makearmy/makearmy-app
1
0
Fork 0
Code Issues 11 Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: makearmy:main
Branches Tags
makearmy:main
makearmy:prod
makearmy:v0.1.1
makearmy:v0.0.1
makearmy:v0.1.0
...
compare: makearmy:v0.0.1
Branches Tags
makearmy:main
makearmy:prod
makearmy:v0.1.1
makearmy:v0.0.1
makearmy:v0.1.0

10 commits
main ... v0.0.1

Author SHA1 Message Date
makearmy
ba77186161 chore(release): 0.0.1 2025-10-16 09:32:02 -04:00
makearmy
647c58b3e3 env update for user registration roles 2025-10-04 08:45:49 -04:00
makearmy
c18ca5f558 data restructure for registration 2025-10-03 07:32:08 -04:00
makearmy
d610379337 registration reprint 2025-10-03 07:21:49 -04:00
makearmy
fba693f761 removed provider from payload 2025-10-03 07:15:00 -04:00
makearmy
7502c3e4c1 registration emergency fix 2025-10-03 07:11:42 -04:00
makearmy
fd0fb78699 a comma 2025-10-02 21:02:15 -04:00
makearmy
886059f5e2 debug route 2025-10-02 20:01:57 -04:00
makearmy
a77db7e781 registration requires email 2025-10-02 18:36:50 -04:00
makearmy
6743c0b83b sign in and register fixes for looped and forwarded pages 2025-10-02 14:21:12 -04:00
14 changed files with 297 additions and 212 deletions
Download patch file Download diff file Expand all files Collapse all files

39
.env.local
View file

@ -1,9 +1,42 @@
# Client-side (used by the dropdown fetches)
# ─────────────────────────────────────────────
# Public (used by client-side dropdown fetches)
# ─────────────────────────────────────────────
NEXT_PUBLIC_API_BASE_URL=https://forms.lasereverything.net
# Server-side (used by API routes)
# ─────────────────────────────────────────────
# Server-side Directus
# ─────────────────────────────────────────────
DIRECTUS_URL=https://forms.lasereverything.net
DIRECTUS_TOKEN_ADMIN_REGISTER=l_QqNXKpi--Dt-hHDncHyBX0eiHNYZr7
DIRECTUS_DEFAULT_ROLE=296a28bc-60ab-4251-8bef-27f6dfb67948
DIRECTUS_ROLE_MEMBER_NAME=Users
# Image Folders
# ─────────────────────────────────────────────
# Files / Folders (IDs only; no folder browsing)
# ─────────────────────────────────────────────
DIRECTUS_AVATAR_FOLDER_ID=b8ddddf8-3ee3-4380-b27e-c7a5f01deef1
# Settings — CO₂ Galvo
DX_FOLDER_GALVO_NOTES=7b04a706-754d-4302-a9a0-6c88cd8faddf
DX_FOLDER_GALVO_PHOTOS=e5535371-828a-498b-80fc-3891b6220fd4
DX_FOLDER_GALVO_SCREENS=8201e4c0-c39c-456a-bd55-1beb96642bcb
# Settings — CO₂ Gantry
DX_FOLDER_GANTRY_NOTES=926e2c1a-7907-4ef2-b778-859c6f40ba82
DX_FOLDER_GANTRY_PHOTOS=d19c4f8d-a42f-422d-b113-b89b736c34e6
DX_FOLDER_GANTRY_SCREENS=9b7d0b47-c1f4-4749-8876-2e4b52ccded0
# Settings — Fiber
DX_FOLDER_FIBER_NOTES=00eed759-480e-43cc-9de3-854dc59cca79
DX_FOLDER_FIBER_PHOTOS=54f6a9d2-bc57-41fc-8c7d-7c7d7cb9cadc
DX_FOLDER_FIBER_SCREENS=5c830975-7926-4e01-911c-2443b62d7f88
# Settings — UV
DX_FOLDER_UV_NOTES=8ca37379-7178-48b2-8670-6b8d8a880677
DX_FOLDER_UV_PHOTOS=c639360b-3116-4b5d-98da-f8b502089486
DX_FOLDER_UV_SCREENS=a84f54b1-0e92-4ea6-8fbe-37a3a74bd49c
# Projects
DX_FOLDER_PROJECTS_FILES=f264f066-5b38-4335-bb10-5b014bfa62cb
DX_FOLDER_PROJECTS_IMAGES=da11b876-2ede-4e19-ad3a-76fc9db449a8
DX_FOLDER_PROJECTS_INSTRUCTIONS=905a4259-0c8e-489b-b810-c27186a2f266

87
app/api/auth/login/route.ts
View file

@ -3,71 +3,72 @@ import { NextRequest, NextResponse } from "next/server";
import { emailForUsername, loginDirectus } from "@/lib/directus";
export const runtime = "nodejs";
const secure = process.env.NODE_ENV === "production";
/**
* Accepts any of:
* - { identifier: string, password: string } // email OR username in `identifier`
* - { email: string, password: string }
* - { username: string, password: string }
*
* On success: sets HttpOnly "ma_at" cookie and returns { ok: true }.
*/
export async function POST(req: NextRequest) {
try {
const body = await req.json().catch(() => ({} as any));
const identifier =
String(body?.identifier ?? body?.email ?? body?.username ?? "").trim();
const password = String(body?.password ?? "").trim();
let identifier = String(
body?.identifier ?? body?.email ?? body?.username ?? ""
).trim();
if (!identifier || !password) {
return NextResponse.json({ error: "Missing credentials" }, { status: 400 });
}
// Resolve to an email for Directus login:
// - If identifier looks like an email, use it directly.
// - Otherwise treat it as a username and look up the email.
let email = identifier.includes("@") ? identifier : null;
if (!email) {
email = await emailForUsername(identifier);
if (!email) {
return NextResponse.json({ error: "User not found" }, { status: 404 });
// 1) Try Directus directly with the identifier (email OR username)
// Directus expects the field name "email" for both.
const tryIds: string[] = [identifier];
// 2) Fallback: if it doesnt look like an email, try the canonical email (if any)
if (!identifier.includes("@")) {
try {
const em = await emailForUsername(identifier); // returns string|null
if (em && em !== identifier) tryIds.push(em);
} catch {
// ignore lookup errors, we'll just rely on the first attempt
}
}
// Login against Directus; helper returns { access_token, expires } (root or .data)
const data = await loginDirectus(email, password);
const access =
data?.access_token ?? data?.data?.access_token ?? null;
const expiresSec =
data?.expires ?? data?.data?.expires ?? null;
if (!access) {
return NextResponse.json(
{ error: "Invalid response from auth provider" },
{ status: 502 }
);
let tokens: any = null;
let lastErr: any = null;
for (const id of tryIds) {
try {
tokens = await loginDirectus(id, password); // { access_token, refresh_token, expires? }
if (tokens) break;
} catch (e) {
lastErr = e;
}
}
if (!tokens?.access_token) {
const msg =
lastErr?.response?.data?.errors?.[0]?.message ||
lastErr?.response?.data?.error ||
lastErr?.message ||
"Invalid credentials.";
return NextResponse.json({ error: msg }, { status: 401 });
}
// Set HttpOnly cookies for your middleware
const maxAge = 60 * 60; // 1h
const res = NextResponse.json({ ok: true });
// Use provider TTL if present, else fallback to 8h
const maxAge =
typeof expiresSec === "number" ? Math.max(0, Math.floor(expiresSec)) : 60 * 60 * 8;
res.cookies.set({
name: "ma_at",
value: access,
res.cookies.set("ma_at", tokens.access_token, {
path: "/",
httpOnly: true,
sameSite: "lax",
secure,
path: "/",
maxAge,
});
if (tokens.refresh_token) {
res.cookies.set("ma_rt", tokens.refresh_token, {
path: "/",
httpOnly: true,
sameSite: "lax",
secure,
maxAge: 60 * 60 * 24 * 30, // 30d
});
}
return res;
} catch (err: any) {
const message =

180
app/api/auth/register/route.ts
View file

@ -1,140 +1,114 @@
// app/api/auth/register/route.ts
import { NextResponse } from "next/server";
import { loginDirectus } from "@/lib/directus";
export const runtime = "nodejs";
const DIRECTUS = (process.env.DIRECTUS_URL || process.env.NEXT_PUBLIC_API_BASE_URL || "").replace(/\/$/, "");
// Base URL (no trailing slash)
const API = (process.env.NEXT_PUBLIC_API_BASE_URL || process.env.DIRECTUS_URL || "").replace(/\/$/, "");
// Registration MUST use only the dedicated admin-register token. No fallbacks.
const SERVICE_TOKEN = process.env.DIRECTUS_TOKEN_ADMIN_REGISTER || "";
/**
* Accept either:
* - DIRECTUS_SERVICE_TOKEN (generic name), or
* - DIRECTUS_TOKEN_ADMIN_REGISTER (your current env)
*/
const SERVICE_TOKEN =
process.env.DIRECTUS_SERVICE_TOKEN ||
process.env.DIRECTUS_TOKEN_ADMIN_REGISTER ||
"";
const DEFAULT_ROLE = process.env.DIRECTUS_DEFAULT_ROLE || undefined;
const SECURE = process.env.NODE_ENV === "production";
// Auto login right after signup (default: true)
const AUTO_LOGIN = (process.env.SIGNUP_AUTO_LOGIN ?? "1") !== "0";
const secure = process.env.NODE_ENV === "production";
function bad(message: string, status = 400, extra: Record<string, any> = {}) {
return NextResponse.json({ error: message, ...extra }, { status });
function bad(message: string, status = 400) {
return NextResponse.json({ error: message }, { status });
}
// Resolve the role id for the role named **Users**. No fallbacks.
async function getUsersRoleId(): Promise<string> {
if (!API) throw new Error("DIRECTUS_URL / NEXT_PUBLIC_API_BASE_URL is not set");
if (!SERVICE_TOKEN) throw new Error("DIRECTUS_SERVICE_TOKEN / DIRECTUS_TOKEN_ADMIN_REGISTER is not set");
const EMAIL_RE = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
const r = await fetch(`${API}/roles?filter[name][_eq]=Users&fields=id,name&limit=1`, {
headers: { Authorization: `Bearer ${SERVICE_TOKEN}`, Accept: "application/json" },
cache: "no-store",
async function directusLogin(email: string, password: string) {
const r = await fetch(`${DIRECTUS}/auth/login`, {
method: "POST",
headers: { "Content-Type": "application/json", Accept: "application/json" },
body: JSON.stringify({ email, password }),
cache: "no-store",
});
const j = await r.json().catch(() => ({}));
if (!r.ok) {
const reason = j?.errors?.[0]?.message || r.statusText;
throw new Error(`Failed to query role "Users": ${reason}`);
}
const id = j?.data?.[0]?.id ?? j?.[0]?.id;
if (!id) {
throw new Error('Role "Users" not found. Create it in Directus or check the service token permissions.');
}
return String(id);
if (!r.ok) throw new Error(j?.errors?.[0]?.message || j?.message || `Login failed (${r.status})`);
return j?.data || j;
}
export async function POST(req: Request) {
try {
if (!API) {
return bad("Server misconfiguration: DIRECTUS_URL / NEXT_PUBLIC_API_BASE_URL is not set", 500);
}
if (!SERVICE_TOKEN) {
return bad(
"Server misconfiguration: DIRECTUS_SERVICE_TOKEN / DIRECTUS_TOKEN_ADMIN_REGISTER is not set",
500,
{ hint: "Set DIRECTUS_TOKEN_ADMIN_REGISTER=<token> (or DIRECTUS_SERVICE_TOKEN) and restart the server." }
);
if (!DIRECTUS) return bad("Missing DIRECTUS_URL/NEXT_PUBLIC_API_BASE_URL", 500);
if (!SERVICE_TOKEN) return bad("Missing DIRECTUS_TOKEN_ADMIN_REGISTER", 500);
const body = await req.json().catch(() => ({} as any));
const email = String(body?.email ?? "").trim().toLowerCase();
const username = String(body?.username ?? "").trim();
const password = String(body?.password ?? "").trim();
const confirm = String(body?.confirmPassword ?? body?.confirm ?? "").trim();
if (!email || !username || !password || !confirm) return bad("All fields are required");
if (!EMAIL_RE.test(email)) return bad("Enter a valid email address");
if (password.length < 8) return bad("Password must be at least 8 characters");
if (password !== confirm) return bad("Passwords do not match");
// Optional pre-check to return a friendly 409 instead of a generic Directus error
const existsRes = await fetch(
`${DIRECTUS}/users?filter[_or][0][email][_eq]=${encodeURIComponent(email)}` +
`&filter[_or][1][username][_eq]=${encodeURIComponent(username)}` +
`&fields=id,email,username&limit=1`,
{
headers: {
Authorization: `Bearer ${SERVICE_TOKEN}`,
Accept: "application/json",
},
cache: "no-store",
}
);
const existsJson = await existsRes.json().catch(() => ({}));
if (Array.isArray(existsJson?.data) && existsJson.data.length > 0) {
return bad("Email or username already in use", 409);
}
const body = await req.json().catch(() => ({}));
const username = String(body?.username || "").trim();
const email = String(body?.email || "").trim().toLowerCase(); // optional
const password = String(body?.password || "").trim();
const first_name = String(body?.first_name || "").trim() || undefined;
const last_name = String(body?.last_name || "").trim() || undefined;
if (!username) return bad("Username is required");
if (!password || password.length < 8) return bad("Password must be at least 8 characters");
// Only accept the "Users" role
const roleId = await getUsersRoleId();
// Create the user in Directus using service token
const createPayload: Record<string, any> = {
status: "active", // change to "pending" to require email verification
role: roleId,
// Create user with sane defaults (no provider — Directus defaults to "default")
const createPayload: any = {
email,
username,
password,
status: "active",
};
if (email) createPayload.email = email;
if (first_name) createPayload.first_name = first_name;
if (last_name) createPayload.last_name = last_name;
if (DEFAULT_ROLE) createPayload.role = DEFAULT_ROLE;
const createRes = await fetch(`${API}/users`, {
const createRes = await fetch(`${DIRECTUS}/users`, {
method: "POST",
headers: {
Authorization: `Bearer ${SERVICE_TOKEN}`,
"Content-Type": "application/json",
Accept: "application/json",
},
body: JSON.stringify(createPayload),
body: JSON.stringify(createPayload), // <-- raw payload (system endpoint)
cache: "no-store",
});
const createJson = await createRes.json().catch(() => ({}));
const cj = await createRes.json().catch(() => ({}));
if (!createRes.ok) {
const reason =
createJson?.errors?.[0]?.message ||
createJson?.error ||
createRes.statusText ||
"Registration failed";
return bad("Registration failed", createRes.status, { debug: reason });
const msg = cj?.errors?.[0]?.message || cj?.message || `User create failed (${createRes.status})`;
return bad(msg, createRes.status || 500);
}
const user = createJson?.data ?? createJson;
const res = NextResponse.json({
ok: true,
user: { id: user?.id, email: user?.email, username: user?.username },
});
// Auto-login (Directus expects "email" even though it's the identifier)
const tokens = await directusLogin(email, password);
// Optional auto-login after signup
if (AUTO_LOGIN && (email || username)) {
try {
const identifier = email || username;
const auth = await loginDirectus(identifier, password);
const access = auth?.access_token ?? auth?.data?.access_token;
const expiresSec = auth?.expires ?? auth?.data?.expires;
if (access) {
const maxAge =
typeof expiresSec === "number" ? Math.max(0, Math.floor(expiresSec)) : 60 * 60 * 8;
res.cookies.set({
name: "ma_at",
value: access,
httpOnly: true,
sameSite: "lax",
secure,
path: "/",
maxAge,
});
}
} catch {
// Ignore auto-login failure; user creation succeeded.
}
const res = NextResponse.json({ ok: true, id: cj?.data?.id || null }, { status: 201 });
if (tokens?.access_token) {
res.cookies.set("ma_at", tokens.access_token, {
path: "/",
httpOnly: true,
sameSite: "lax",
secure: SECURE,
maxAge: 60 * 60, // 1h
});
}
if (tokens?.refresh_token) {
res.cookies.set("ma_rt", tokens.refresh_token, {
path: "/",
httpOnly: true,
sameSite: "lax",
secure: SECURE,
maxAge: 60 * 60 * 24 * 30, // 30d
});
}
return res;
} catch (e: any) {
return bad(e?.message || "Registration error", e?.status || 500);

17
app/api/debug/meta/route.ts Normal file
View file

@ -0,0 +1,17 @@
// app/api/debug/meta/route.ts
import { NextResponse } from "next/server";
import { promises as fs } from "fs";
export async function GET() {
let buildId = null;
try {
buildId = (await fs.readFile(process.cwd() + "/.next/BUILD_ID", "utf8")).trim();
} catch {}
return NextResponse.json({
env: process.env.NEXT_PUBLIC_ENV || null,
nodeEnv: process.env.NODE_ENV || null,
buildId,
image: process.env.IMAGE_TAG || null,
commit: process.env.COMMIT_SHA || null,
time: new Date().toISOString(),
});
}

3
app/auth/sign-in/page.tsx
View file

@ -2,6 +2,7 @@
import { cookies } from "next/headers";
import { redirect } from "next/navigation";
import SignIn from "./sign-in";
import { isJwtValid } from "@/lib/jwt";
export default async function SignInPage({
searchParams,
@ -22,7 +23,7 @@ export default async function SignInPage({
if (!reauth) {
const ck = await cookies();
const at = ck.get("ma_at")?.value;
if (at) redirect("/portal");
if (isJwtValid(at)) redirect("/portal");
}
return <SignIn nextPath={nextPath} reauth={reauth} />;

29
app/auth/sign-in/sign-in.tsx
View file

@ -20,11 +20,16 @@ export default function SignIn({ nextPath = "/portal", reauth = false }: Props)
setErr(null);
setLoading(true);
try {
const body = {
identifier: identifier.trim(),
password,
};
const res = await fetch("/api/auth/login", {
method: "POST",
credentials: "include",
headers: { "Content-Type": "application/json", Accept: "application/json" },
body: JSON.stringify({ identifier, password }),
body: JSON.stringify(body),
});
const txt = await res.text();
@ -34,7 +39,10 @@ export default function SignIn({ nextPath = "/portal", reauth = false }: Props)
} catch {}
if (!res.ok) {
throw new Error(j?.error || j?.message || `Sign-in failed (${res.status})`);
// surface server-provided message when available
const msg =
j?.error || j?.message || (res.status === 401 ? "Invalid credentials." : `Sign-in failed (${res.status})`);
throw new Error(msg);
}
// If this sign-in is being used as a re-auth step, set a short-lived 'recent auth' marker.
@ -56,6 +64,8 @@ export default function SignIn({ nextPath = "/portal", reauth = false }: Props)
[identifier, password, nextPath, router, reauth]
);
const createHref = `/auth/sign-up?next=${encodeURIComponent(nextPath)}`;
return (
<div className="mx-auto max-w-md rounded-lg border p-6 space-y-4">
<div>
@ -116,14 +126,13 @@ export default function SignIn({ nextPath = "/portal", reauth = false }: Props)
</button>
</form>
{!reauth && (
<div className="mt-2 text-center text-sm">
<span className="opacity-70">New here?</span>{" "}
<a className="underline" href="/auth/sign-up">
Create an account
</a>
</div>
)}
{/* Always show a sign-up path, even on reauth, to avoid dead-ends for first-time visitors */}
<div className="mt-2 text-center text-sm">
<span className="opacity-70">{reauth ? "Don't have an account?" : "New here?"}</span>{" "}
<a className="underline" href={createHref}>
Create an account
</a>
</div>
</div>
);
}

3
app/auth/sign-up/page.tsx
View file

@ -2,6 +2,7 @@
import { cookies } from "next/headers";
import { redirect } from "next/navigation";
import SignUp from "./sign-up";
import { isJwtValid } from "@/lib/jwt";
export default async function SignUpPage({
searchParams,
@ -10,7 +11,7 @@ export default async function SignUpPage({
}) {
const ck = await cookies();
const at = ck.get("ma_at")?.value;
if (at) redirect("/portal");
if (isJwtValid(at)) redirect("/portal");
const sp = searchParams ?? {};
const nextParam = Array.isArray(sp.next) ? sp.next[0] : sp.next;

90
app/auth/sign-up/sign-up.tsx
View file

@ -6,11 +6,14 @@ import { useRouter } from "next/navigation";
type Props = { nextPath?: string };
const EMAIL_RE = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
export default function SignUp({ nextPath = "/portal" }: Props) {
const router = useRouter();
const [username, setUsername] = useState("");
const [email, setEmail] = useState("");
const [username, setUsername] = useState("");
const [password, setPassword] = useState("");
const [confirmPassword, setConfirmPassword] = useState("");
const [showPassword, setShowPassword] = useState(false);
const [loading, setLoading] = useState(false);
const [err, setErr] = useState<string | null>(null);
@ -20,33 +23,33 @@ export default function SignUp({ nextPath = "/portal" }: Props) {
e.preventDefault();
setErr(null);
const u = username.trim();
const em = email.trim().toLowerCase();
const pw = password;
const un = username.trim();
if (!u) {
setErr("Username is required.");
if (!em || !un || !password || !confirmPassword) {
setErr("All fields are required.");
return;
}
if (!pw || pw.length < 8) {
if (!EMAIL_RE.test(em)) {
setErr("Please enter a valid email address.");
return;
}
if (password.length < 8) {
setErr("Password must be at least 8 characters.");
return;
}
if (password !== confirmPassword) {
setErr("Passwords do not match.");
return;
}
setLoading(true);
try {
const res = await fetch("/api/auth/register", {
method: "POST",
credentials: "include",
headers: {
"Content-Type": "application/json",
Accept: "application/json",
},
body: JSON.stringify({
username: u,
email: em || undefined,
password: pw,
}),
headers: { "Content-Type": "application/json", Accept: "application/json" },
body: JSON.stringify({ email: em, username: un, password, confirmPassword }),
});
const txt = await res.text();
@ -59,13 +62,12 @@ export default function SignUp({ nextPath = "/portal" }: Props) {
if (!res.ok) {
const message =
(j?.error && j?.debug ? `${j.error} (${j.debug})` : j?.error) ||
j?.error ||
j?.message ||
`Sign-up failed (${res.status})`;
(res.status === 409 ? "Email or username already in use." : `Sign-up failed (${res.status})`);
throw new Error(message);
}
// If AUTO_LOGIN is enabled on the server, the user is already signed in.
router.replace(nextPath);
router.refresh();
} catch (e: any) {
@ -74,17 +76,28 @@ export default function SignUp({ nextPath = "/portal" }: Props) {
setLoading(false);
}
},
[username, email, password, nextPath, router]
); // <-- make sure this closing ); is present
[email, username, password, confirmPassword, nextPath, router]
);
return (
<div className="mx-auto max-w-md rounded-lg border p-6">
<h1 className="mb-1 text-2xl font-semibold">Create Account</h1>
<p className="mb-6 text-sm opacity-70">
Join MakerDash to manage rigs, settings, and projects.
</p>
<p className="mb-6 text-sm opacity-70">Join MakeArmy to manage rigs, settings, and projects.</p>
<form className="space-y-4" onSubmit={onSubmit}>
<div className="space-y-1">
<label className="text-sm font-medium">Email</label>
<input
type="email"
autoComplete="email"
className="w-full rounded-md border px-3 py-2"
placeholder="you@example.com"
value={email}
onChange={(e) => setEmail(e.currentTarget.value)}
required
/>
</div>
<div className="space-y-1">
<label className="text-sm font-medium">Username</label>
<input
@ -95,20 +108,7 @@ export default function SignUp({ nextPath = "/portal" }: Props) {
value={username}
onChange={(e) => setUsername(e.currentTarget.value)}
required
/>
</div>
<div className="space-y-1">
<label className="text-sm font-medium">
Email <span className="opacity-60">(optional)</span>
</label>
<input
type="email"
autoComplete="email"
className="w-full rounded-md border px-3 py-2"
placeholder="you@example.com"
value={email}
onChange={(e) => setEmail(e.currentTarget.value)}
minLength={3}
/>
</div>
@ -127,7 +127,7 @@ export default function SignUp({ nextPath = "/portal" }: Props) {
type={showPassword ? "text" : "password"}
autoComplete="new-password"
className="w-full rounded-md border px-3 py-2"
placeholder="Choose a strong password"
placeholder="At least 8 characters"
value={password}
onChange={(e) => setPassword(e.currentTarget.value)}
required
@ -135,6 +135,20 @@ export default function SignUp({ nextPath = "/portal" }: Props) {
/>
</div>
<div className="space-y-1">
<label className="text-sm font-medium">Confirm Password</label>
<input
type={showPassword ? "text" : "password"}
autoComplete="new-password"
className="w-full rounded-md border px-3 py-2"
placeholder="Re-enter your password"
value={confirmPassword}
onChange={(e) => setConfirmPassword(e.currentTarget.value)}
required
minLength={8}
/>
</div>
{err && (
<div className="rounded-md border border-red-300 bg-red-50 px-3 py-2 text-sm text-red-700">
{err}

28
app/page.tsx
View file

@ -3,19 +3,35 @@ import { cookies } from "next/headers";
import { redirect } from "next/navigation";
import SignIn from "@/app/auth/sign-in/sign-in";
import SignUp from "@/app/auth/sign-up/sign-up";
import { isJwtValid } from "@/lib/jwt";
export default async function HomePage() {
// If already signed in, go straight to the app
type SearchParams = { [key: string]: string | string[] | undefined };
export default async function HomePage({
searchParams,
}: {
searchParams?: SearchParams;
}) {
// If already signed in with a VALID token, go straight to the app
const ck = await cookies();
const at = ck.get("ma_at")?.value;
if (at) redirect("/portal");
if (isJwtValid(at)) redirect("/portal");
const reauth = searchParams?.reauth === "1";
return (
<main className="mx-auto max-w-5xl px-4 py-12">
{reauth && (
<p className="mb-6 rounded-md border bg-yellow-50 p-3 text-sm text-yellow-900">
Your session expired. Please sign in again.
</p>
)}
<section className="mb-10 text-center">
<h1 className="text-3xl font-bold tracking-tight">MakeArmy</h1>
<p className="mt-2 text-base text-muted-foreground">
Free to use. Manage laser rigs, settings, and projectsall in one place.
Free to use. Manage laser rigs, settings, and projectsall in one
place.
</p>
</section>
@ -29,12 +45,12 @@ export default async function HomePage() {
<div className="rounded-lg border p-6">
<h2 className="mb-3 text-lg font-semibold">Sign in</h2>
{/* Uses your existing sign-in component */}
<SignIn nextPath="/portal" reauth={false} />
<SignIn nextPath="/portal" reauth={reauth} />
</div>
</section>
<section className="mt-8 text-center text-xs text-muted-foreground">
We only use cookies strictly necessary to operate the site (e.g., your sign-in session).
This is the production build v0.0.1 - this site is an active BETA. Some features may not be available or work as intended. If you're experiencing issues please report them here: https://forge.makearmy.io/makearmy/makearmy-app/issues PRIVACY: We only use cookies strictly necessary to operate the site (e.g., your sign-in session). We do not store user data or telemetry other than what you provide and never share or sell data to third parties. Ever.
</section>
</main>
);

3
app/settings/co2-galvo/page.tsx
View file

@ -38,10 +38,9 @@ export default function CO2GalvoSettingsPage() {
"submission_id",
"setting_title",
"uploader",
// owner (M2O) ensure username is requested
"owner",
"owner.id",
"owner.username",
// assets / denorms
"photo.id",
"photo.title",
"mat.name",

15
lib/jwt.ts Normal file
View file

@ -0,0 +1,15 @@
// lib/jwt.ts
export function jwtExp(token?: string | null): number | null {
if (!token) return null;
try {
const payload = JSON.parse(Buffer.from(token.split(".")[1], "base64").toString("utf8"));
return typeof payload?.exp === "number" ? payload.exp : null;
} catch {
return null;
}
}
export function isJwtValid(token?: string | null): boolean {
const exp = jwtExp(token);
return !!exp && exp * 1000 > Date.now();
}

9
middleware.ts
View file

@ -83,6 +83,11 @@ import { NextResponse, NextRequest } from "next/server";
const url = req.nextUrl.clone();
const { pathname } = url;
// ── 0) Absolute rule: the homepage must never redirect (no mapping, no gating).
if (pathname === "/") {
return NextResponse.next();
}
// ── 1) Legacy → Portal / Canonical mapping (runs before auth gating)
const mapped = legacyMap(pathname);
if (mapped && !isSameUrl(req, mapped)) {
@ -174,8 +179,8 @@ import { NextResponse, NextRequest } from "next/server";
type MapResult = { pathname: string; query?: Record<string, string> };
function legacyMap(pathname: string): MapResult | null {
// If were already inside the portal, dont try to remap again.
if (pathname.startsWith("/portal")) return null;
// Never map the homepage, and if were already inside the portal, dont remap again.
if (pathname === "/" || pathname.startsWith("/portal")) return null;
// 1) DETAIL PAGES: map legacy detail URLs straight into the portal with ?id=
// NOTE: We intentionally DO NOT remap `/lasers/:id` and `/projects/:id`

4
package-lock.json generated
View file

@ -1,12 +1,12 @@
{
"name": "ledb",
"version": "1.0.0",
"version": "0.0.1",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "ledb",
"version": "1.0.0",
"version": "0.0.1",
"dependencies": {
"@hookform/resolvers": "^5.2.2",
"@radix-ui/react-accordion": "^1.2.10",

2
package.json
View file

@ -1,6 +1,6 @@
{
"name": "ledb",
"version": "1.0.0",
"version": "0.0.1",
"scripts": {
"dev": "next dev",
"build": "next build",