Skip to content

feat: 添加 Supabase JWT 认证#5

Merged
bbruceyuan merged 18 commits intoApeCodeAI:masterfrom
luojiyin1987:feat/supabase-auth
Jan 13, 2026
Merged

feat: 添加 Supabase JWT 认证#5
bbruceyuan merged 18 commits intoApeCodeAI:masterfrom
luojiyin1987:feat/supabase-auth

Conversation

@luojiyin1987
Copy link
Copy Markdown
Contributor

@luojiyin1987 luojiyin1987 commented Jan 12, 2026

概述

实现基于 Supabase 的用户认证系统,前端使用 @supabase/supabase-js 登录获取 JWT,后端 FastAPI 进行 JWT 校验。

架构

┌─────────────┐                    ┌─────────────┐
│  Next.js    │                    │  FastAPI    │
│  Frontend   │                    │  Backend    │
└──────┬──────┘                    └──────┬──────┘
       │ 1. Supabase 登录                 │
       │    getAccessToken()              │
       │ 2. Authorization: Bearer <jwt>   │
       │    ─────────────────────────────→│ 3. JWT 校验
       │                                  │ 4. 业务逻辑
       │←─────────────────────────────────│

变更内容

Backend

  • ✅ 添加 python-jose 依赖
  • ✅ 实现 JWT 验证中间件 / 依赖函数 (auth.py)
  • ✅ 添加 /auth/me 端点(获取当前用户信息)
  • ✅ 添加 /auth/check 端点(检查认证状态)
  • ✅ 配置 Supabase JWT Secret(环境变量)
  • ✅ 编写认证相关测试(9 个测试用例全部通过)

Frontend

  • ✅ 安装 @supabase/supabase-js
  • ✅ 配置 Supabase 客户端(环境变量)
  • ✅ 创建登录组件(GitHub/Google OAuth)
  • ✅ 实现登录状态管理(AuthContext)
  • ✅ API 客户端自动注入 Bearer Token(authFetch)
  • ✅ 添加 Protected Route 包装器(AuthProvider)
  • ✅ 登录/登出 UI(LoginDialog + UserMenu)

环境变量

# backend/.env
SUPABASE_JWT_SECRET=your-jwt-secret-here
SUPABASE_URL=https://xxx.supabase.co

# web/.env.local
NEXT_PUBLIC_SUPABASE_URL=https://xxx.supabase.co
NEXT_PUBLIC_SUPABASE_ANON_KEY=your-anon-key

测试

  • 后端 9 个测试用例全部通过
  • 支持 GitHub/Google OAuth 登录

Closes #4

@luojiyin1987
backend: add python-jose for JWT verification
f39640d
@luojiyin1987
backend: add JWT auth module with Supabase verification
d57b2bc
@luojiyin1987
backend: add auth routes (/me, /check endpoints)
a80eba5
@luojiyin1987
backend: add auth tests (9 test cases)
2c156c7
@luojiyin1987
backend: register auth router in API main
d577553
@luojiyin1987
backend: update uv lock file
e26cbc5
@luojiyin1987
web: add @supabase/supabase-js dependency
bcf6f37
@luojiyin1987
web: add Supabase client configuration
61f2a35
@luojiyin1987
web: add AuthContext for global auth state management
c0b6497
@luojiyin1987
web: add LoginDialog and UserMenu components
86034bb
@luojiyin1987
web: add OAuth callback route handler
19e612d
@luojiyin1987
web: wrap app with AuthProvider in layout
895237e
@luojiyin1987
web: update Header with login state and UserMenu
edafb84
@luojiyin1987
web: add authFetch helper and authApi for authenticated requests
42f76e2
@luojiyin1987
web: update package-lock.json
e64cc36
@luojiyin1987
docs: add Supabase auth configuration guide
5daf63b
@vercel
Copy link
Copy Markdown

vercel Bot commented Jan 12, 2026

@luojiyin1987 is attempting to deploy a commit to the bbruceyuan's projects Team on Vercel.

A member of the Team first needs to authorize it.

@luojiyin1987
Copy link
Copy Markdown
Contributor Author

luojiyin1987 commented Jan 12, 2026

我还没做详细测试

@luojiyin1987
Copy link
Copy Markdown
Contributor Author

luojiyin1987 commented Jan 13, 2026
edited
Loading

现在调通的 邮箱登录和 GitHub 账号登录。 剩下的事配置supabase 和对应平台的 appid 密钥和回调地址的事 。 @bbruceyuan

由于我没外币信用卡,没验证google 账号登录。
image
image

@luojiyin1987
Copy link
Copy Markdown
Contributor Author

luojiyin1987 commented Jan 13, 2026

现在前端还有在 dev 模式会报错

## Error Type
Console AuthPKCECodeVerifierMissingError

## Error Message
PKCE code verifier not found in storage. This can happen if the auth flow was initiated in a different browser or device, or if the storage was cleared. For SSR frameworks (Next.js, SvelteKit, etc.), use @supabase/ssr on both the server and client to store the code verifier in cookies.

Next.js version: 16.1.1 (Turbopack)

因为在 Next.js 开发模式下,useEffect 可能会被执行两次(React Strict Mode),而 exchangeCodeForSession 会消耗一次性 code_verifier。第二次再调用就会报 PKCE code verifier not found,但登录其实已经成功了。

加“一次性防抖/检查”只是为了:

消掉开发态的红色报错噪音
避免重复请求和潜在的边界竞态
让日志更干净
不是必须的;如果你能接受这个 dev 报错,可以不改。
可选做法:

不改,忽略开发态报错(生产不会重复执行)
加一次性标记(sessionStorage)或先检测已有 session 再 exchange
关闭 React Strict Mode(不推荐)

@luojiyin1987
feat: email login
cd1dcb5 
Signed-off-by: luojiyin <luojiyin@hotmail.com>
@luojiyin1987
doc: env and env.local file config
c4f2a90 
Signed-off-by: luojiyin <luojiyin@hotmail.com>
@bbruceyuan bbruceyuan merged commit 6b9b411 into ApeCodeAI:master Jan 13, 2026
0 of 2 checks passed
@luojiyin1987 luojiyin1987 deleted the feat/supabase-auth branch January 13, 2026 15:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

feat: 添加 Supabase JWT 认证

2 participants

@luojiyin1987 @bbruceyuan