feat (auth): implement Google and GitHub sign up and log in supporting multi dev environments

Author: kryvosheyin

frontend/app/[locale]/login/page.tsx

@@ -6,6 +6,7 @@ import { useState } from "react";
 import { useSearchParams } from "next/navigation";
 import { getPendingQuizResult, clearPendingQuizResult } from "@/lib/guest-quiz";
 import { Button } from "@/components/ui/button";
+import { OAuthButtons } from '@/components/auth/OAuthButtons';
 
 export default function LoginPage() {
   const searchParams = useSearchParams();
@@ -82,6 +83,14 @@ export default function LoginPage() {
     <div className="mx-auto max-w-sm py-12">
       <h1 className="mb-6 text-2xl font-semibold">Log in</h1>
 
+      <OAuthButtons />
+
+      <div className="my-4 flex items-center gap-3">
+        <div className="h-px flex-1 bg-gray-200" />
+        <span className="text-xs text-gray-500">or</span>
+        <div className="h-px flex-1 bg-gray-200" />
+      </div>
+
       <form onSubmit={onSubmit} className="space-y-4">
         <input
           name="email"

frontend/app/[locale]/signup/page.tsx

@@ -6,6 +6,7 @@ import { useState } from "react";
 import { useSearchParams } from "next/navigation";
 import { getPendingQuizResult, clearPendingQuizResult } from "@/lib/guest-quiz";
 import { Button } from "@/components/ui/button";
+import { OAuthButtons } from '@/components/auth/OAuthButtons';
 
 type FormError = string | Record<string, string[]>;
 
@@ -94,6 +95,14 @@ export default function SignupPage() {
     <div className="mx-auto max-w-sm py-12">
       <h1 className="mb-6 text-2xl font-semibold">Create account</h1>
 
+      <OAuthButtons />
+
+      <div className="my-4 flex items-center gap-3">
+        <div className="h-px flex-1 bg-gray-200" />
+        <span className="text-xs text-gray-500">or</span>
+        <div className="h-px flex-1 bg-gray-200" />
+      </div>
+
       <form onSubmit={onSubmit} className="space-y-4">
         <input
           name="name"

frontend/app/api/auth/github/callback/route.ts

@@ -0,0 +1,150 @@
+import { NextRequest, NextResponse } from "next/server";
+import { eq } from "drizzle-orm";
+
+import { db } from "@/db";
+import { users } from "@/db/schema/users";
+import { signAuthToken, setAuthCookie } from "@/lib/auth";
+import { env } from "@/lib/env";
+
+type GithubTokenResponse = {
+  access_token: string;
+  token_type: string;
+  scope: string;
+};
+
+type GithubUser = {
+  id: number;
+  login: string;
+  name: string | null;
+  avatar_url: string;
+};
+
+type GithubEmail = {
+  email: string;
+  primary: boolean;
+  verified: boolean;
+};
+
+export async function GET(req: NextRequest) {
+  const code = req.nextUrl.searchParams.get("code");
+
+  if (!code) {
+    return NextResponse.redirect(new URL("/login", req.url));
+  }
+
+  const tokenRes = await fetch(
+    "https://github.com/login/oauth/access_token",
+    {
+      method: "POST",
+      headers: {
+        Accept: "application/json",
+      },
+      body: new URLSearchParams({
+        client_id: env.github.clientId!,
+        client_secret: env.github.clientSecret!,
+        code,
+        redirect_uri: env.github.redirectUri!,
+      }),
+    }
+  );
+
+  if (!tokenRes.ok) {
+    console.error(
+    "GitHub token exchange failed",
+    await tokenRes.text()
+  );
+    return NextResponse.redirect(new URL("/login", req.url));
+  }
+
+  const tokenData = (await tokenRes.json()) as GithubTokenResponse;
+
+  const userRes = await fetch("https://api.github.com/user", {
+    headers: {
+      Authorization: `Bearer ${tokenData.access_token}`,
+    },
+  });
+
+  if (!userRes.ok) {
+    return NextResponse.redirect(new URL("/login", req.url));
+  }
+
+  const ghUser = (await userRes.json()) as GithubUser;
+
+  const emailsRes = await fetch("https://api.github.com/user/emails", {
+    headers: {
+      Authorization: `Bearer ${tokenData.access_token}`,
+    },
+  });
+
+  if (!emailsRes.ok) {
+    return NextResponse.redirect(new URL("/login", req.url));
+  }
+
+  const emails = (await emailsRes.json()) as GithubEmail[];
+
+  const primaryEmail = emails.find(
+    (e) => e.primary && e.verified
+  )?.email;
+
+  if (!primaryEmail) {
+    return NextResponse.redirect(new URL("/login", req.url));
+  }
+
+  const githubId = String(ghUser.id);
+  let user = null;
+
+  const [githubUser] = await db
+    .select()
+    .from(users)
+    .where(eq(users.providerId, githubId))
+    .limit(1);
+
+  if (githubUser) {
+    user = githubUser;
+  } else {
+    const [emailUser] = await db
+      .select()
+      .from(users)
+      .where(eq(users.email, primaryEmail))
+      .limit(1);
+
+    if (emailUser) {
+      await db
+        .update(users)
+        .set({
+          provider: "github",
+          providerId: githubId,
+          emailVerified: emailUser.emailVerified ?? new Date(),
+          image: emailUser.image ?? ghUser.avatar_url,
+          name: emailUser.name ?? ghUser.name ?? ghUser.login,
+        })
+        .where(eq(users.id, emailUser.id));
+
+      user = emailUser;
+    } else {
+      const [created] = await db
+        .insert(users)
+        .values({
+          email: primaryEmail,
+          name: ghUser.name ?? ghUser.login,
+          image: ghUser.avatar_url,
+          provider: "github",
+          providerId: githubId,
+          emailVerified: new Date(),
+        })
+        .returning();
+
+      user = created;
+    }
+  }
+
+  const token = signAuthToken({
+    userId: user.id,
+    email: user.email,
+    role: user.role === "admin" ? "admin" : "user",
+  });
+
+  await setAuthCookie(token);
+
+  return NextResponse.redirect(new URL("/", req.url));
+}

frontend/app/api/auth/github/route.ts

@@ -0,0 +1,14 @@
+import { env } from "@/lib/env";
+import { NextResponse } from "next/server";
+
+export async function GET() {
+  const params = new URLSearchParams({
+    client_id: env.github.clientId!,
+    redirect_uri: env.github.redirectUri!,
+    scope: "user:email",
+  });
+
+  return NextResponse.redirect(
+    `https://github.com/login/oauth/authorize?${params.toString()}`
+  );
+}

frontend/app/api/auth/google/callback/route.ts

@@ -0,0 +1,128 @@
+import { NextRequest, NextResponse } from "next/server";
+import { eq } from "drizzle-orm";
+
+import { db } from "@/db";
+import { users } from "@/db/schema/users";
+import { signAuthToken, setAuthCookie } from "@/lib/auth";
+import { env } from "@/lib/env";
+
+type GoogleTokenResponse = {
+  access_token: string;
+  expires_in: number;
+  token_type: string;
+  scope: string;
+};
+
+type GoogleProfile = {
+  id: string;
+  email: string;
+  verified_email: boolean;
+  name: string;
+  picture: string;
+};
+
+export async function GET(req: NextRequest) {
+  const code = req.nextUrl.searchParams.get("code");
+
+  if (!code) {
+    return NextResponse.redirect(new URL("/login", req.url));
+  }
+
+  const tokenRes = await fetch("https://oauth2.googleapis.com/token", {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/x-www-form-urlencoded",
+    },
+    body: new URLSearchParams({
+      code,
+      client_id: env.google.clientId!,
+      client_secret: env.google.clientSecret!,
+      redirect_uri: env.google.redirectUri!,
+      grant_type: "authorization_code",
+    }),
+  });
+
+  if (!tokenRes.ok) {
+    return NextResponse.redirect(new URL("/login", req.url));
+  }
+
+  const tokenData = (await tokenRes.json()) as GoogleTokenResponse;
+
+  const profileRes = await fetch(
+    "https://www.googleapis.com/oauth2/v2/userinfo",
+    {
+      headers: {
+        Authorization: `Bearer ${tokenData.access_token}`,
+      },
+    }
+  );
+
+  if (!profileRes.ok) {
+    return NextResponse.redirect(new URL("/login", req.url));
+  }
+
+  const profile = (await profileRes.json()) as GoogleProfile;
+
+  const email = profile.email;
+  const googleId = profile.id;
+
+  let user = null;
+
+  const [googleUser] = await db
+    .select()
+    .from(users)
+    .where(eq(users.providerId, googleId))
+    .limit(1);
+
+  if (googleUser) {
+    user = googleUser;
+  } else {
+
+    const [emailUser] = await db
+      .select()
+      .from(users)
+      .where(eq(users.email, email))
+      .limit(1);
+
+    if (emailUser) {
+      await db
+        .update(users)
+        .set({
+          provider: "google",
+          providerId: googleId,
+          emailVerified: emailUser.emailVerified ?? new Date(),
+          image: emailUser.image ?? profile.picture,
+          name: emailUser.name ?? profile.name,
+        })
+        .where(eq(users.id, emailUser.id));
+
+      user = emailUser;
+    } else {
+
+      const [created] = await db
+        .insert(users)
+        .values({
+          email,
+          name: profile.name,
+          image: profile.picture,
+          provider: "google",
+          providerId: googleId,
+          emailVerified: new Date(),
+        })
+        .returning();
+
+      user = created;
+    }
+  }
+
+
+  const token = signAuthToken({
+    userId: user.id,
+    email: user.email,
+    role: user.role === "admin" ? "admin" : "user",
+  });
+
+  await setAuthCookie(token);
+
+  return NextResponse.redirect(new URL("/", req.url));
+}   

frontend/app/api/auth/google/route.ts

@@ -0,0 +1,16 @@
+import { env } from "@/lib/env";
+import { NextResponse } from "next/server";
+
+export async function GET() {
+  const params = new URLSearchParams({
+    client_id: env.google.clientId!,
+    redirect_uri: env.google.redirectUri!,
+    response_type: "code",
+    scope: "openid email profile",
+    prompt: "select_account",
+  });
+
+  return NextResponse.redirect(
+    `https://accounts.google.com/o/oauth2/v2/auth?${params.toString()}`
+  );
+}

frontend/components/auth/OAuthButtons.tsx

@@ -0,0 +1,21 @@
+import { ProviderButton } from "./ProviderButton";
+import { GoogleIcon } from "./icons/GoogleIcon";
+import { GitHubIcon } from "./icons/GitHubIcon";
+
+export function OAuthButtons() {
+    return (
+        <div className="space-y-2">
+            <ProviderButton
+                provider="google"
+                label="Continue with Google"
+                icon={<GoogleIcon className="h-4 w-4" />}
+            />
+
+            <ProviderButton
+                provider="github"
+                label="Continue with GitHub"
+                icon={<GitHubIcon className="h-4 w-4" />}
+            />
+        </div>
+    );
+}