tkxkd0159
diff --git a/‎app/admin/signin/page.tsx‎
Lines changed: 6 additions & 7 deletions b/‎app/admin/signin/page.tsx‎
Lines changed: 6 additions & 7 deletions
diff --git a/‎app/page.tsx‎
Lines changed: 5 additions & 5 deletions b/‎app/page.tsx‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎app/signin/page.tsx‎
Lines changed: 5 additions & 5 deletions b/‎app/signin/page.tsx‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎lib/auth/onboarding.ts‎
Lines changed: 5 additions & 1 deletion b/‎lib/auth/onboarding.ts‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎lib/auth/redirects.ts‎
Lines changed: 35 additions & 1 deletion b/‎lib/auth/redirects.ts‎
Lines changed: 35 additions & 1 deletion
diff --git a/‎lib/auth/server.ts‎
Lines changed: 45 additions & 2 deletions b/‎lib/auth/server.ts‎
Lines changed: 45 additions & 2 deletions
@@ -10,11 +10,10 @@ import {
 } from "@/components/ui/card";
 import {
   DEFAULT_INTERNAL_ADMIN_PATH,
-  getAuthenticatedUserDestination,
+  getAuthenticatedSessionDestination,
   normalizeSafeCallbackUrl,
 } from "@/lib/auth/redirects";
-import { getCurrentUser } from "@/lib/auth/server";
-import { isInternalAdminUser } from "@/lib/auth/identity";
+import { getAuthIdentity } from "@/lib/auth/server";
 
 function extractSearchParam(value: string | string[] | undefined) {
   if (Array.isArray(value)) {
@@ -30,14 +29,14 @@ export default async function AdminSignInPage({ searchParams }: Props.Page) {
     extractSearchParam(params.callbackUrl) || DEFAULT_INTERNAL_ADMIN_PATH,
     DEFAULT_INTERNAL_ADMIN_PATH,
   );
-  const currentUser = await getCurrentUser();
+  const authIdentity = await getAuthIdentity();
 
-  if (currentUser) {
-    if (!isInternalAdminUser(currentUser)) {
+  if (authIdentity) {
+    if (!authIdentity.isInternalAdmin) {
       forbidden();
     }
 
-    redirect(getAuthenticatedUserDestination(currentUser, callbackUrl));
+    redirect(getAuthenticatedSessionDestination(authIdentity, callbackUrl));
   }
 
   return (
 
@@ -9,13 +9,13 @@ import {
   CardHeader,
   CardTitle,
 } from "@/components/ui/card";
-import { getAuthenticatedUserDestination } from "@/lib/auth/redirects";
-import { getCurrentUser } from "@/lib/auth/server";
+import { getAuthenticatedSessionDestination } from "@/lib/auth/redirects";
+import { getAuthIdentity } from "@/lib/auth/server";
 
 export default async function Page() {
-  const currentUser = await getCurrentUser();
-  if (currentUser) {
-    redirect(getAuthenticatedUserDestination(currentUser));
+  const authIdentity = await getAuthIdentity();
+  if (authIdentity) {
+    redirect(getAuthenticatedSessionDestination(authIdentity));
   }
 
   return (
 
@@ -11,10 +11,10 @@ import {
 import { resolveAuthErrorMessage } from "@/lib/auth/error-messages";
 import {
   DEFAULT_PUBLIC_APP_PATH,
-  getAuthenticatedUserDestination,
+  getAuthenticatedSessionDestination,
   normalizeSafeCallbackUrl,
 } from "@/lib/auth/redirects";
-import { getCurrentUser } from "@/lib/auth/server";
+import { getAuthIdentity } from "@/lib/auth/server";
 
 function extractSearchParam(value: string | string[] | undefined) {
   if (Array.isArray(value)) {
@@ -30,9 +30,9 @@ export default async function SignInPage({ searchParams }: Props.Page) {
     extractSearchParam(params.callbackUrl) || DEFAULT_PUBLIC_APP_PATH,
     DEFAULT_PUBLIC_APP_PATH,
   );
-  const currentUser = await getCurrentUser();
-  if (currentUser) {
-    redirect(getAuthenticatedUserDestination(currentUser, callbackUrl));
+  const authIdentity = await getAuthIdentity();
+  if (authIdentity) {
+    redirect(getAuthenticatedSessionDestination(authIdentity, callbackUrl));
   }
 
   const errorCode = extractSearchParam(params.error);
 
@@ -1,4 +1,5 @@
 import sql from "@/lib/db";
+import { syncCachedAuthUser } from "@/lib/auth/user-cache";
 import { AuthFlowError } from "@/lib/auth/errors";
 import { INTERNAL_AUTH_PROVIDER, resolveAppSessionIdentity } from "@/lib/auth/identity";
 import { logRepositoryOperation } from "@/lib/repository-logging";
@@ -91,7 +92,7 @@ export async function completeSignup(
       const invitationCodeHash = hashInvitationCode(input.invitationCode);
 
       try {
-        return await sql.begin(async (tx) => {
+        const completedUser = await sql.begin(async (tx) => {
           const query = tx as unknown as typeof sql;
 
           const [user] = await query<SignupUserRow[]>`
@@ -220,6 +221,9 @@ export async function completeSignup(
 
           return mapCompletedUser(updatedUser);
         });
+
+        await syncCachedAuthUser(completedUser.id, completedUser);
+        return completedUser;
       } catch (error) {
         if (
           typeof error === "object" &&
 
@@ -4,7 +4,14 @@ import {
   isIncompletePublicUser,
   isInternalAdminUser,
 } from "@/lib/auth/identity";
-import type { AuthUser } from "@/types/db";
+import type { AppSessionIdentity, AuthUser } from "@/types/db";
+
+type SessionIdentityLike = {
+  isInternalAdmin?: boolean;
+  isSignupComplete?: boolean;
+  provider?: string;
+  sessionIdentity?: AppSessionIdentity;
+};
 
 export const AUTH_REQUEST_PATH_HEADER = "x-bbb-request-path";
 export const DEFAULT_PUBLIC_APP_PATH = "/books/search";
@@ -106,3 +113,30 @@ export function getAuthenticatedUserDestination(
 
   return safeCallbackUrl;
 }
+
+export function getAuthenticatedSessionDestination(
+  user: SessionIdentityLike,
+  callbackUrl = DEFAULT_PUBLIC_APP_PATH,
+) {
+  const safeCallbackUrl = normalizeSafeCallbackUrl(
+    callbackUrl,
+    DEFAULT_PUBLIC_APP_PATH,
+  );
+
+  if (user.isInternalAdmin === true || user.sessionIdentity === "INTERNAL_ADMIN") {
+    return DEFAULT_INTERNAL_ADMIN_PATH;
+  }
+
+  if (
+    user.sessionIdentity === "PUBLIC_INCOMPLETE" ||
+    (
+      user.sessionIdentity === undefined &&
+      typeof user.provider === "string" &&
+      user.isSignupComplete === false
+    )
+  ) {
+    return createSignupHref(safeCallbackUrl);
+  }
+
+  return safeCallbackUrl;
+}
@@ -17,8 +17,21 @@ import {
   createE2ESession,
   getE2ECurrentUser,
 } from "@/lib/test-harness/auth";
+import {
+  readCachedAuthUserById,
+  syncCachedAuthUser,
+} from "@/lib/auth/user-cache";
 import { findUserById } from "@/lib/auth/users";
-import type { AuthUser } from "@/types/db";
+import type { AppSessionIdentity, AuthUser } from "@/types/db";
+
+export type AuthSessionIdentity = {
+  id: string;
+  isInternalAdmin: boolean;
+  isSignupComplete: boolean;
+  nickname: string | null;
+  provider?: string;
+  sessionIdentity?: AppSessionIdentity;
+};
 
 const readAuthSession = cache(async (): Promise<Session | null> => {
   const session = await getAuthSessionSafe();
@@ -41,14 +54,44 @@ async function findCurrentUserFromSession(
     return null;
   }
 
-  return findUserById(session.user.id);
+  const cachedUser = await readCachedAuthUserById(session.user.id);
+  if (cachedUser !== undefined) {
+    return cachedUser;
+  }
+
+  const user = await findUserById(session.user.id);
+  await syncCachedAuthUser(session.user.id, user);
+  return user;
 }
 
 const readCurrentUser = cache(async (): Promise<AuthUser | null> =>
   findCurrentUserFromSession(await readAuthSession()),
 );
 
+const readAuthIdentity = cache(async (): Promise<AuthSessionIdentity | null> => {
+  const session = await readAuthSession();
+  if (!session?.user?.id) {
+    return null;
+  }
+
+  return {
+    id: session.user.id,
+    isInternalAdmin: session.user.isInternalAdmin === true,
+    isSignupComplete: session.user.isSignupComplete === true,
+    nickname: typeof session.user.nickname === "string" ? session.user.nickname : null,
+    provider:
+      typeof session.user.provider === "string"
+        ? session.user.provider
+        : undefined,
+    sessionIdentity:
+      typeof session.user.sessionIdentity === "string"
+        ? session.user.sessionIdentity
+        : undefined,
+  };
+});
+
 export const getAuthSession = readAuthSession;
+export const getAuthIdentity = readAuthIdentity;
 export const getCurrentUser = readCurrentUser;
 
 type RequireCurrentUserOptions = {