Open
Conversation
There was a problem hiding this comment.
Pull request overview
Adds an authentication flow centered on Supabase + Google OAuth, wiring up new backend auth endpoints and updating the frontend login link to initiate the flow.
Changes:
- Updated the Svelte login page to route sign-in through
/api/auth/google. - Introduced backend
AuthController,IAuthService, andAuthServicefor OAuth callback handling and token→user lookup. - Added JWT bearer authentication/authorization middleware registration and updated CORS policy naming.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 9 comments.
Show a summary per file
| File | Description |
|---|---|
| frontend/src/routes/login/+page.svelte | Points the login CTA to the new Google auth endpoint. |
| backend/TRFSAE.MemberPortal.API/Controllers/AuthController.cs | Implements Google OAuth redirect, callback exchange, /me, logout, and a temporary test endpoint. |
| backend/TRFSAE.MemberPortal.API/Interfaces/IAuthService.cs | Defines auth service contract used by the controller. |
| backend/TRFSAE.MemberPortal.API/Services/AuthService.cs | Implements token validation and user lookup from a Supabase JWT. |
| backend/TRFSAE.MemberPortal.API/Program.cs | Registers auth service, configures JWT bearer auth, enables UseAuthentication(), and renames CORS policy. |
| backend/TRFSAE.MemberPortal.API/Enums.cs | Adds Role.Unverified enum value. |
Comments suppressed due to low confidence (1)
backend/TRFSAE.MemberPortal.API/Program.cs:82
- CORS policy allows only
http://localhost:3000, but the dev frontend is configured to run onhttp://127.0.0.1:3000(seefrontend/vite.config.ts). If the frontend ever calls the API directly (without the dev proxy) this will fail CORS with credentials. Consider allowing both hosts in dev and/or moving allowed origins to configuration.
options.AddPolicy("AllowSvelteApp", policy =>
{
policy.WithOrigins("http://localhost:3000")
.AllowAnyHeader()
.AllowAnyMethod()
.AllowCredentials();
});
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+44
to
+50
| var handler = new JwtSecurityTokenHandler(); | ||
| var jwtToken = handler.ReadJwtToken(token); | ||
| var userIdClaim = jwtToken.Claims.FirstOrDefault(c => c.Type == "sub")?.Value; | ||
| if (userIdClaim == null) return null; | ||
|
|
||
| var userDto = await _userService.GetUserAsync(Guid.Parse(userIdClaim)); | ||
| if (userDto == null) return null; |
Comment on lines
+69
to
+70
| // Sync functionality removed to avoid changes outside auth | ||
| await Task.CompletedTask; |
Comment on lines
+43
to
+58
| var supabaseUrl = builder.Configuration["SupabaseUrl"]; | ||
| var jwtSecret = builder.Configuration["SupabaseJwtSecret"]; | ||
|
|
||
| var url = builder.Configuration["SupabaseUrl"] ?? throw new InvalidOperationException("Supabase URL is not configured."); | ||
| var key = builder.Configuration["SupabaseKey"] ?? throw new InvalidOperationException("Supabase Key is not configured."); | ||
| return new Client(url, key, options); | ||
| }); | ||
| options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters | ||
| { | ||
| ValidateIssuer = true, | ||
| ValidIssuer = $"{supabaseUrl}/auth/v1", | ||
|
|
||
| ValidateAudience = false, | ||
|
|
||
| ValidateLifetime = true, | ||
|
|
||
| ValidateIssuerSigningKey = true, | ||
| IssuerSigningKey = new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey( | ||
| System.Text.Encoding.UTF8.GetBytes(jwtSecret!) | ||
| ), |
Comment on lines
+24
to
+25
| var callbackUrl = "http://127.0.0.1:5096/api/auth/callback"; //change to actual auth frontend url when deployed | ||
| var verifierBytes = new byte[32]; |
Comment on lines
+83
to
+86
| catch (Exception ex) | ||
| { | ||
| return StatusCode(500, "Authentication failed: " + ex.Message); | ||
| } |
Comment on lines
+22
to
+31
| public bool ValidateSupabaseToken(string token) | ||
| { | ||
| if (string.IsNullOrEmpty(token)) return false; | ||
|
|
||
| try | ||
| { | ||
| var handler = new JwtSecurityTokenHandler(); | ||
| var jwtToken = handler.ReadJwtToken(token); | ||
| return jwtToken.ValidTo > DateTime.UtcNow; | ||
| } |
Comment on lines
57
to
+61
| Admin, | ||
| SystemLead, | ||
| SubsystemLead, | ||
| Member | ||
| Member, | ||
| Unverified |
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
implemented auth