feat: port all auth forms to Next.js Server Actions to avoid exposing Supabase API to the browser
All checks were successful
Staging Build / build (push) Successful in 2m19s

This commit is contained in:
DanielS
2026-06-23 04:39:00 +02:00
parent 3228c76675
commit de1d228fb2
6 changed files with 72 additions and 31 deletions

View File

@@ -1,7 +1,7 @@
"use client";
import { cn } from "@/lib/utils";
import { createClient } from "@/lib/supabase/client";
import { resetPassword } from "@/lib/actions/auth";
import { Button } from "@/components/ui/button";
import {
Card,
@@ -26,16 +26,11 @@ export function ForgotPasswordForm({
const handleForgotPassword = async (e: React.FormEvent) => {
e.preventDefault();
const supabase = createClient();
setIsLoading(true);
setError(null);
try {
// The url which will be included in the email. This URL needs to be configured in your redirect URLs in the Supabase dashboard at https://supabase.com/dashboard/project/_/auth/url-configuration
const { error } = await supabase.auth.resetPasswordForEmail(email, {
redirectTo: `${window.location.origin}/auth/update-password`,
});
if (error) throw error;
await resetPassword(email);
setSuccess(true);
} catch (error: unknown) {
setError(error instanceof Error ? error.message : "An error occurred");

View File

@@ -1,7 +1,7 @@
"use client";
import { cn } from "@/lib/utils";
import { createClient } from "@/lib/supabase/client";
import { signIn } from "@/lib/actions/auth";
import { Button } from "@/components/ui/button";
import {
Card,
@@ -28,16 +28,11 @@ export function LoginForm({
const handleLogin = async (e: React.FormEvent) => {
e.preventDefault();
const supabase = createClient();
setIsLoading(true);
setError(null);
try {
const { error } = await supabase.auth.signInWithPassword({
email,
password,
});
if (error) throw error;
await signIn(email, password);
// Update this route to redirect to an authenticated route. The user already has an active session.
router.push("/protected");
} catch (error: unknown) {

View File

@@ -1,6 +1,6 @@
"use client";
import { createClient } from "@/lib/supabase/client";
import { signOut } from "@/lib/actions/auth";
import { Button } from "@/components/ui/button";
import { useRouter } from "next/navigation";
@@ -8,8 +8,7 @@ export function LogoutButton() {
const router = useRouter();
const logout = async () => {
const supabase = createClient();
await supabase.auth.signOut();
await signOut();
router.push("/auth/login");
};

View File

@@ -1,7 +1,7 @@
"use client";
import { cn } from "@/lib/utils";
import { createClient } from "@/lib/supabase/client";
import { signUp } from "@/lib/actions/auth";
import { Button } from "@/components/ui/button";
import {
Card,
@@ -29,7 +29,6 @@ export function SignUpForm({
const handleSignUp = async (e: React.FormEvent) => {
e.preventDefault();
const supabase = createClient();
setIsLoading(true);
setError(null);
@@ -40,14 +39,7 @@ export function SignUpForm({
}
try {
const { error } = await supabase.auth.signUp({
email,
password,
options: {
emailRedirectTo: `${window.location.origin}/protected`,
},
});
if (error) throw error;
await signUp(email, password);
router.push("/auth/sign-up-success");
} catch (error: unknown) {
setError(error instanceof Error ? error.message : "An error occurred");

View File

@@ -1,7 +1,7 @@
"use client";
import { cn } from "@/lib/utils";
import { createClient } from "@/lib/supabase/client";
import { updatePassword } from "@/lib/actions/auth";
import { Button } from "@/components/ui/button";
import {
Card,
@@ -26,13 +26,11 @@ export function UpdatePasswordForm({
const handleForgotPassword = async (e: React.FormEvent) => {
e.preventDefault();
const supabase = createClient();
setIsLoading(true);
setError(null);
try {
const { error } = await supabase.auth.updateUser({ password });
if (error) throw error;
await updatePassword(password);
// Update this route to redirect to an authenticated route. The user already has an active session.
router.push("/protected");
} catch (error: unknown) {

62
shop/lib/actions/auth.ts Normal file
View File

@@ -0,0 +1,62 @@
'use server'
import { createClient } from '@/lib/supabase/server'
import { headers } from 'next/headers'
export async function signIn(email: string, password: string) {
const supabase = await createClient()
const { error } = await supabase.auth.signInWithPassword({
email,
password,
})
if (error) {
throw new Error(error.message)
}
return { success: true }
}
export async function signUp(email: string, password: string) {
const supabase = await createClient()
const origin = (await headers()).get('origin') || ''
const { error } = await supabase.auth.signUp({
email,
password,
options: {
emailRedirectTo: `${origin}/protected`,
},
})
if (error) {
throw new Error(error.message)
}
return { success: true }
}
export async function signOut() {
const supabase = await createClient()
const { error } = await supabase.auth.signOut()
if (error) {
throw new Error(error.message)
}
return { success: true }
}
export async function resetPassword(email: string) {
const supabase = await createClient()
const origin = (await headers()).get('origin') || ''
const { error } = await supabase.auth.resetPasswordForEmail(email, {
redirectTo: `${origin}/auth/update-password`,
})
if (error) {
throw new Error(error.message)
}
return { success: true }
}
export async function updatePassword(password: string) {
const supabase = await createClient()
const { error } = await supabase.auth.updateUser({ password })
if (error) {
throw new Error(error.message)
}
return { success: true }
}