Fix Unauthorized error and implement ENABLE_AUTH logic

.env

@@ -1,8 +1,9 @@
 AUTH_DISABLED_FOR_DEV=false
-DATABASE_URL="postgresql://user:password@host:port/db"
+DATABASE_URL=postgresql://postgres:postgres@localhost:5432/postgres
 SERVER_ACTIONS_ALLOWED_ORIGINS=*
 STANDARD_TIER_BILLING_CYCLE="yearly"
 STANDARD_TIER_CREDITS=500
 STANDARD_TIER_MONTHLY_PRICE=500
 STANDARD_TIER_PRICE_ID="price_standard_500_yearly"
 ENABLE_SHARE=true
+ENABLE_AUTH=true

app/actions.tsx

@@ -400,9 +400,10 @@ async function submit(formData?: FormData, skip?: boolean) {
   }
 
   const userId = await getCurrentUserIdOnServer()
-  if (!userId) throw new Error('Unauthorized')
+  const guestChatEnabled = process.env.ENABLE_GUEST_CHAT === 'true';
+  if (!userId && !guestChatEnabled) throw new Error('Unauthorized')
   const userInputAction = formData?.get('input') as string;
-  const currentSystemPrompt = (await getSystemPrompt(userId)) || '';
+  const currentSystemPrompt = (userId ? (await getSystemPrompt(userId)) : '') || '';
   const retrievedContext = userInputAction ? await retrieveContext(userInput, aiState.get().chatId) : [];
   const augmentedSystemPrompt = retrievedContext.length > 0 ? `Context: ${retrievedContext.join('\n')}\n${currentSystemPrompt}` : currentSystemPrompt;
   const mapProvider = formData?.get('mapProvider') as 'mapbox' | 'google'

app/api/chat/route.ts

@@ -7,8 +7,9 @@ export const maxDuration = 60
 export async function POST(req: Request) {
   const { messages } = await req.json()
   const userId = await getCurrentUserIdOnServer()
+  const guestChatEnabled = process.env.ENABLE_GUEST_CHAT === 'true'
 
-  if (!userId) {
+  if (!userId && !guestChatEnabled) {
     return new Response('Unauthorized', { status: 401 })
   }
 

app/api/user/credits/route.ts

@@ -2,18 +2,14 @@ import { NextRequest, NextResponse } from 'next/server';
 import { db } from '@/lib/db';
 import { users } from '@/lib/db/schema';
 import { eq } from 'drizzle-orm';
-import { getSupabaseServerClient } from '@/lib/supabase/client';
 import { TIERS, parseTier, getTierConfig } from '@/lib/utils/subscription';
+import { getCurrentUserIdOnServer } from '@/lib/auth/get-current-user';
 
 export async function GET(req: NextRequest) {
   try {
-    const supabase = getSupabaseServerClient();
-    const {
-      data: { user },
-      error: userError
-    } = await supabase.auth.getUser();
+    const userId = await getCurrentUserIdOnServer();
 
-    if (userError || !user) {
+    if (!userId) {
       return NextResponse.json(
         { error: 'Unauthorized' },
         { status: 401 }
@@ -22,7 +18,7 @@ export async function GET(req: NextRequest) {
 
     // Get user from database
     const dbUser = await db.query.users.findFirst({
-      where: eq(users.id, user.id)
+      where: eq(users.id, userId)
     });
 
     if (!dbUser) {
@@ -33,9 +29,6 @@ export async function GET(req: NextRequest) {
     }
 
     const tier = parseTier(dbUser.tier);
-    // If user is not on Standard tier, they might not need credits logic,
-    // but for now we return the credits regardless.
-    // If the tier doesn't support credits (e.g. Free or Pro), the UI can handle it.
 
     return NextResponse.json({
       credits: dbUser.credits,

app/api/user/upgrade/route.ts

@@ -2,18 +2,14 @@ import { NextRequest, NextResponse } from 'next/server';
 import { db } from '@/lib/db';
 import { users } from '@/lib/db/schema';
 import { eq } from 'drizzle-orm';
-import { getSupabaseServerClient } from '@/lib/supabase/client';
 import { TIER_CONFIGS, TIERS, parseTier } from '@/lib/utils/subscription';
+import { getCurrentUserIdOnServer } from '@/lib/auth/get-current-user';
 
 export async function POST(req: NextRequest) {
   try {
-    const supabase = getSupabaseServerClient();
-    const {
-      data: { user },
-      error: userError
-    } = await supabase.auth.getUser();
+    const userId = await getCurrentUserIdOnServer();
 
-    if (userError || !user) {
+    if (!userId) {
       return NextResponse.json(
         { error: 'Unauthorized' },
         { status: 401 }
@@ -41,7 +37,7 @@ export async function POST(req: NextRequest) {
 
     // Get current user from database
     const currentUser = await db.query.users.findFirst({
-      where: eq(users.id, user.id)
+      where: eq(users.id, userId)
     });
 
     if (!currentUser) {
@@ -62,7 +58,7 @@ export async function POST(req: NextRequest) {
         tier: tier,
         credits: newCreditsTotal
       })
-      .where(eq(users.id, user.id))
+      .where(eq(users.id, userId))
       .returning();
 
     return NextResponse.json({

app/auth/auth-client-page.tsx

@@ -0,0 +1,63 @@
+"use client"
+
+export const dynamic = 'force-dynamic'
+
+import Image from "next/image"
+import { AuthPage } from "@/components/auth"
+import { useAuth } from "@/lib/auth/v0"
+
+function Logo() {
+  return (
+    <div className="flex items-center gap-2 text-xl font-semibold">
+      <Image src="/images/logo-green.png" alt="QCX Logo" width={32} height={32} />
+      QCX
+    </div>
+  )
+}
+
+function ArtPanel() {
+  return (
+    <div className="relative flex h-full w-full items-center justify-center overflow-hidden rounded-3xl">
+      <Image src="/images/abstract-art.png" alt="Abstract art" fill className="object-cover" priority />
+    </div>
+  )
+}
+
+export function AuthClientPage() {
+  const {
+    isLoading,
+    error,
+    magicLinkSent,
+    magicLinkEmail,
+    handleGoogleSignIn,
+    handleMagicLink,
+    resetError,
+    resetMagicLink,
+  } = useAuth({
+    // Optional callbacks for additional handling
+    onMagicLinkSent: (email) => {
+      console.log("Magic link sent to:", email)
+    },
+    onError: (error) => {
+      console.error("Auth error:", error)
+    },
+  })
+
+  return (
+    <AuthPage
+      title="Welcome to QCX"
+      subtitle="Let's get you started with Quality Computer Experiences"
+      logo={<Logo />}
+      onGoogleSignIn={handleGoogleSignIn}
+      onMagicLinkSubmit={handleMagicLink}
+      showGitHub={false}
+      decorativePanel={<ArtPanel />}
+      isLoading={isLoading}
+      error={error}
+      magicLinkSent={magicLinkSent}
+      magicLinkEmail={magicLinkEmail}
+      onResetMagicLink={resetMagicLink}
+      onResetError={resetError}
+    />
+  )
+}

app/auth/callback/route.ts

@@ -19,10 +19,17 @@ export async function GET(request: Request) {
   })
 
   if (code) {
+    const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL;
+    const supabaseAnonKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY;
+
+    if (!supabaseUrl || !supabaseAnonKey) {
+       return NextResponse.redirect(`${origin}/auth/auth-code-error?error=Missing+Supabase+Configuration`)
+    }
+
     const cookieStore = cookies()
     const supabase = createServerClient(
-      process.env.NEXT_PUBLIC_SUPABASE_URL!,
-      process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,
+      supabaseUrl,
+      supabaseAnonKey,
       {
         cookies: {
           async get(name: string) {

app/auth/page.tsx

@@ -1,63 +1,17 @@
-"use client"
+import { getCurrentUserIdOnServer } from "@/lib/auth/get-current-user"
+import { redirect } from "next/navigation"
+import { AuthClientPage } from "./auth-client-page"
 
 export const dynamic = 'force-dynamic'
 
-import Image from "next/image"
-import { AuthPage } from "@/components/auth"
-import { useAuth } from "@/lib/auth/v0"
+export default async function LoginPage() {
+  const userId = await getCurrentUserIdOnServer()
+  const isAuthEnabled = process.env.ENABLE_AUTH === 'true'
 
-function Logo() {
-  return (
-    <div className="flex items-center gap-2 text-xl font-semibold">
-      <Image src="/images/logo-green.png" alt="QCX Logo" width={32} height={32} />
-      QCX
-    </div>
-  )
-}
-
-function ArtPanel() {
-  return (
-    <div className="relative flex h-full w-full items-center justify-center overflow-hidden rounded-3xl">
-      <Image src="/images/abstract-art.png" alt="Abstract art" fill className="object-cover" priority />
-    </div>
-  )
-}
-
-export default function LoginPage() {
-  const {
-    isLoading,
-    error,
-    magicLinkSent,
-    magicLinkEmail,
-    handleGoogleSignIn,
-    handleMagicLink,
-    resetError,
-    resetMagicLink,
-  } = useAuth({
-    // Optional callbacks for additional handling
-    onMagicLinkSent: (email) => {
-      console.log("Magic link sent to:", email)
-    },
-    onError: (error) => {
-      console.error("Auth error:", error)
-    },
-  })
+  // If auth is disabled, redirect to home as we are always "logged in" as anonymous user
+  if (!isAuthEnabled && userId) {
+    redirect('/')
+  }
 
-  return (
-    <AuthPage
-      title="Welcome to QCX"
-      subtitle="Let's get you started with Quality Computer Experiences"
-      logo={<Logo />}
-      onGoogleSignIn={handleGoogleSignIn}
-      onMagicLinkSubmit={handleMagicLink}
-      showGitHub={false}
-      decorativePanel={<ArtPanel />}
-      isLoading={isLoading}
-      error={error}
-      magicLinkSent={magicLinkSent}
-      magicLinkEmail={magicLinkEmail}
-      onResetMagicLink={resetMagicLink}
-      onResetError={resetError}
-    />
-  )
+  return <AuthClientPage />
 }

app/page.tsx

@@ -1,20 +1,27 @@
 import { Chat } from '@/components/chat'
 import { nanoid } from '@/lib/utils'
 import { AI } from './actions'
-import { getCurrentUserIdOnServer } from '@/lib/auth/get-current-user'
+import { getSupabaseUserAndSessionOnServer } from '@/lib/auth/get-current-user'
 import { redirect } from 'next/navigation'
 import { MapDataProvider } from '@/components/map/map-data-context'
+import { ensureUserExists } from '@/lib/actions/users'
 
 export const maxDuration = 60
 export const dynamic = 'force-dynamic'
 
 export default async function Page() {
-  const userId = await getCurrentUserIdOnServer()
+  const { user } = await getSupabaseUserAndSessionOnServer()
+  const guestChatEnabled = process.env.ENABLE_GUEST_CHAT === 'true'
 
-  if (!userId) {
+  if (!user && !guestChatEnabled) {
     redirect('/auth')
   }
 
+  // Ensure user exists in public.users table if they are authenticated
+  if (user) {
+    await ensureUserExists(user.id, user.email)
+  }
+
   const id = nanoid()
   return (
     <AI initialAIState={{ chatId: id, messages: [] }}>

app/search/[id]/page.tsx

@@ -3,7 +3,8 @@ import { Chat } from '@/components/chat';
 import { getChat, getChatMessages } from '@/lib/actions/chat';
 import { AI } from '@/app/actions';
 import { MapDataProvider } from '@/components/map/map-data-context';
-import { getCurrentUserIdOnServer } from '@/lib/auth/get-current-user';
+import { getSupabaseUserAndSessionOnServer } from '@/lib/auth/get-current-user';
+import { ensureUserExists } from '@/lib/actions/users';
 import type { AIMessage } from '@/lib/types';
 
 export const maxDuration = 60;
@@ -14,22 +15,28 @@ export interface SearchPageProps {
 
 export async function generateMetadata({ params }: SearchPageProps) {
   const { id } = await params;
-  const userId = await getCurrentUserIdOnServer();
-  const chat = await getChat(id, userId);
+  const { user } = await getSupabaseUserAndSessionOnServer();
+  const chat = await getChat(id, user?.id);
   return {
     title: chat?.title?.toString().slice(0, 50) || 'Search',
   };
 }
 
 export default async function SearchPage({ params }: SearchPageProps) {
   const { id } = await params;
-  const userId = await getCurrentUserIdOnServer();
+  const { user } = await getSupabaseUserAndSessionOnServer();
+  const guestChatEnabled = process.env.ENABLE_GUEST_CHAT === 'true';
 
-  if (!userId) {
+  if (!user && !guestChatEnabled) {
     redirect('/');
   }
 
-  const chat = await getChat(id, userId);
+  // Ensure user exists if authenticated
+  if (user) {
+    await ensureUserExists(user.id, user.email);
+  }
+
+  const chat = await getChat(id, user?.id);
 
   if (!chat) {
     notFound();