feat(auth): wire login and signup pages to backend API#34
Merged
Conversation
- Add `src/lib/api/auth.ts` with typed `login()`, `signup()`, `logout()`, and `extractApiErrorMessage()` functions; both auth functions store the JWT token and current-user profile on success - Update `LoginForm` to call `login()` instead of raw `api.post`, surface real API error messages (NestJS validation arrays joined, 401 mapped to a credential-specific message), and add `role="alert"` to the error paragraph - Update `SignupForm` to call `signup()`, fix missing `setCurrentUser()` call (user profile was never stored after signup), surface real API error messages, and map 409 Conflict to an email-already-in-use message - Add `.env.example` documenting the required `NEXT_PUBLIC_API_URL` variable Closes MyFanss#12
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #12
Summary
Completes the first full-stack auth vertical slice by connecting the existing login/signup UI to the NestJS backend.
src/lib/api/auth.ts— new typed auth module withlogin(),signup(),logout(), andextractApiErrorMessage(). Both mutation functions call the backend, then store the JWT and user profile so subsequent API calls are authenticated immediately.LoginForm— now callslogin()instead of rawapi.post. Real API error messages (NestJS validation arrays are joined; 401 maps to a credential-specific message; network failures show a connectivity message). Addedrole="alert"on the error paragraph for screen readers.SignupForm— now callssignup(). Fixes a bug whereapi.setCurrentUser()was never called after signup, so the user profile was never persisted. 409 Conflict maps to an email-already-in-use message. Same real-error-message surfacing as login..env.example— documents the requiredNEXT_PUBLIC_API_URLvariable (force-committed since.gitignoreexcluded.env*patterns).What's in scope
lib/api/auth.tswithlogin()andsignup()setAuthCookie)/dashboardafter login/signup?redirect=logic preserved).env.exampleupdatedNotes
Token storage tradeoff: Tokens are stored in
localStorage(readable by JS) and mirrored into a non-httpOnly cookie (used bymiddleware.tsfor SSR route protection). An httpOnly-only approach would require a Next.js API route acting as a proxy to set the cookie server-side. The current dual-storage approach is the simplest path consistent with the existingclient.tsarchitecture; the tradeoff is documented insrc/lib/api/README.md.Toast notifications: No toast library is currently in the project's dependencies. Network failures are displayed inline in the form's existing error area (consistent with how validation and API errors are shown) to avoid pulling in a new dependency. Adding
sonneror similar can be a follow-up if the team decides to standardise toast-based feedback.CORS: The backend must allow
http://localhost:3000(or wherever the frontend runs) as an origin. SetNEXT_PUBLIC_API_URLin.env.localto point at the backend.