87a2f93edb
Introduce user registration/login gated behind optional NEXT_PUBLIC_SUPABASE_* env vars (leave blank to disable — app behaves exactly as before). Adds proxy.ts for automatic cookie session refresh, requireUser() API route guards on all 7 compute-consuming routes, AuthModal (Google/GitHub OAuth + 6-digit email OTP), UserChip header component, and login_success analytics event. Identity is fully decoupled from Session/engine — no type changes. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
16 lines
533 B
TypeScript
16 lines
533 B
TypeScript
import { NextResponse } from "next/server";
|
|
import { AUTH_ENABLED } from "./config";
|
|
import { createClient } from "./server";
|
|
|
|
export async function requireUser(): Promise<
|
|
{ userId: string } | NextResponse
|
|
> {
|
|
if (!AUTH_ENABLED) return { userId: "anonymous" };
|
|
const supabase = await createClient();
|
|
const claims = await supabase.auth.getClaims();
|
|
if (claims.error || !claims.data?.claims?.sub) {
|
|
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
|
|
}
|
|
return { userId: claims.data.claims.sub };
|
|
}
|