Skip to content

Feat/login with google 2 #25

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
OffCrazyFreak wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Feat/login with google 2 #25

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
9cdc7b4
Migrate auth from hand-rolled JWT to better-auth
OffCrazyFreak Jun 8, 2026
88dfaf3
Add last-used badge to login methods and remove name from signup
OffCrazyFreak Jun 8, 2026
9728dd4
Fixes:
OffCrazyFreak Jun 8, 2026
28bbf41
Fix all valid CodeRabbit findings from auth migration PR
OffCrazyFreak Jun 8, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 39 additions & 4 deletions AGENTS.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,20 @@ Do not prematurely optimize code. Focus on clarity and correctness first. Especi

**Core Framework & Runtime:**

- Next.js: `16.0.10`
- React: `19.2.3`
- React DOM: `19.2.3`
- Next.js: `16.2.2`
- React: `19.2.4`
- React DOM: `19.2.4`

**Authentication:**

- better-auth: `1.6.14`
- @daveyplate/better-auth-ui: `^3.2.13`

**Database (frontend — better-auth identity store):**

- drizzle-orm: `0.45.2`
- drizzle-kit: `^0.31.10`
- pg: `8.21.0`
Comment on lines +23 to +30

@coderabbitai coderabbitai Bot Jun 8, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick | 🔵 Trivial

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Check for security advisories for auth and database packages

echo "Checking better-auth..."
gh api graphql -f query='
{
  securityVulnerabilities(first: 5, ecosystem: NPM, package: "better-auth") {
    nodes {
      advisory {
        summary
        severity
        publishedAt
      }
      vulnerableVersionRange
      firstPatchedVersion {
        identifier
      }
    }
  }
}'

echo "Checking drizzle-orm..."
gh api graphql -f query='
{
  securityVulnerabilities(first: 5, ecosystem: NPM, package: "drizzle-orm") {
    nodes {
      advisory {
        summary
        severity
        publishedAt
      }
      vulnerableVersionRange
      firstPatchedVersion {
        identifier
      }
    }
  }
}'

echo "Checking pg..."
gh api graphql -f query='
{
  securityVulnerabilities(first: 5, ecosystem: NPM, package: "pg") {
    nodes {
      advisory {
        summary
        severity
        publishedAt
      }
      vulnerableVersionRange
      firstPatchedVersion {
        identifier
      }
    }
  }
}'

Repository: OffCrazyFreak/Disscount

Length of output: 3173

🏁 Script executed:

#!/bin/bash
# Description: Check for security advisories for missing auth/database packages + broaden pg results

check_pkg () {
  local pkg="$1"
  echo "Checking $pkg..."
  gh api graphql -f query='
{
  securityVulnerabilities(first: 20, ecosystem: NPM, package: $pkg) {
    nodes {
      advisory {
        summary
        severity
        publishedAt
      }
      vulnerableVersionRange
      firstPatchedVersion {
        identifier
      }
    }
  }
}' -f pkg="$pkg"
}

check_pkg "better-auth"
check_pkg "`@daveyplate/better-auth-ui`"
check_pkg "drizzle-orm"
check_pkg "drizzle-kit"
check_pkg "pg"

Repository: OffCrazyFreak/Disscount

Length of output: 1711

🏁 Script executed:

#!/bin/bash
# Description: Check for security advisories for missing auth/database packages + broaden pg results

check_pkg () {
  local pkg="$1"
  echo "Checking $pkg..."
  gh api graphql -f pkg="$pkg" -f query='
query($pkg: String!) {
  securityVulnerabilities(first: 20, ecosystem: NPM, package: $pkg) {
    nodes {
      advisory { summary severity publishedAt }
      vulnerableVersionRange
      firstPatchedVersion { identifier }
    }
  }
}'
}

check_pkg "better-auth"
check_pkg "`@daveyplate/better-auth-ui`"
check_pkg "drizzle-orm"
check_pkg "drizzle-kit"
check_pkg "pg"

Repository: OffCrazyFreak/Disscount

Length of output: 6775

Confirm security advisory impact for the AGENTS.md dependency versions.

  • GitHub advisory data shows no known NPM vulnerabilities apply to better-auth@1.6.14 (nearest HIGH issue is patched in 1.6.11), drizzle-orm@0.45.2 (issue fixed at 0.45.2), or pg@8.21.0.
  • No NPM advisories are listed for @daveyplate/better-auth-ui@^3.2.13 or drizzle-kit@^0.31.10.
  • Still check separately whether newer stable releases exist (not covered by the advisory lookup).
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@AGENTS.md` around lines 23 - 30, The AGENTS.md dependency list needs an
explicit confirmation of security-advisory impact and a note about checking for
newer stable releases: verify GitHub Advisory Database and npm advisories for
better-auth@1.6.14, `@daveyplate/better-auth-ui`@^3.2.13, drizzle-orm@0.45.2,
drizzle-kit@^0.31.10, and pg@8.21.0; record that better-auth@1.6.14 has no
applicable NPM vulnerabilities (nearest HIGH was patched in 1.6.11),
drizzle-orm@0.45.2 has the fix included, and pg@8.21.0 has no applicable
advisories, and explicitly state that no advisories were found for
`@daveyplate/better-auth-ui`@^3.2.13 or drizzle-kit@^0.31.10; also check npm
registry/changelogs for newer stable releases and append the confirmation, date
checked, and any recommended upgrade actions to AGENTS.md so the dependency
block documents the security status and next steps.


**Key Libraries:**

Expand All @@ -34,7 +45,7 @@ Do not prematurely optimize code. Focus on clarity and correctness first. Especi
**Development Tools:**

- ESLint: Latest
- TypeScript: Latest
- TypeScript: `^5.7`
- Tailwind CSS with PostCSS: Latest

## Guidelines
Expand All @@ -58,6 +69,30 @@ Add empty rows for better readability between logical blocks of code, my prettie

If I tell you to refactor something into a separate component or function, make sure to check if there already exists a similar component or function in the codebase and reuse it instead of writing a new one. If there is no similar component or function, then create a new one in a separate file, instead of writing it in the same file.

Never edit the package.json or package-lock.json files directly, but instead use "pnpm add package-name@version" or "pnpm remove package-name" to manage dependencies.

If you need docs about a library, always fetch the most recent documentation from the official website or repository, instead of searching in node modules or other places.

# Backend Development Guidelines

NEVER run "mvn spring-boot:run" or any other development server command, because I always already have my dev server running. Also never run build commands.

# Commit message requirement

At the end of every response that includes code changes, include a suggested Git commit message.

Use this format:

```text
Short summary in imperative mood

Brief explanation of why the change was needed.

Changes:
- Specific change 1
- Specific change 2
- Specific change 3

Notes:
- Optional important detail for reviewers or future maintenance
```
26 changes: 2 additions & 24 deletions backend/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,9 +67,8 @@
<version>3.0.0</version>
</dependency>
<dependency>
<groupId>com.google.api-client</groupId>
<artifactId>google-api-client</artifactId>
<version>2.2.0</version>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
Expand All @@ -86,27 +85,6 @@
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-api</artifactId>
<version>0.11.5</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-impl</artifactId>
<version>0.11.5</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-jackson</artifactId>
<version>0.11.5</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-mail</artifactId>
Expand Down
38 changes: 0 additions & 38 deletions backend/src/main/java/disscount/auth/dao/RefreshTokenRepository.java
View file
Open in desktop

This file was deleted.

41 changes: 0 additions & 41 deletions backend/src/main/java/disscount/auth/domain/RefreshToken.java
View file
Open in desktop

This file was deleted.

21 changes: 0 additions & 21 deletions backend/src/main/java/disscount/auth/dto/AuthResponse.java
View file
Open in desktop

This file was deleted.

15 changes: 0 additions & 15 deletions backend/src/main/java/disscount/auth/dto/GoogleAuthRequest.java
View file
Open in desktop

This file was deleted.

14 changes: 0 additions & 14 deletions backend/src/main/java/disscount/auth/dto/LoginRequest.java
View file
Open in desktop

This file was deleted.

25 changes: 0 additions & 25 deletions backend/src/main/java/disscount/auth/dto/RegisterRequest.java
View file
Open in desktop

This file was deleted.

Loading