Skip to content

feat: implement magic link authentication#3

Merged
AlexVOiceover merged 19 commits intomainfrom
feature/ap-14-magic-link-authentication
Dec 26, 2025
Merged

feat: implement magic link authentication#3
AlexVOiceover merged 19 commits intomainfrom
feature/ap-14-magic-link-authentication

Conversation

@AlexVOiceover
Copy link
Contributor

@AlexVOiceover AlexVOiceover commented Dec 26, 2025
edited
Loading

Summary

  • Add complete magic link authentication flow with JWT token generation and verification
  • Create login, verify, and logout API endpoints for passwordless authentication
  • Implement session middleware to protect routes and expose user session data
  • Add staff table lookup in Airtable to differentiate between staff and student users
  • Create protected admin route with session-based access control

Changes

  • Auth module (src/lib/server/auth.ts): JWT token generation with 15-minute expiry using AUTH_SECRET
  • Login endpoint (src/routes/api/auth/login/+server.ts): Validates email against Staff/Apprentices tables, determines user type
  • Verify endpoint (src/routes/api/auth/verify/+server.ts): Verifies JWT, creates 90-day session cookie
  • Logout endpoint (src/routes/api/auth/logout/+server.ts): Clears session cookie
  • Session middleware (src/hooks.server.ts): Parses session cookie and exposes user data to routes
  • Protected routes: Admin page with server-side auth check
  • Airtable config: Centralized table/field names in src/lib/airtable/config.ts

Test plan

  • Verify login with valid staff email returns success
  • Verify login with valid apprentice email returns success
  • Verify login with unknown email returns 401
  • Verify magic link token creates session cookie
  • Verify expired token is rejected
  • Verify logout clears session
  • Verify admin route redirects unauthenticated users
  • Run npm run test to confirm auth.spec.ts passes

Related

Closes AP-14

🤖 Generated with Claude Code

AlexVOiceover and others added 19 commits December 23, 2025 15:24
@AlexVOiceover
docs: updated report
1ff4545
@AlexVOiceover
reafct: consolidated imports
33d8466
@AlexVOiceover
feat: created findUserByEmail
a83e5b1
@AlexVOiceover
feat: added export finUserEmail to sveltekit wrapper
0f9e191
@AlexVOiceover
refact: moved table and field names to config.ts
d8758eb
@AlexVOiceover
docs: updated report. clarify manual test script names
1239852
@AlexVOiceover
docs: updated report
dc36752
@AlexVOiceover
test: implemented auth.spec.ts
81f43fc
@AlexVOiceover
feat: created login endpoint +server.ts
a9be111
@AlexVOiceover
feat: created endpoint to verify
81fddce
@AlexVOiceover
feat: implemented logout endpoint
c9fa9a3
@AlexVOiceover @claude
feat: add staff table lookup for authentication
3e07d8b 
- Add Staff table and field IDs to config.ts
- Update findUserByEmail to check Staff table first, then Apprentices
- Document Staff table schema in docs/schema.md
- Add check-staff-members.ts script for manual testing

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@AlexVOiceover
docs: updated report
2a0df4b
@AlexVOiceover
docs: updated report and readme
c596302
@AlexVOiceover @claude
feat: add session middleware for authentication
542a1c9 
- Create hooks.server.ts to parse session cookie on every request
- Add user type to App.Locals interface in app.d.ts
- Session data (email, type) now available via event.locals.user

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@AlexVOiceover @claude
feat: add user session display and protected admin route
fbea131 
Add layout server to pass user data to pages, update home page to show
login status with logout link, and create staff-only admin route with
access control. Also document authentication testing flow in README.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@AlexVOiceover @claude
fix: use resolve() for navigation links to satisfy ESLint
608887d 
🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@AlexVOiceover @claude
chore: update package-lock.json to npm 11 format
19586f7 
🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@AlexVOiceover @claude
fix: pass data prop to page component test
f68e011 
🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@AlexVOiceover AlexVOiceover merged commit 0ae301c into main Dec 26, 2025
2 checks passed
@AlexVOiceover AlexVOiceover deleted the feature/ap-14-magic-link-authentication branch January 7, 2026 21:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@AlexVOiceover