refactor(auth): refactor auth implementation

Author: eezhal92

package.json

@@ -34,6 +34,7 @@
     "axios": "^1.7.7",
     "class-variance-authority": "^0.7.1",
     "clsx": "^2.1.1",
+    "cookie": "^1.0.2",
     "embla-carousel-autoplay": "^8.2.0",
     "embla-carousel-react": "^8.2.0",
     "jwt-decode": "^4.0.0",

src/app/[locale]/(public)/layout.tsx

@@ -0,0 +1,27 @@
+"use client";
+
+import Navbar from "@/components/layout/Navbar";
+import Footer from "@/components/layout/Footer";
+
+import { useParams, usePathname } from "next/navigation";
+const authPaths = ["sign-in", "sign-up", "forgot-password", "reset-password"];
+
+const WrapperLayout = ({ children }: { children: React.ReactNode }) => {
+  const params = useParams();
+  const pathname = usePathname();
+  const isAuthPage = authPaths.some((path) => pathname.includes(path));
+  const isCertificateDetailPage = !!params?.slug && pathname.includes("certificates");
+
+  if (isAuthPage || isCertificateDetailPage) {
+    return children;
+  }
+
+  return (
+    <>
+      <Navbar />
+      {children}
+      <Footer />
+    </>
+  );
+};
+export default WrapperLayout;

src/app/[locale]/admin/layout.tsx

@@ -1,21 +1,22 @@
-"use client";
-
-import { useEffect } from "react";
-import { redirect } from "next/navigation";
+import { cookies } from "next/headers";
 import RouteBreadcrumb from "@/components/common/RouteBreadcrumb";
-import { useAuthUser } from "@/components/hooks/UseAuthUser";
 import AdminSidebar from "@/components/layout/AdminSidebar";
+
+
+import { jwtDecode } from "jwt-decode";
+import { redirect } from "next/navigation";
+import { AuthJwtPayload } from "@/types";
 import { Separator } from "@/components/ui/Separator";
 import { SidebarInset, SidebarProvider, SidebarTrigger } from "@/components/ui/Sidebar";
 
-export default function AdminLayout({ children }: { children: React.ReactNode }) {
-  const { user, isLoading } = useAuthUser();
+export default async function AdminLayout({ children }: { children: React.ReactNode }) {
+  const cookieStore = await cookies();
+  const token = cookieStore.get("token");
+
+  if (!token) return redirect("/");
 
-  useEffect(() => {
-    if (!isLoading && (!user || user.role !== "admin")) {
-      redirect("/");
-    }
-  }, [isLoading, user]);
+  const payload = jwtDecode<AuthJwtPayload>(token.value);
+  if (payload.role !== "user") return redirect("/");
 
   return (
     <SidebarProvider>

src/app/[locale]/layout.tsx

@@ -1,10 +1,14 @@
 import { NextIntlClientProvider } from "next-intl";
 import { getMessages, getTranslations, setRequestLocale } from "next-intl/server";
 import { Sora } from "next/font/google";
-import WrapperLayout from "@/components/layout/WrapperLayout";
 import { locales } from "@/lib/locales";
 import { notFound } from "next/navigation";
 import { Toaster } from "@/components/ui/Toaster";
+import { AuthProvider } from "@/components/provider/AuthProvider";
+import { cookies } from "next/headers";
+import { AuthJwtPayload } from "@/types";
+import { jwtDecode } from "jwt-decode";
+import { ThemeProvider } from "@/components/provider/ThemeProvider";
 const sora = Sora({ subsets: ["latin"] });
 
 type Props = {
@@ -33,22 +37,31 @@ export async function generateMetadata(props: Props) {
 
 export default async function LocaleRootLayout(props: Readonly<Props>) {
   const params = await props.params;
-
   const { locale } = params;
-
   const { children } = props;
 
   if (!locales.includes(locale)) notFound();
 
   setRequestLocale(locale);
 
+  // Get authenticated user info
+  // This data is retrieved on server context
+  // Then we passed it into auth provider
+  const cookieStore = await cookies();
+  const token = cookieStore.get("token");
+  const payload: AuthJwtPayload | undefined = token?.value ? jwtDecode<AuthJwtPayload>(token.value) : undefined;
+
   const messages = await getMessages();
 
   return (
     <html lang={locale} suppressHydrationWarning>
       <body className={`${sora.className}`}>
         <NextIntlClientProvider messages={messages}>
-          <WrapperLayout>{children}</WrapperLayout>
+          <AuthProvider payload={payload}>
+            <ThemeProvider attribute="class" defaultTheme="system" enableSystem disableTransitionOnChange>
+              {children}
+            </ThemeProvider>
+          </AuthProvider>
           <Toaster />
         </NextIntlClientProvider>
       </body>

src/app/api/login/route.ts

@@ -0,0 +1,38 @@
+import { authService } from "@/services/auth";
+import { AuthJwtPayload } from "@/types";
+import { jwtDecode } from "jwt-decode";
+import { NextResponse } from "next/server";
+
+export async function POST(request: Request) {
+  try {
+    const body = await request.json();
+    const { email, password } = body;
+    const result = await authService.getToken({ email, password });
+    const token = result.data;
+    const decoded = jwtDecode<AuthJwtPayload>(token);
+
+    const res = NextResponse.json(token);
+    // TODO: fix(security) set cookie with these attributes
+    // httpOnly=true, secure=true if prod, same-site
+    // max-age to follow the token. extract from token
+    // TODO: create logout endpoint and remove cookie there
+
+    // Now server components will have access to token
+    // Question: should we encrypt token?
+    const now = Math.floor(Date.now() / 1000);
+    const maxAge = decoded.exp ? decoded.exp - now : undefined;
+    res.cookies.set("token", token, {
+      httpOnly: true,
+      secure: process.env.NODE_ENV === "production",
+      maxAge,
+    });
+    return res;
+  } catch (error) {
+    // if (error.type === 'CredentialsSignin') {
+    //   return NextResponse.json({ error: 'Invalid credentials.' }, { status: 401 })
+    // } else {
+    //   NextResponse.json({ error: 'Something went wrong.' }, { status: 500 })
+    // }
+    return NextResponse.json({ error }, { status: 500 });
+  }
+}

src/app/api/logout/route.ts

@@ -0,0 +1,12 @@
+import { NextResponse } from "next/server";
+
+export async function POST() {
+  const res = NextResponse.json({ success: true });
+  res.cookies.set("token", "", {
+    httpOnly: true,
+    secure: process.env.NODE_ENV === "production",
+    maxAge: 0,
+    path: "/",
+  });
+  return res;
+}

src/components/layout/Navbar/UserMenu.tsx

@@ -5,12 +5,12 @@ import { ChevronLeft, LogOut, User } from "lucide-react";
 import { USER_LINKS } from "./constant";
 import { useTranslations } from "next-intl";
 import { useAuthUser } from "@/components/hooks/UseAuthUser";
-import { useAuth } from "@/features/auth/hooks/useAuth";
+import { useAuthService } from "@/features/auth/hooks/useAuth";
 
 const DesktopUserMenu = () => {
   const t = useTranslations("Layout");
   const { user, isAuthenticated } = useAuthUser();
-  const { logout } = useAuth();
+  const { logout } = useAuthService();
 
   return !isAuthenticated ? (
     <Button asChild size="sm" className="w-full">
@@ -60,7 +60,7 @@ const DesktopUserMenu = () => {
 const MobileUserMenu = () => {
   const t = useTranslations("Layout");
   const { user, isAuthenticated } = useAuthUser();
-  const { logout } = useAuth();
+  const { logout } = useAuthService();
 
   return (
     <div className="border-t pt-4">

src/components/layout/WrapperLayout/constant.ts

@@ -1,59 +1,22 @@
 "use client";
 
-import { createContext, ReactNode, useEffect, useState } from "react";
-import { User, UserContextType } from "@/types";
-import { decodeToken } from "@/lib/jwt";
-// import { profileService } from "@/services/profile";
+import { createContext, ReactNode } from "react";
+import { AuthJwtPayload, UserContextType } from "@/types";
 
 export const UserContext = createContext<UserContextType | undefined>(undefined);
 
-export const AuthProvider = ({ children }: { children: ReactNode }) => {
-  const [user, setUser] = useState<User | null>(null);
-  const [isLoading, setIsLoading] = useState(true);
+interface AuthProviderProps {
+  /**
+   * JWT Payload taken from cookie
+   * @default undefined
+   */
+  payload?: AuthJwtPayload;
+  children: ReactNode;
+}
 
-  const getUserProfile = async () => {
-    setIsLoading(true);
-    const token = await localStorage.getItem("accessToken");
-    if (!token) return;
+export const AuthProvider = ({ payload, children }: AuthProviderProps) => {
+  const user = payload || null;
+  const isAuthenticated = !!user;
 
-    const { isTokenExpired, username, role, email } = decodeToken(token);
-    console.log(decodeToken(token));
-    if (isTokenExpired) {
-      localStorage.removeItem("accessToken");
-      return;
-    }
-
-    try {
-      // const { data: user } = await profileService.getUserId();
-
-      setUser({
-        username: username,
-        email: email,
-        role: role,
-        // phone_number: phone_number || '',
-      });
-    } catch (err) {
-      console.error("Failed to fetch user profile:", err);
-      localStorage.removeItem("accessToken");
-    } finally {
-      setIsLoading(false);
-    }
-  };
-
-  useEffect(() => {
-    getUserProfile();
-  }, []);
-
-  return (
-    <UserContext.Provider
-      value={{
-        user,
-        setUser,
-        isLoading,
-        isAuthenticated: !!user,
-      }}
-    >
-      {children}
-    </UserContext.Provider>
-  );
+  return <UserContext.Provider value={{ user, isAuthenticated, isLoading: false }}>{children}</UserContext.Provider>;
 };