Authentication Overview
UCF GeoLens uses Supabase for user authentication. All application routes are protected — unauthenticated users are redirected to the login page on every page load.
Auth Flow
User visits geo-lens.net
│
▼
index.html loads supabase-auth.js
│
▼
checkAuthState() ──► No session? ──► Redirect to /login.html
│
Session found
│
▼
App initializes (sidebar, Cesium map, etc.)
Key Files
| File | Purpose |
|---|---|
auth/supabase-auth.js | All auth functions: register, login, logout, session check, password reset |
auth/supabase-config.js | Supabase project URL and anon key |
client/public/login.html | Login and registration page |
supabase/schema.sql | Database schema (run once per Supabase project) |
Session Management
Supabase handles sessions via JWT tokens stored in localStorage. The checkAuthState() function calls supabase.auth.getUser() which automatically validates the stored token against the Supabase server.
Sessions persist across browser refreshes and tabs on the same origin.
Email Verification
New registrations require email confirmation before the account can be used. The app checks data.user.email_confirmed_at at login and blocks access if the address has not been verified.
Logout
The Logout button in the sidebar header calls supabase.auth.signOut() and redirects to /login.html.
Supabase Project Setup
- Create a free project at supabase.com
- Run
supabase/schema.sqlin the Supabase SQL editor - Copy the Project URL and anon (public) key from Settings → API
- Paste them into
auth/supabase-config.js - In Supabase Authentication → URL Configuration, set the site URL to your app domain