6.7 KiB
6.7 KiB
1. Dependencies & Configuration
- 1.1
[haiku]Install npm dependencies:next-auth@5,bcryptjs,@types/bcryptjs - 1.2
[haiku]Add environment variables to.env.example:AUTH_SECRET,AUTH_GOOGLE_ID,AUTH_GOOGLE_SECRET,AUTH_TRUST_HOST,DEFAULT_ADMIN_EMAIL,DEFAULT_ADMIN_PASSWORD - 1.3
[haiku]Updatedocker-compose.ymlto pass new auth env vars to the candle-annotator service
2. Database Schema & Migration
- 2.1
[sonnet]Adduserstable to Drizzle schema (src/lib/db/schema.ts) with UUID PK, email, password_hash, name, image, provider, provider_account_id, email_verified, created_at, updated_at - 2.2
[sonnet]Adduser_id(uuid, FK to users.id) column tocharts,annotations,annotation_types,span_annotations,span_label_typesin schema - 2.3
[sonnet]Replace unique constraints:charts.name→(user_id, name),annotation_types.name→(user_id, name),span_label_types.name→(user_id, name) - 2.4
[haiku]Generate Drizzle migration withdrizzle-kit generate - 2.5
[opus]Create data migration script (scripts/migrate-users.ts): create default admin user, backfilluser_idon all existing rows, alter columns to NOT NULL
3. Auth.js Configuration
- 3.1
[sonnet]Createsrc/auth.tswith Auth.js v5 config: JWT strategy, Credentials provider (email/password with bcryptjs verify), Google OAuth provider - 3.2
[sonnet]Add JWT callback to embeduser.idin token and session callback to exposesession.user.id - 3.3
[sonnet]Handle Google OAuth sign-in callback: create user on first sign-in, find existing user on returning sign-in - 3.4
[haiku]Createsrc/app/api/auth/[...nextauth]/route.tsexporting GET/POST handlers
4. Registration API
- 4.1
[sonnet]CreatePOST /api/auth/registerendpoint: validate input (email required, password 8+ chars), check email uniqueness, hash password with bcryptjs, insert user, return 201 - 4.2
[sonnet]Add default data seeding function: on new user creation, insert default annotation_types (break_up, break_down, line) and default span_label_types for the new user
5. Auth Middleware & Helpers
- 5.1
[sonnet]Createproxy.tsat project root: protect/app/*routes (redirect to/login), protect/api/*except/api/auth/*and/api/health(return 401), redirect authenticated users from/loginand/registerto/app - 5.2
[haiku]Createsrc/lib/auth.tswithgetAuthUser()helper that extracts user from Auth.js session
6. User Settings API
- 6.1
[haiku]CreatePUT /api/auth/profileendpoint: update user display name - 6.2
[sonnet]CreatePUT /api/auth/passwordendpoint: verify current password, hash new password, update; reject for OAuth users - 6.3
[sonnet]CreateDELETE /api/auth/accountendpoint: delete all user data (cascade) and user record
7. Update Existing API Routes
- 7.1
[sonnet]AddgetAuthUser()check to all data API routes:/api/upload,/api/candles,/api/charts,/api/annotations,/api/annotation-types,/api/span-annotations,/api/span-label-types,/api/export - 7.2
[opus]Update all Drizzle queries to filter byuser_idfrom authenticated session (SELECT, INSERT, DELETE) - 7.3
[sonnet]AddgetAuthUser()check to all proxy API routes:/api/predict,/api/predict/batch,/api/model/info,/api/model/load,/api/patterns/detect,/api/patterns/available,/api/training/start,/api/training/runs - 7.4
[haiku]AddX-User-IDheader to all fetch calls from proxy routes to the FastAPI ML service
8. Frontend Routing Restructure
- 8.1
[haiku]Createsrc/app/(public)/layout.tsx— minimal layout for public pages (shared fonts/theme, no sidebar) - 8.2
[haiku]Move currentsrc/app/page.tsxtosrc/app/app/page.tsx(workspace at/app) - 8.3
[sonnet]Createsrc/app/app/layout.tsx— protected layout withSessionProvider, user menu nav bar, sidebar with settings link - 8.4
[haiku]Update any hardcoded/links in existing components to/app
9. Landing Page
- 9.1
[sonnet]Createsrc/app/(public)/page.tsx— landing page matching Lovable design: navbar with login/register links, hero section, features grid (6 cards), stats bar, footer CTA - 9.2
[haiku]Add auth-aware navbar: show "Log in"/"Get Started" when unauthenticated, "Go to App" when authenticated
10. Login Page
- 10.1
[sonnet]Createsrc/app/(public)/login/page.tsx— login form matching Lovable design: email/password inputs, "Sign In" button callingsignIn("credentials"), "Continue with Google" button callingsignIn("google") - 10.2
[haiku]Add error state display for invalid credentials - 10.3
[haiku]Add "Forgot password?" link (shows toast: "Not yet available"), "Sign up" link to/register
11. Register Page
- 11.1
[sonnet]Createsrc/app/(public)/register/page.tsx— register form matching Lovable design: name/email/password inputs, "Create Account" button posting to/api/auth/registerthen auto-signing in - 11.2
[haiku]Add error state display for duplicate email, short password - 11.3
[haiku]Add "Continue with Google" button, "Sign in" link to/login
12. Settings Page
- 12.1
[sonnet]Createsrc/app/app/settings/page.tsx— Profile section: display name input with save, read-only email - 12.2
[sonnet]Add Security section: change password form (current/new/confirm) for credentials users, "Signed in via Google" for OAuth users - 12.3
[sonnet]Add Danger Zone section: delete account button with confirmation dialog (type "DELETE" to confirm) - 12.4
[haiku]Add back navigation link to/app
13. App Layout & User Menu
- 13.1
[sonnet]Create user menu component: avatar/initial, dropdown with "Settings" and "Sign Out" links - 13.2
[haiku]Add settings gear icon to sidebar (near theme toggle) - 13.3
[haiku]WiresignOut()in user menu to destroy session and redirect to/login
14. ML Service User Scoping
- 14.1
[haiku]Update FastAPI service to readX-User-IDheader from incoming requests - 14.2
[haiku]Scope MLflow experiment names to include user ID (e.g.,user_{uuid}_training) - 14.3
[sonnet]Scope training run queries in FastAPI to filter by user ID
15. Documentation & Deployment
- 15.1
[haiku]UpdateDEPLOYMENT.mdwith new env vars, migration steps, Google OAuth setup instructions - 15.2
[haiku]UpdateREADME.mdwith user accounts feature description - 15.3
[haiku]UpdateCLAUDE_DESCRIPTION.mdwith new routing, auth system, and schema changes - 15.4
[haiku]Update.env.examplewith all new environment variables and comments