Login & Registration
The login/register UI is served from client/public/login.html with logic in auth/supabase-auth.js and client/public/js/landing.js.
Registration
- User fills in Email, Password, and Confirm Password
- Client validates:
- All fields required
- Valid email format (
/^[^@]+@[^@]+\.[^@]+$/) - Passwords must match
- Calls
supabase.auth.signUp({ email, password, options: { emailRedirectTo } }) - On success, a verification email is sent; the form is hidden and a confirmation message is shown
- A row is inserted into
login_eventswith the user's ID
Email Verification
The verification link in the email contains access_token and refresh_token query parameters. The handleEmailVerification() function in supabase-auth.js detects these on page load and calls supabase.auth.setSession(...) to activate the session, then redirects to the login page after 3 seconds.
Login
- User fills in Email and Password
- Client validates fields and email format
- Calls
supabase.auth.signInWithPassword({ email, password }) - If
data.user.email_confirmed_atis null, login is blocked with an error message - A row is inserted into
login_events - User is redirected to
index.html
Password Reset
- User clicks Forgot Password and enters their email
- Calls
supabase.auth.resetPasswordForEmail(email, { redirectTo: ... }) - Supabase sends a password reset link
- Following the link opens the login page where the user sets a new password via Supabase's built-in reset flow
Logout
Called from the sidebar Logout button in index.html:
await supabase.auth.signOut();
window.location.href = '/login.html';
Auth State Check (index.html)
On every load of the main app, authentication is checked:
import { supabase, checkAuthState } from '/auth/supabase-auth.js';
const user = await checkAuthState();
if (!user) {
window.location.href = '/login.html';
}
checkAuthState() calls supabase.auth.getUser() which validates the stored JWT with the Supabase server.