Skip to content

feat: refactor authentication flow and update user model with session…#26

Merged
VisibleNasir merged 3 commits into
mainfrom
MerchantQRCode
Nov 2, 2025
Merged

feat: refactor authentication flow and update user model with session…#26
VisibleNasir merged 3 commits into
mainfrom
MerchantQRCode

Conversation

@VisibleNasir

Copy link
Copy Markdown
Collaborator

#17 #25

Single Active Session Enforcement

User.session.mp4

Implemented a security feature that ensures a user can only stay logged in on one device at a time. When a user logs in from a new device or browser, any existing active session is automatically invalidated, forcing re-login on the previous device.

Purpose:

To enhance account security and prevent unauthorized simultaneous access to user accounts in the Calxsecure payment platform.

Key Changes:

  • Added session tracking via unique device/session identifiers stored in the database.
  • On login, the system checks for any existing active sessions for the user:
  • If found → the previous session is invalidated.
  • The new session is issued and stored as the active one.
  • Integrated logic into authentication middleware to validate the active session token before granting access.
  • Updated logout and token refresh workflows to align with the new single-session model.

@VisibleNasir VisibleNasir requested a review from Copilot October 31, 2025 13:31
@VisibleNasir VisibleNasir self-assigned this Oct 31, 2025

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR implements session token-based authentication to handle concurrent logins and adds new user fields to the schema. The main changes include adding sessionToken and image fields to the User model, refactoring the authentication logic to generate and validate session tokens, and updating the sign-up/sign-in pages.

Key changes:

  • Session token generation and validation to detect logins from different devices
  • Addition of sessionToken and image fields to the User model
  • Refactored authentication callbacks with improved type safety
  • Cleared existing migration files and added them to .gitignore

Reviewed Changes

Copilot reviewed 23 out of 30 changed files in this pull request and generated 8 comments.

Show a summary per file
File Description
packages/db/prisma/schema.prisma Added sessionToken and image fields to User model
packages/db/prisma/seed.ts Added sessionToken generation for seeded users and used AuthType enum
packages/db/.gitignore Added migrations directory to gitignore
packages/db/.env.example Updated database connection string
apps/user-app/app/lib/auth.ts Implemented session token generation/validation logic and refactored auth callbacks
apps/user-app/app/auth/signup/page.tsx Added new form fields but signup calls signIn instead of creating user
apps/user-app/app/auth/signin/page.tsx Updated UI labels and placeholders
apps/user-app/app/api/auth/[...nextauth]/route.ts Fixed import path
apps/user-app/.env.example Removed unused HDFC and AXIS redirect URLs
apps/merchant-app/app/layout.tsx Formatting and comment updates
packages/db/prisma/migrations/* All migration files cleared

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread apps/user-app/app/auth/signup/page.tsx Outdated
Comment thread apps/user-app/app/auth/signup/page.tsx Outdated
Comment thread apps/user-app/app/auth/signup/page.tsx Outdated
value={email}
onChange={(e) => setEmail(e.target.value)}
className="w-full p-2 border rounded-md outline-none bg-zinc-700 text-white"
placeholder="Enter name"

Copilot AI Oct 31, 2025

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The placeholder text should say 'Enter email' to match the Email field label, not 'Enter name'.

Suggested change
placeholder="Enter name"
placeholder="Enter email"

Copilot uses AI. Check for mistakes.
Comment thread apps/user-app/app/auth/signup/page.tsx
Comment thread apps/user-app/app/lib/auth.ts Outdated
Comment thread apps/user-app/app/lib/auth.ts Outdated
Comment thread packages/db/.gitignore Outdated
Comment thread apps/user-app/app/lib/auth.ts Outdated
- Added Input component for standardized input fields.
- Created Label component for form labels.
- Developed FloatLabelInput component for floating label effect on inputs.
- Implemented QRPaymentHero component for generating and displaying QR codes.
- Integrated API calls for QR code generation and payment status checking.
- Added user authentication features including password reset and OTP verification.
- Established context for managing OTP state across components.
- Enhanced user experience with loading states and error handling in forms.
- Updated database schema to support new user attributes and payment features.
@VisibleNasir VisibleNasir added bug Something isn't working enhancement New feature or request labels Nov 2, 2025
- Changed the container to a flex column layout for better alignment.
- Updated label font size from 'text-sm' to 'text-md' for improved readability.
@VisibleNasir

Copy link
Copy Markdown
Collaborator Author

Solving #17 #26

QR.and.Bills-1762095247760.mp4

@VisibleNasir VisibleNasir merged commit 825189e into main Nov 2, 2025
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

bug Something isn't working enhancement New feature or request

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants