ranking: a bunhc of frontend improvements. added a me endpoint for fetchikng info about the logged in user. added protectedroutes that allow us to block certain types of viewers from viewing certain pages so particiapnts can't access the volunteer intake form and vice versa. added a basic unauthorized page to go with this (we can improve this styling/look later) as well as a basic loading skeleton (which can also potentially be improved visually later). also updated teh intake form thank you screen to match the figma text. only thing left for forms i think is the logic for showing the user certain pages/forms based on what they've already copmleted and what step the admin has put them in. this i think could go in a separate pr

Author: YashK2005

backend/app/routes/auth.py

@@ -1,10 +1,13 @@
 from fastapi import APIRouter, Depends, HTTPException, Request, Response
 from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
+from sqlalchemy.orm import Session
 
+from ..models.User import User
 from ..schemas.auth import AuthResponse, LoginRequest, RefreshRequest, Token
 from ..schemas.user import UserCreateRequest, UserCreateResponse, UserRole
 from ..services.implementations.auth_service import AuthService
 from ..services.implementations.user_service import UserService
+from ..utilities.db_utils import get_db
 from ..utilities.service_utils import get_auth_service, get_user_service
 
 router = APIRouter(prefix="/auth", tags=["auth"])
@@ -96,3 +99,37 @@ async def verify_email(email: str, auth_service: AuthService = Depends(get_auth_
         # Log unexpected errors
         print(f"Unexpected error during email verification for {email}: {str(e)}")
         return Response(status_code=500)
+
+
+@router.get("/me", response_model=UserCreateResponse)
+async def get_current_user(
+    request: Request,
+    credentials: HTTPAuthorizationCredentials = Depends(security),
+    db: Session = Depends(get_db),
+):
+    """Get current authenticated user information including role"""
+    try:
+        # Get user auth_id from request state (set by auth middleware)
+        user_auth_id = request.state.user_id
+        if not user_auth_id:
+            raise HTTPException(status_code=401, detail="Authentication required")
+
+        # Query user from database
+        user = db.query(User).filter(User.auth_id == user_auth_id).first()
+        if not user:
+            raise HTTPException(status_code=404, detail="User not found")
+
+        return UserCreateResponse(
+            id=user.id,
+            first_name=user.first_name,
+            last_name=user.last_name,
+            email=user.email,
+            role_id=user.role_id,
+            auth_id=user.auth_id,
+            approved=user.approved,
+        )
+    except HTTPException:
+        raise
+    except Exception as e:
+        print(f"Error getting current user: {str(e)}")
+        raise HTTPException(status_code=500, detail="Internal server error")

backend/app/utilities/db_utils.py

@@ -6,7 +6,13 @@
 
 load_dotenv()
 
-DATABASE_URL = os.getenv("POSTGRES_DATABASE_URL")
+DATABASE_URL = os.getenv("POSTGRES_TEST_DATABASE_URL")
+if not DATABASE_URL:
+    raise RuntimeError(
+        "POSTGRES_TEST_DATABASE_URL is not set. "
+        "Set one of them to a valid Postgres URL, e.g. "
+        "postgresql+psycopg2://postgres:postgres@db:5432/llsc_test"
+    )
 engine = create_engine(DATABASE_URL)
 SessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine)
 

backend/app/utilities/service_utils.py

@@ -12,6 +12,6 @@ def get_user_service(db: Session = Depends(get_db)):
     return UserService(db)
 
 
-def get_auth_service(db: Session = Depends(get_db)):
+def get_auth_service(user_service: UserService = Depends(get_user_service)):
     logger = logging.getLogger(__name__)
-    return AuthService(logger=logger, user_service=UserService(db))
+    return AuthService(logger=logger, user_service=user_service)

frontend/src/components/auth/AuthLoadingSkeleton.tsx

@@ -0,0 +1,18 @@
+import React from 'react';
+import { Box, Flex, Spinner, Text } from '@chakra-ui/react';
+
+/**
+ * Simple loading component for protected pages
+ */
+export const AuthLoadingSkeleton: React.FC = () => {
+  return (
+    <Flex minH="100vh" align="center" justify="center">
+      <Box textAlign="center">
+        <Spinner size="xl" color="blue.500" thickness="4px" />
+        <Text fontSize="lg" color="gray.600" mt={4}>
+          Loading...
+        </Text>
+      </Box>
+    </Flex>
+  );
+};

frontend/src/components/auth/ProtectedPage.tsx

@@ -0,0 +1,28 @@
+import React from 'react';
+import { UserRole } from '@/types/authTypes';
+import { useProtectedRoute } from '@/hooks/useProtectedRoute';
+
+interface ProtectedPageProps {
+  allowedRoles: UserRole[];
+  children: React.ReactNode;
+}
+
+/**
+ * Wrapper component that handles auth protection logic for pages
+ * Eliminates the need to repeat auth checks in every protected page
+ */
+export const ProtectedPage: React.FC<ProtectedPageProps> = ({ allowedRoles, children }) => {
+  const { authorized, LoadingComponent } = useProtectedRoute(allowedRoles);
+
+  // Show loading skeleton while checking auth
+  if (LoadingComponent) {
+    return <LoadingComponent />;
+  }
+
+  // This will never be reached due to redirects in the hook, but good for safety
+  if (!authorized) {
+    return null;
+  }
+
+  return <>{children}</>;
+};

frontend/src/components/intake/thank-you-screen.tsx

@@ -1,6 +1,6 @@
 import React from 'react';
 import { Box, Heading, Text, VStack } from '@chakra-ui/react';
-import { COLORS, IntakeFormData } from '@/constants/form';
+import { COLORS } from '@/constants/form';
 
 // Check mark icon component
 const CheckMarkIcon: React.FC = () => (
@@ -27,11 +27,7 @@ const CheckMarkIcon: React.FC = () => (
   </Box>
 );
 
-interface ThankYouScreenProps {
-  formData?: IntakeFormData;
-}
-
-export function ThankYouScreen({ formData }: ThankYouScreenProps) {
+export function ThankYouScreen() {
   return (
     <Box
       minH="100vh"
@@ -80,36 +76,16 @@ export function ThankYouScreen({ formData }: ThankYouScreenProps) {
             fontSize="16px"
             color={COLORS.fieldGray}
             lineHeight="1.6"
-            maxW="500px"
+            maxW="600px"
             textAlign="center"
           >
-            You will receive a confirmation email. A staff member will call you within 4-5 business
+            You will receive a confirmation email. A staff member will call you within 1-2 business
             days to better understand your match preferences. For any inquiries, please reach us at{' '}
             <Text as="span" color={COLORS.teal} fontWeight={500}>
-              [email protected]
+              [email protected]
             </Text>
-            .
+            . Please note LLSC&apos;s working days are Monday-Thursday.
           </Text>
-
-          {/* Debug: Display form data */}
-          {formData && (
-            <Box mt={8} p={6} bg="gray.50" borderRadius="8px" w="full" textAlign="left">
-              <Heading as="h3" fontSize="18px" fontWeight={600} color={COLORS.veniceBlue} mb={4}>
-                Collected Form Data (Debug)
-              </Heading>
-              <Box
-                as="pre"
-                fontSize="12px"
-                color={COLORS.fieldGray}
-                fontFamily="monospace"
-                whiteSpace="pre-wrap"
-                overflow="auto"
-                maxH="400px"
-              >
-                {JSON.stringify(formData, null, 2)}
-              </Box>
-            </Box>
-          )}
         </VStack>
       </Box>
     </Box>

frontend/src/hooks/useAuthGuard.ts

@@ -0,0 +1,171 @@
+import { useEffect, useState, useMemo } from 'react';
+import { useRouter } from 'next/router';
+import { onAuthStateChanged, User } from 'firebase/auth';
+import { auth } from '@/config/firebase';
+import { UserRole } from '@/types/authTypes';
+import baseAPIClient from '@/APIClients/baseAPIClient';
+
+interface AxiosError {
+  response?: {
+    status: number;
+    data: unknown;
+  };
+  request?: unknown;
+  message?: string;
+}
+
+interface AuthGuardState {
+  loading: boolean;
+  authorized: boolean;
+}
+
+// Map role IDs to UserRole enum
+const roleIdToUserRole = (roleId: number): UserRole | null => {
+  switch (roleId) {
+    case 1:
+      return UserRole.PARTICIPANT;
+    case 2:
+      return UserRole.VOLUNTEER;
+    case 3:
+      return UserRole.ADMIN;
+    default:
+      return null;
+  }
+};
+
+/**
+ * Hook to protect pages with authentication and role-based access control
+ * @param allowedRoles - Array of roles that can access this page
+ * @returns Object with loading and authorized states
+ */
+export const useAuthGuard = (allowedRoles: UserRole[]): AuthGuardState => {
+  const router = useRouter();
+  const [authState, setAuthState] = useState<AuthGuardState>({
+    loading: true,
+    authorized: false,
+  });
+
+  // Memoize allowedRoles to prevent infinite re-renders
+  const memoizedAllowedRoles = useMemo(() => allowedRoles, [allowedRoles]);
+
+  const getUserRole = async (user: User): Promise<UserRole | null> => {
+    const cacheKey = `userRole_${user.uid}`;
+
+    // Check cache first
+    try {
+      const cached = sessionStorage.getItem(cacheKey);
+      if (cached) {
+        const { role, timestamp } = JSON.parse(cached);
+        // Cache valid for 1 hour
+        if (Date.now() - timestamp < 3600000) {
+          return role;
+        }
+        // Remove expired cache
+        sessionStorage.removeItem(cacheKey);
+      }
+    } catch {
+      // If cache is corrupted, remove it and continue
+      sessionStorage.removeItem(cacheKey);
+    }
+
+    try {
+      // Get the Firebase ID token
+      const token = await user.getIdToken();
+      // Call your backend to get user data with role
+      const response = await baseAPIClient.get('/auth/me', {
+        headers: {
+          Authorization: `Bearer ${token}`,
+        },
+      });
+
+      // Convert roleId to UserRole enum (API client converts snake_case to camelCase)
+      const userRole = roleIdToUserRole(response.data.roleId);
+
+      // Cache the result
+      if (userRole) {
+        sessionStorage.setItem(
+          cacheKey,
+          JSON.stringify({
+            role: userRole,
+            timestamp: Date.now(),
+          }),
+        );
+      }
+
+      return userRole;
+    } catch (error: unknown) {
+      console.error('[useAuthGuard] Error fetching user role:', error);
+      if (error && typeof error === 'object' && 'response' in error) {
+        const axiosError = error as AxiosError;
+        console.error('[useAuthGuard] API Error status:', axiosError.response?.status);
+        console.error('[useAuthGuard] API Error data:', axiosError.response?.data);
+      } else if (error && typeof error === 'object' && 'request' in error) {
+        console.error('[useAuthGuard] No response received:', (error as AxiosError).request);
+      } else if (error && typeof error === 'object' && 'message' in error) {
+        console.error('[useAuthGuard] Request setup error:', (error as AxiosError).message);
+      }
+      console.error('[useAuthGuard] Full error object:', error);
+      return null;
+    }
+  };
+
+  useEffect(() => {
+    const unsubscribe = onAuthStateChanged(auth, async (user) => {
+      try {
+        if (!user) {
+          // No authenticated user - redirect to login
+          router.push('/');
+          return;
+        }
+
+        // Check if email is verified
+        if (!user.emailVerified) {
+          router.push(`/verify?email=${encodeURIComponent(user.email || '')}`);
+          return;
+        }
+
+        // Get user role from backend
+        const userRole = await getUserRole(user);
+
+        if (!userRole) {
+          // Could not get user role - redirect to login
+          router.push('/');
+          return;
+        }
+
+        if (!memoizedAllowedRoles.includes(userRole)) {
+          // User doesn't have required role - redirect to unauthorized
+          router.push('/unauthorized');
+          return;
+        }
+
+        // User is authorized
+        setAuthState({ loading: false, authorized: true });
+      } catch (error) {
+        console.error('Auth guard error:', error);
+        router.push('/');
+      }
+    });
+
+    return () => unsubscribe();
+  }, [router, memoizedAllowedRoles]);
+
+  return authState;
+};
+
+/**
+ * Clear all cached user role data from session storage
+ * Call this function when the user logs out
+ */
+export const clearAuthCache = (): void => {
+  try {
+    Object.keys(sessionStorage).forEach((key) => {
+      if (key.startsWith('userRole_')) {
+        sessionStorage.removeItem(key);
+      }
+    });
+  } catch (error) {
+    // Session storage might not be available (e.g., in SSR or private browsing)
+    console.warn('[useAuthGuard] Could not clear auth cache:', error);
+  }
+};

frontend/src/hooks/useProtectedRoute.ts

@@ -0,0 +1,29 @@
+import React from 'react';
+import { UserRole } from '@/types/authTypes';
+import { AuthLoadingSkeleton } from '@/components/auth/AuthLoadingSkeleton';
+import { useAuthGuard } from './useAuthGuard';
+
+interface UseProtectedRouteResult {
+  loading: boolean;
+  authorized: boolean;
+  LoadingComponent: React.ComponentType | null;
+}
+
+/**
+ * Hook that combines auth guarding with loading skeleton
+ * Returns a LoadingComponent that you can render while auth is being checked
+ *
+ * @param allowedRoles - Array of roles that can access this page
+ * @returns Object with loading state, authorized state, and LoadingComponent
+ */
+export const useProtectedRoute = (allowedRoles: UserRole[]): UseProtectedRouteResult => {
+  const { loading, authorized } = useAuthGuard(allowedRoles);
+
+  const LoadingComponent = loading ? () => React.createElement(AuthLoadingSkeleton) : null;
+
+  return {
+    loading,
+    authorized,
+    LoadingComponent,
+  };
+};