trentuna/candle-annotator
8
0
Fork 0
Code Issues Pull requests Releases Packages Activity Actions
candle-annotator/openspec/changes/user-accounts/tasks.md
Marko Djordjevic bf3b59ab2d Mark task 11.2 as complete: error state display verified on register page 
Verified that the register page at src/app/(public)/register/page.tsx already has proper error state handling:
- Duplicate email error (409): "An account with this email already exists"
- Short password error (400): "Password must be at least 8 characters"
- Errors displayed in a clear alert box with icon and destructive styling
- API endpoint returns correct error messages with proper HTTP status codes

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-20 13:30:24 +01:00

6.7 KiB
Raw Blame History

1. Dependencies & Configuration

  • 1.1 [haiku] Install npm dependencies: next-auth@5, bcryptjs, @types/bcryptjs
  • 1.2 [haiku] Add environment variables to .env.example: AUTH_SECRET, AUTH_GOOGLE_ID, AUTH_GOOGLE_SECRET, AUTH_TRUST_HOST, DEFAULT_ADMIN_EMAIL, DEFAULT_ADMIN_PASSWORD
  • 1.3 [haiku] Update docker-compose.yml to pass new auth env vars to the candle-annotator service

2. Database Schema & Migration

  • 2.1 [sonnet] Add users table to Drizzle schema (src/lib/db/schema.ts) with UUID PK, email, password_hash, name, image, provider, provider_account_id, email_verified, created_at, updated_at
  • 2.2 [sonnet] Add user_id (uuid, FK to users.id) column to charts, annotations, annotation_types, span_annotations, span_label_types in schema
  • 2.3 [sonnet] Replace unique constraints: charts.name(user_id, name), annotation_types.name(user_id, name), span_label_types.name(user_id, name)
  • 2.4 [haiku] Generate Drizzle migration with drizzle-kit generate
  • 2.5 [opus] Create data migration script (scripts/migrate-users.ts): create default admin user, backfill user_id on all existing rows, alter columns to NOT NULL

3. Auth.js Configuration

  • 3.1 [sonnet] Create src/auth.ts with Auth.js v5 config: JWT strategy, Credentials provider (email/password with bcryptjs verify), Google OAuth provider
  • 3.2 [sonnet] Add JWT callback to embed user.id in token and session callback to expose session.user.id
  • 3.3 [sonnet] Handle Google OAuth sign-in callback: create user on first sign-in, find existing user on returning sign-in
  • 3.4 [haiku] Create src/app/api/auth/[...nextauth]/route.ts exporting GET/POST handlers

4. Registration API

  • 4.1 [sonnet] Create POST /api/auth/register endpoint: validate input (email required, password 8+ chars), check email uniqueness, hash password with bcryptjs, insert user, return 201
  • 4.2 [sonnet] Add default data seeding function: on new user creation, insert default annotation_types (break_up, break_down, line) and default span_label_types for the new user

5. Auth Middleware & Helpers

  • 5.1 [sonnet] Create proxy.ts at project root: protect /app/* routes (redirect to /login), protect /api/* except /api/auth/* and /api/health (return 401), redirect authenticated users from /login and /register to /app
  • 5.2 [haiku] Create src/lib/auth.ts with getAuthUser() helper that extracts user from Auth.js session

6. User Settings API

  • 6.1 [haiku] Create PUT /api/auth/profile endpoint: update user display name
  • 6.2 [sonnet] Create PUT /api/auth/password endpoint: verify current password, hash new password, update; reject for OAuth users
  • 6.3 [sonnet] Create DELETE /api/auth/account endpoint: delete all user data (cascade) and user record

7. Update Existing API Routes

  • 7.1 [sonnet] Add getAuthUser() check to all data API routes: /api/upload, /api/candles, /api/charts, /api/annotations, /api/annotation-types, /api/span-annotations, /api/span-label-types, /api/export
  • 7.2 [opus] Update all Drizzle queries to filter by user_id from authenticated session (SELECT, INSERT, DELETE)
  • 7.3 [sonnet] Add getAuthUser() check to all proxy API routes: /api/predict, /api/predict/batch, /api/model/info, /api/model/load, /api/patterns/detect, /api/patterns/available, /api/training/start, /api/training/runs
  • 7.4 [haiku] Add X-User-ID header to all fetch calls from proxy routes to the FastAPI ML service

8. Frontend Routing Restructure

  • 8.1 [haiku] Create src/app/(public)/layout.tsx — minimal layout for public pages (shared fonts/theme, no sidebar)
  • 8.2 [haiku] Move current src/app/page.tsx to src/app/app/page.tsx (workspace at /app)
  • 8.3 [sonnet] Create src/app/app/layout.tsx — protected layout with SessionProvider, user menu nav bar, sidebar with settings link
  • 8.4 [haiku] Update any hardcoded / links in existing components to /app

9. Landing Page

  • 9.1 [sonnet] Create src/app/(public)/page.tsx — landing page matching Lovable design: navbar with login/register links, hero section, features grid (6 cards), stats bar, footer CTA
  • 9.2 [haiku] Add auth-aware navbar: show "Log in"/"Get Started" when unauthenticated, "Go to App" when authenticated

10. Login Page

  • 10.1 [sonnet] Create src/app/(public)/login/page.tsx — login form matching Lovable design: email/password inputs, "Sign In" button calling signIn("credentials"), "Continue with Google" button calling signIn("google")
  • 10.2 [haiku] Add error state display for invalid credentials
  • 10.3 [haiku] Add "Forgot password?" link (shows toast: "Not yet available"), "Sign up" link to /register

11. Register Page

  • 11.1 [sonnet] Create src/app/(public)/register/page.tsx — register form matching Lovable design: name/email/password inputs, "Create Account" button posting to /api/auth/register then auto-signing in
  • 11.2 [haiku] Add error state display for duplicate email, short password
  • 11.3 [haiku] Add "Continue with Google" button, "Sign in" link to /login

12. Settings Page

  • 12.1 [sonnet] Create src/app/app/settings/page.tsx — Profile section: display name input with save, read-only email
  • 12.2 [sonnet] Add Security section: change password form (current/new/confirm) for credentials users, "Signed in via Google" for OAuth users
  • 12.3 [sonnet] Add Danger Zone section: delete account button with confirmation dialog (type "DELETE" to confirm)
  • 12.4 [haiku] Add back navigation link to /app

13. App Layout & User Menu

  • 13.1 [sonnet] Create user menu component: avatar/initial, dropdown with "Settings" and "Sign Out" links
  • 13.2 [haiku] Add settings gear icon to sidebar (near theme toggle)
  • 13.3 [haiku] Wire signOut() in user menu to destroy session and redirect to /login

14. ML Service User Scoping

  • 14.1 [haiku] Update FastAPI service to read X-User-ID header from incoming requests
  • 14.2 [haiku] Scope MLflow experiment names to include user ID (e.g., user_{uuid}_training)
  • 14.3 [sonnet] Scope training run queries in FastAPI to filter by user ID

15. Documentation & Deployment

  • 15.1 [haiku] Update DEPLOYMENT.md with new env vars, migration steps, Google OAuth setup instructions
  • 15.2 [haiku] Update README.md with user accounts feature description
  • 15.3 [haiku] Update CLAUDE_DESCRIPTION.md with new routing, auth system, and schema changes
  • 15.4 [haiku] Update .env.example with all new environment variables and comments