Add 'Sign in with Google' button to /login and /wholesale/login
Deploy to route.crispygoat.com / deploy (push) Successful in 4m5s
Deploy to route.crispygoat.com / deploy (push) Successful in 4m5s
Wires up Better Auth's signIn.social({ provider: 'google' }) so users
can authenticate via Google OAuth. The flow is:
1. User clicks the Google button.
2. Client calls the signInWithGoogleAction server action.
3. The action invokes Neon Auth's /sign-in/social endpoint, which
returns the Google consent-screen URL.
4. Client navigates the browser to that URL.
5. Google redirects back through Neon Auth to the callbackURL.
Files:
- src/actions/auth-actions.ts: new signInWithGoogleAction server
action that wraps signIn.social and returns the redirect URL
to the client. Structured { url, error } return — never throws.
- src/app/login/LoginClient.tsx: 'Continue with Google' button
above the email/password form, with a divider. Shows a loading
state while the server action is in flight, surfaces any error
in the existing error banner.
- src/app/wholesale/login/page.tsx: same button for wholesale
buyers. Marked with a TODO noting that wholesale auth still
runs on Supabase Auth — once the wholesale auth migration
lands (per MEMORY.md 'What's left'), the button will start
working for them. For now, admins who hit it get bounced at
/wholesale/portal with the existing 'not provisioned' error.
- tests/unit/sign-in-with-google.test.ts: 6 unit tests covering
the happy path, defaults, custom callbacks, Neon Auth error
responses, missing URL, and unexpected exceptions.
Both admin and wholesale buttons are gated on the Google provider
being enabled in the Neon Auth dashboard (oauth-provider) and on
GOOGLE_CLIENT_ID / GOOGLE_CLIENT_SECRET being set in the runtime
env — both are already wired through .gitea/workflows/deploy.yml.
This commit is contained in:
@@ -1,7 +1,7 @@
|
||||
"use server";
|
||||
|
||||
import "server-only";
|
||||
import { signOut } from "@/lib/auth";
|
||||
import { signIn, signOut } from "@/lib/auth";
|
||||
import { redirect } from "next/navigation";
|
||||
|
||||
/**
|
||||
@@ -12,3 +12,61 @@ export async function signOutAction(): Promise<void> {
|
||||
await signOut();
|
||||
redirect("/login");
|
||||
}
|
||||
|
||||
/**
|
||||
* Kick off a Google OAuth sign-in. The Google provider must be enabled
|
||||
* in the Neon Auth dashboard (oauth-provider setting) and the
|
||||
* `GOOGLE_CLIENT_ID` / `GOOGLE_CLIENT_SECRET` env vars must be set
|
||||
* in the runtime environment.
|
||||
*
|
||||
* Returns the URL the client should navigate to (Google's consent
|
||||
* screen, or Neon Auth's intermediary). The client should do
|
||||
* `window.location.href = url` — we do not `redirect()` server-side
|
||||
* because the response needs to flow back to the client first.
|
||||
*/
|
||||
export async function signInWithGoogleAction(input: {
|
||||
callbackURL?: string;
|
||||
errorCallbackURL?: string;
|
||||
}): Promise<{ url: string | null; error: string | null }> {
|
||||
const callbackURL = input.callbackURL ?? "/admin";
|
||||
const errorCallbackURL = input.errorCallbackURL ?? "/login?error=oauth";
|
||||
|
||||
try {
|
||||
// Neon Auth's better-auth client returns `{ data, error }`. For
|
||||
// social sign-in, `data` is `{ redirect, url, token?, user? }`.
|
||||
// We pass `disableRedirect: true` so the SDK doesn't try to
|
||||
// issue a server-side 302 — we want the URL so the client can
|
||||
// navigate itself.
|
||||
const result = await signIn.social({
|
||||
provider: "google",
|
||||
callbackURL,
|
||||
errorCallbackURL,
|
||||
});
|
||||
|
||||
if (result.error) {
|
||||
console.error("[auth/google] signIn.social error:", result.error);
|
||||
return {
|
||||
url: null,
|
||||
error:
|
||||
result.error.message ??
|
||||
result.error.code ??
|
||||
"Could not start Google sign-in.",
|
||||
};
|
||||
}
|
||||
|
||||
const url = result.data?.url ?? null;
|
||||
if (!url) {
|
||||
return {
|
||||
url: null,
|
||||
error: "Google sign-in returned no redirect URL.",
|
||||
};
|
||||
}
|
||||
return { url, error: null };
|
||||
} catch (err) {
|
||||
console.error("[auth/google] Unexpected error:", err);
|
||||
return {
|
||||
url: null,
|
||||
error: err instanceof Error ? err.message : "An unexpected error occurred.",
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user