fix: Resolve Supabase auth loop and implement secure authentication system

This commit fixes the persistent login/redirect loop issue and implements a robust authentication system for the Docker/localhost environment. Key Changes: - Environment-aware cookie configuration in supabase-ssr.ts - New AuthLoader component to prevent content flashing during auth checks - Cleaned up login page client-side auth logic to prevent redirect loops - Updated dashboard to use AuthLoader for smooth authentication experience Technical Details: - Cookies now use environment-appropriate security settings - Server-side auth verification eliminates client-side timing issues - Loading states provide better UX during auth transitions - Unified authentication pattern across all protected pages Fixes: - Dashboard no longer flashes before auth redirect - Login page loads cleanly without auth checking loops - Cookie configuration works correctly in Docker localhost - No more redirect loops between login and dashboard pages 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-07-12 21:40:41 -06:00
parent 83470449e8
commit 57b23a304c
4 changed files with 300 additions and 107 deletions
--- a/src/lib/supabase-ssr.ts
+++ b/src/lib/supabase-ssr.ts
@@ -6,13 +6,19 @@ export function createSupabaseServerClient(
  cookies: AstroCookies,
  cookieOptions?: CookieOptions
 ) {
-  // Default cookie options for Docker/localhost environment
+  // Environment-aware cookie configuration
+  const isProduction = import.meta.env.PROD || process.env.NODE_ENV === 'production';
+  
+  // For Docker/localhost, always use non-secure cookies
+  // In production, this will be overridden to use secure cookies
+  const useSecureCookies = isProduction;
+  
  const defaultCookieOptions: CookieOptions = {
-    secure: false,              // localhost is non-HTTPS in Docker
-    sameSite: 'lax',            // allow cross-site cookie on navigation  
-    path: '/',                  // root-wide access
-    httpOnly: true,             // JS-inaccessible for security
-    maxAge: 60 * 60 * 24 * 7,   // 7 days
+    secure: useSecureCookies,       // secure in production, non-secure for localhost
+    sameSite: 'lax',               // allow cross-site cookie on navigation  
+    path: '/',                     // root-wide access
+    httpOnly: true,                // JS-inaccessible for security
+    maxAge: 60 * 60 * 24 * 7,      // 7 days
  };

  return createServerClient<Database>(