies": {
         "@eslint/eslintrc": "^3",
         "@tailwindcss/postcss": "^4",
+        "@types/bcrypt": "^6.0.0",
         "@types/node": "^22",
         "@types/react": "^19",
         "@types/react-dom": "^19",

diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
diff --git a/prisma/migrations/20251008012125_add_password_to_user/migration.sql b/prisma/migrations/20251008012125_add_password_to_user/migration.sql
@@ -0,0 +1,8 @@
+/*
+  Warnings:
+
+  - Added the required column `hashedPassword` to the `User` table without a default value. This is not possible if the table is not empty.
+
+*/
+-- AlterTable
+ALTER TABLE "public"."User" ADD COLUMN     "hashedPassword" TEXT NOT NULL;
-- AlterTable
-ALTER TABLE "public"."User" ADD COLUMN     "hashedPassword" TEXT NOT NULL;
+-- Step 1: Add the column as nullable
+ALTER TABLE "public"."User" ADD COLUMN "hashedPassword" TEXT;
+
+-- Step 2: Backfill existing rows with a safe default (empty string)
+UPDATE "public"."User" SET "hashedPassword" = '' WHERE "hashedPassword" IS NULL;
+
+-- Step 3: Set the column as NOT NULL
+ALTER TABLE "public"."User" ALTER COLUMN "hashedPassword" SET NOT NULL;
-ALTER TABLE "public"."User" ADD COLUMN     "hashedPassword" TEXT NOT NULL;
+-- Step 1: Add the column as nullable
+ALTER TABLE "public"."User" ADD COLUMN "hashedPassword" TEXT;
+
+-- Step 2: Backfill existing rows with a safe default (empty string)
+UPDATE "public"."User" SET "hashedPassword" = '' WHERE "hashedPassword" IS NULL;
+
+-- Step 3: Set the column as NOT NULL
+ALTER TABLE "public"."User" ALTER COLUMN "hashedPassword" SET NOT NULL;
-- AlterTable
-ALTER TABLE "public"."User" ADD COLUMN     "hashedPassword" TEXT NOT NULL;
+-- Step 1: Add the column as nullable
+ALTER TABLE "public"."User" ADD COLUMN "hashedPassword" TEXT;
+
+-- Step 2: Backfill existing rows with a safe default (empty string)
+UPDATE "public"."User" SET "hashedPassword" = '' WHERE "hashedPassword" IS NULL;
+
+-- Step 3: Set the column as NOT NULL
+ALTER TABLE "public"."User" ALTER COLUMN "hashedPassword" SET NOT NULL;
-ALTER TABLE "public"."User" ADD COLUMN     "hashedPassword" TEXT NOT NULL;
+-- Step 1: Add the column as nullable
+ALTER TABLE "public"."User" ADD COLUMN "hashedPassword" TEXT;
+
+-- Step 2: Backfill existing rows with a safe default (empty string)
+UPDATE "public"."User" SET "hashedPassword" = '' WHERE "hashedPassword" IS NULL;
+
+-- Step 3: Set the column as NOT NULL
+ALTER TABLE "public"."User" ALTER COLUMN "hashedPassword" SET NOT NULL;
diff --git a/prisma/schema.prisma b/prisma/schema.prisma
@@ -9,31 +9,32 @@ datasource db {
 }
 
 model Organization {
-  id        String   @id @unique @default(uuid())
-  name      String
-  createdAt DateTime @default(now())
-  updatedAt DateTime @updatedAt
-  createdById String @unique
-  createdBy User @relation("CreatedOrganization", fields: [createdById], references: [id])
-  users              User[] @relation("UserOrganization")
+  id                 String               @id @unique @default(uuid())
+  name               String
+  createdAt          DateTime             @default(now())
+  updatedAt          DateTime             @updatedAt
+  createdById        String               @unique
+  createdBy          User                 @relation("CreatedOrganization", fields: [createdById], references: [id])
+  users              User[]               @relation("UserOrganization")
   positions          Position[]
   candidates         Candidate[]
   AssessmentTemplate AssessmentTemplate[]
   TaskTemplate       TaskTemplate[]
 }
 
 model User {
-  id           String        @id @unique @default(uuid())
-  name         String
-  email        String       @unique
-  orgId        String?
-  createdAt    DateTime     @default(now())
-  updatedAt    DateTime     @updatedAt
-  organization Organization? @relation("UserOrganization", fields: [orgId], references: [id])
+  id                  String        @id @unique @default(uuid())
+  name                String
+  email               String        @unique
+  orgId               String?
+  hashedPassword      String
+  createdAt           DateTime      @default(now())
+  updatedAt           DateTime      @updatedAt
+  organization        Organization? @relation("UserOrganization", fields: [orgId], references: [id])
   createdOrganization Organization? @relation("CreatedOrganization")
-  userRoles    UserRole[]
-  Review       Review[]
-  Comment      Comment[]
+  userRoles           UserRole[]
+  Review              Review[]
+  Comment             Comment[]
 }
 
 model Role {

diff --git a/prisma/seed.ts b/prisma/seed.ts
@@ -10,6 +10,7 @@ async function main() {
             update: {},
             create: {
                 id: 'e99335bd-9dd7-4260-8977-2eeaa4df799c',
+                hashedPassword: 'abcd',
                 name: 'Admin User',
                 email: 'admin@techcorp.com',
             },
@@ -20,6 +21,7 @@ async function main() {
             create: {
                 id: '68992d1e-e119-4874-b768-bf685d10194e',
                 name: 'John Doe',
+                hashedPassword: 'abcd',
                 email: 'john.doe@techcorp.com',
             },
         }),
@@ -29,6 +31,7 @@ async function main() {
             create: {
                 id: 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
                 name: 'Jane Smith',
+                hashedPassword: 'abcd',
                 email: 'jane.smith@startupxyz.com',
             },
         }),
@@ -38,6 +41,7 @@ async function main() {
             create: {
                 id: 'b2c3d4e5-f6g7-8901-bcde-f12345678901',
                 name: 'Bob Wilson',
+                hashedPassword: 'abcd',
                 email: 'bob.wilson@enterprise.com',
             },
         }),

diff --git a/src/app/(web)/(auth)/login/page.tsx b/src/app/(web)/(auth)/login/page.tsx
@@ -0,0 +1,3 @@
+export default function LoginPage() {
+    return <div className="">login</div>;
+}
diff --git a/src/app/(web)/(auth)/signup/page.tsx b/src/app/(web)/(auth)/signup/page.tsx
@@ -0,0 +1,3 @@
+export default function SignupPage() {
+    return <div className="">signup</div>;
+}
diff --git a/src/app/(web)/dashboard/page.tsx b/src/app/(web)/dashboard/page.tsx
@@ -0,0 +1,3 @@
+export default function DashboardPage() {
+    return <div className=""></div>;
+}
diff --git a/src/app/api/auth/login/route.ts b/src/app/api/auth/login/route.ts
@@ -0,0 +1,37 @@
+import { type NextRequest } from 'next/server';
+import { sargeApiError, sargeApiResponse } from '@/lib/responses';
+import { login } from '@/lib/auth/auth-service';
+import { InvalidInputError } from '@/lib/schemas/errors';
+
+export async function POST(request: NextRequest) {
+    try {
+        const body = await request.json();
+
+        if (!body.email || !body.password) {
+            return sargeApiError('Email and password are required', 400);
+        }
+
+        const user = await login({
+            email: body.email,
+            password: body.password,
+        });
+
+        return sargeApiResponse(user, 200);
+    } catch (error) {
+        if (error instanceof InvalidInputError) {
+            return sargeApiError(error.message, 400);
+        }
+
+        const message = error instanceof Error ? error.message : String(error);
+
+        if (message.includes('Invalid credentials')) {
+            return sargeApiError('Invalid email or password', 401);
+        }
+
+        if (message.includes('Login implementation needed')) {
+            return sargeApiError('Authentication not yet configured', 501);
+        }
+
+        return sargeApiError(message, 500);
+    }
+}
diff --git a/src/app/api/auth/logout/route.ts b/src/app/api/auth/logout/route.ts
@@ -0,0 +1,13 @@
+import { type NextRequest } from 'next/server';
+import { sargeApiResponse } from '@/lib/responses';
+import { logout } from '@/lib/auth/auth-service';
+
+export async function POST(_request: NextRequest) {
+    try {
+        await logout();
-import { logout } from '@/lib/auth/auth-service';
-
-export async function POST(_request: NextRequest) {
-    try {
-        await logout();
+import { deleteSession } from '@/lib/auth/auth-service';
+
+export async function POST(_request: NextRequest) {
+    try {
+        await deleteSession();
-import { logout } from '@/lib/auth/auth-service';
-
-export async function POST(_request: NextRequest) {
-    try {
-        await logout();
+import { deleteSession } from '@/lib/auth/auth-service';
+
+export async function POST(_request: NextRequest) {
+    try {
+        await deleteSession();
+        return sargeApiResponse({ message: 'Logged out successfully' }, 200);
+    } catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        return sargeApiResponse({ message: 'Logged out', error: message }, 200);
+    }
+}
diff --git a/src/app/api/auth/me/route.ts b/src/app/api/auth/me/route.ts
@@ -0,0 +1,18 @@
+import { type NextRequest } from 'next/server';
+import { sargeApiResponse, sargeApiError } from '@/lib/responses';
+import { getCurrentUser } from '@/lib/auth/auth-service';
+
+export async function GET(_request: NextRequest) {
+    try {
+        const user = await getCurrentUser();
+
+        if (!user) {
+            return sargeApiError('Not authenticated', 401);
+        }
+
+        return sargeApiResponse(user, 200);
+    } catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        return sargeApiError(message, 500);
+    }
+}
diff --git a/src/app/api/users/[userId]/route.ts → src/app/api/users/[id]/route.ts b/src/app/api/users/[userId]/route.ts → src/app/api/users/[id]/route.ts
@@ -5,11 +5,11 @@ import { type NextRequest } from 'next/server';
 
 export async function DELETE(
     _request: NextRequest,
-    { params }: { params: Promise<{ userId: string }> }
+    { params }: { params: Promise<{ id: string }> }
 ) {
     try {
-        const userId = (await params).userId;
-        const user = await userController.delete(userId);
+        const id = (await params).id;
+        const user = await userController.delete(id);
         return sargeApiResponse(user, 200);
     } catch (error) {
         if (error instanceof UserNotFoundError) {
@@ -21,13 +21,10 @@ export async function DELETE(
     }
 }
 
-export async function GET(
-    _request: NextRequest,
-    { params }: { params: Promise<{ userId: string }> }
-) {
+export async function GET(_request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
     try {
-        const userId = (await params).userId;
-        const user = await userController.get(userId);
+        const id = (await params).id;
+        const user = await userController.get(id);
         return sargeApiResponse(user, 200);
     } catch (error) {
         if (error instanceof UserNotFoundError) {
@@ -39,14 +36,11 @@ export async function GET(
     }
 }
 
-export async function PUT(
-    request: NextRequest,
-    { params }: { params: Promise<{ userId: string }> }
-) {
+export async function PUT(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
     try {
-        const userId = (await params).userId;
+        const id = (await params).id;
         const body = await request.json();
-        const user = await userController.update(userId, body);
+        const user = await userController.update(id, body);
         return sargeApiResponse(user, 200);
     } catch (error) {
         if (error instanceof UserNotFoundError) {