feat: refactor authentication flow and update user model with session…#26
Merged
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR implements session token-based authentication to handle concurrent logins and adds new user fields to the schema. The main changes include adding sessionToken and image fields to the User model, refactoring the authentication logic to generate and validate session tokens, and updating the sign-up/sign-in pages.
Key changes:
- Session token generation and validation to detect logins from different devices
- Addition of
sessionTokenandimagefields to the User model - Refactored authentication callbacks with improved type safety
- Cleared existing migration files and added them to
.gitignore
Reviewed Changes
Copilot reviewed 23 out of 30 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
| packages/db/prisma/schema.prisma | Added sessionToken and image fields to User model |
| packages/db/prisma/seed.ts | Added sessionToken generation for seeded users and used AuthType enum |
| packages/db/.gitignore | Added migrations directory to gitignore |
| packages/db/.env.example | Updated database connection string |
| apps/user-app/app/lib/auth.ts | Implemented session token generation/validation logic and refactored auth callbacks |
| apps/user-app/app/auth/signup/page.tsx | Added new form fields but signup calls signIn instead of creating user |
| apps/user-app/app/auth/signin/page.tsx | Updated UI labels and placeholders |
| apps/user-app/app/api/auth/[...nextauth]/route.ts | Fixed import path |
| apps/user-app/.env.example | Removed unused HDFC and AXIS redirect URLs |
| apps/merchant-app/app/layout.tsx | Formatting and comment updates |
| packages/db/prisma/migrations/* | All migration files cleared |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| value={email} | ||
| onChange={(e) => setEmail(e.target.value)} | ||
| className="w-full p-2 border rounded-md outline-none bg-zinc-700 text-white" | ||
| placeholder="Enter name" |
There was a problem hiding this comment.
The placeholder text should say 'Enter email' to match the Email field label, not 'Enter name'.
Suggested change
| placeholder="Enter name" | |
| placeholder="Enter email" |
- Added Input component for standardized input fields. - Created Label component for form labels. - Developed FloatLabelInput component for floating label effect on inputs. - Implemented QRPaymentHero component for generating and displaying QR codes. - Integrated API calls for QR code generation and payment status checking. - Added user authentication features including password reset and OTP verification. - Established context for managing OTP state across components. - Enhanced user experience with loading states and error handling in forms. - Updated database schema to support new user attributes and payment features.
- Changed the container to a flex column layout for better alignment. - Updated label font size from 'text-sm' to 'text-md' for improved readability.
Collaborator
Author
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
#17 #25
Single Active Session Enforcement
User.session.mp4
Implemented a security feature that ensures a user can only stay logged in on one device at a time. When a user logs in from a new device or browser, any existing active session is automatically invalidated, forcing re-login on the previous device.
Purpose:
To enhance account security and prevent unauthorized simultaneous access to user accounts in the Calxsecure payment platform.
Key Changes: