Conversation
Contributor
There was a problem hiding this comment.
Pull Request Overview
Adds foundational authentication and session management using JWT cookies, protecting routes and exposing basic auth APIs.
- Introduces JWT session creation/verification and middleware-based route protection
- Implements login/logout/me API endpoints backed by Prisma and bcrypt
- Adds hashedPassword to User model, migration, and seed data
Reviewed Changes
Copilot reviewed 17 out of 18 changed files in this pull request and generated 16 comments.
Show a summary per file
| File | Description |
|---|---|
| src/middleware.ts | Middleware to enforce auth via JWT cookie on protected routes. |
| src/lib/schemas/user.schema.ts | Adds hashedPassword to user creation schema. |
| src/lib/schemas/errors.ts | Adds AuthorizationError. |
| src/lib/auth/permissions.ts | Basic permission helpers. |
| src/lib/auth/auth.ts | Session create/verify/delete and requireAuth helpers. |
| src/lib/auth/auth-service.ts | Login/logout/current user service functions. |
| src/app/api/users/[id]/route.ts | Aligns route params to [id]. |
| src/app/api/auth/me/route.ts | Returns current user from session. |
| src/app/api/auth/logout/route.ts | Logout endpoint. |
| src/app/api/auth/login/route.ts | Login endpoint. |
| src/app/(web)/dashboard/page.tsx | Placeholder dashboard page. |
| src/app/(web)/(auth)/signup/page.tsx | Placeholder signup page. |
| src/app/(web)/(auth)/login/page.tsx | Placeholder login page. |
| prisma/seed.ts | Adds hashedPassword to seed users. |
| prisma/schema.prisma | Adds hashedPassword to User model. |
| prisma/migrations/.../migration.sql | Adds NOT NULL hashedPassword column. |
| package.json | Adds jose/bcrypt and types. |
Files not reviewed (1)
- pnpm-lock.yaml: Language not supported
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
[Area] - Creates functionality for Auth
Changes
This PR adds functionality for authorization. It uses JWTs to implement sessions stored as cookies in the requests. It adds functionality for the following:
This PR includes pages to test that a cookie is required by the middleware however the sign up and login frontend need to be implemented.
Checklist
Please go through all items before requesting reviewers:
Closes
Closes #49