LinumIQ/linumiq_net-web_app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(auth): SSR email confirmation flow

Browse Source 
- Add /auth/confirm GET route handler that verifies the signup token via
  verifyOtp({ type, token_hash }) and falls back to exchangeCodeForSession
  when a PKCE code is present. Whitelists  to same-origin paths.
- Signup: pass emailRedirectTo=<APP_URL>/auth/confirm, show a
  'check your email' confirmation state with a resend action (cooldown),
  and handle the already-registered case.
- Login: detect email_not_confirmed and offer a resend-confirmation action;
  surface verification_failed errors from the confirm route.
This commit is contained in:
Gerhard Scheikl
2026-05-31 20:38:48 +02:00
parent 8e8df7ae64
commit 37f1e7bbd5
3 changed files with 194 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/login/page.tsx
+67 -2
View File
@@ -1,20 +1,47 @@
'use client';
import { useState, useTransition } from 'react';
import { useEffect, useState, useTransition } from 'react';
import { useRouter } from 'next/navigation';
import Link from 'next/link';
import type { AuthError } from '@supabase/supabase-js';
import { createSupabaseBrowserClient } from '@/lib/supabase/browser';
const RESEND_COOLDOWN = 45;
function isEmailNotConfirmed(error: AuthError): boolean {
return error.code === 'email_not_confirmed' || /not confirmed/i.test(error.message);
}
export default function LoginPage() {
const router = useRouter();
const [email, setEmail] = useState('');
const [password, setPassword] = useState('');
const [error, setError] = useState<string | null>(null);
const [needsConfirm, setNeedsConfirm] = useState(false);
const [resendInfo, setResendInfo] = useState<string | null>(null);
const [cooldown, setCooldown] = useState(0);
const [isPending, startTransition] = useTransition();
const [isResending, startResend] = useTransition();
useEffect(() => {
const params = new URLSearchParams(window.location.search);
if (params.get('error') === 'verification_failed') {
setError(
'Email verification failed or the link expired. Sign in below to resend a confirmation email.',
);
}
}, []);
useEffect(() => {
if (cooldown <= 0) return;
const t = setTimeout(() => setCooldown((c) => c - 1), 1000);
return () => clearTimeout(t);
}, [cooldown]);
function onSubmit(e: React.FormEvent) {
e.preventDefault();
setError(null);
setResendInfo(null);
const supabase = createSupabaseBrowserClient();
startTransition(async () => {
const { error } = await supabase.auth.signInWithPassword({
@@ -22,7 +49,14 @@ export default function LoginPage() {
password,
});
if (error) {
setError(error.message);
if (isEmailNotConfirmed(error)) {
setNeedsConfirm(true);
setError(
'Please confirm your email address before signing in. Check your inbox or resend the confirmation email below.',
);
} else {
setError(error.message);
}
return;
}
router.push('/dashboard');
@@ -30,6 +64,20 @@ export default function LoginPage() {
});
}
function onResend() {
setResendInfo(null);
const supabase = createSupabaseBrowserClient();
startResend(async () => {
const { error } = await supabase.auth.resend({ type: 'signup', email });
if (error) {
setError(error.message);
return;
}
setResendInfo('Confirmation email sent. Check your inbox.');
setCooldown(RESEND_COOLDOWN);
});
}
return (
<div className="card">
<h1>Login</h1>
@@ -53,6 +101,23 @@ export default function LoginPage() {
onChange={(e) => setPassword(e.target.value)}
/>
{error && <p className="error">{error}</p>}
{resendInfo && <p className="success">{resendInfo}</p>}
{needsConfirm && (
<div className="row" style={{ marginTop: '0.75rem' }}>
<button
type="button"
className="secondary"
onClick={onResend}
disabled={isResending || cooldown > 0 || !email}
>
{cooldown > 0
? `Resend in ${cooldown}s`
: isResending
? 'Sending…'
: 'Resend confirmation email'}
</button>
</div>
)}
<div className="row" style={{ marginTop: '1rem' }}>
<button type="submit" disabled={isPending}>
{isPending ? 'Signing in…' : 'Sign in'}