Staging/demo -> main#147
Merged
Merged
Conversation
homepage
blogs-Profile-Dashboard
dashboardUI
productionFix
redirect
Github OAuth
authRedirect
githubOAuth#
productionPushing
onboardingProfileFix
eventsPage | Timer
notFound | SEO
Feature/onboarding
Fix/UI tweaks
Blockers fixed: - Replace hand-rolled JWT signing (createServiceRoleJwt/crypto) with official Supabase service-role SDK client in app/api/profile/route.ts - Sanitize .env.example — all real secrets replaced with placeholder strings; add SUPABASE_SERVICE_ROLE_KEY placeholder (replaces AUTH_JWT_SECRET for admin use) - Restore .env*.example to .gitignore to prevent future secret leaks - Add .cursor and .vscode to .gitignore (IDE configs should not be committed) Critical fixes: - Remove internal HTTP loopback in app/dashboard/layout.tsx; use direct Supabase admin client call to profiles table instead - Remove dependency on NEXT_PUBLIC_SUPABASE_URL for server admin ops; server-side admin access now uses SUPABASE_SERVICE_ROLE_KEY exclusively Both app/api/profile/route.ts and app/dashboard/layout.tsx now share the same getAdminClient() pattern using createClient() from @supabase/supabase-js.
fix: address all security and architecture issues from PR #89 review
- Replaced `createClientComponentClient` with `createClient` across various components for improved Supabase integration. - Added new analytics events for dashboard interactions, including `DASHBOARD_VIEWED` and `DASHBOARD_ACTION_CLICKED`. - Updated `.env.example` to clarify PostHog host options for EU and US regions. - Improved error handling and path sanitization in the authentication callback logic.
Resolve conflicts in dashboard layout (profiles admin check from dev) and .env.example (combine local Supabase vars with PostHog docs).
- Replaced `createMiddlewareClient` with `createServerClient` for improved session handling. - Enhanced cookie management by implementing custom `getAll` and `setAll` methods. - Updated session retrieval to use `getUser` instead of `getSession` for better user context.
- Rewrite app/auth/callback/route.ts:
- Remove duplicate createRouteHandlerClient call (was causing 500)
- Remove response variable used before initialization
- Initialize response before createServerClient so setAll cookies
can write to it correctly
- Add sanitizeNextPath() to prevent open-redirect via ?next param
- Remove all debug console.log statements
- middleware.ts: no changes needed (already uses createServerClient
from @supabase/ssr with getUser() — correct pattern per issue #128)
Fixes #128, closes #86
fix(auth): resolve GitHub OAuth redirect loop and 500 error [hotfix #128]
- Moved the `getAuthorName` function to a dedicated location for better readability and maintainability. - Updated `OnboardButton` to use a ref for the Supabase client, improving performance. - Enhanced `OnboardProfileForm` with analytics tracking for onboarding events. - Improved PostHog initialization logic in `PostHogProvider` to prevent redundant initializations. - Added cookie management functions in middleware to handle Supabase auth cookies more effectively.
…ItWorks feat(landing): AboutSection + HowItWorksSection (#125)
Fix/UI tweaks
Resolve conflicts in auth callback route and package-lock.json.
…ice role key; refactor DashboardLayout to use server Supabase client directly.
* Resolve navbar accessibility and responsive layout issues * Refine hero section layout across supported breakpoints * Update navbar and hero-section documentation * Verify behavior at 375px, 768px, 1024px, 1280px, and 1440px
fix(landing): responsive QA — navbar accessibility + hero layout 375px–1440px — closes #117
- Added error tracking for onboarding failures in OnboardProfileForm. - Updated PostHogProvider to ensure proper user identity synchronization and initialization. - Improved session validation in submit-project page to redirect unauthenticated users. - Documented new analytics events for onboarding failures and errors in analytics.md. - Enhanced middleware to handle Supabase user retrieval errors more effectively.
…e client usage in profile API; enhance error handling in DashboardLayout for profile fetching; add profiles table with RLS policies in schema.sql.
Update project configuration and dependencies
…ce-role Fix/supabase service role
…lopers-ContactUs [Landing] ForTeams + ForDevelopers + ContactUs sections — complete the landing page (#126)
Fix/UI tweaks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.