- Test 6 (middleware redirect) now passes after fix
- 12/12 tests passing
- Phase 1 UAT complete
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Use request.nextUrl.clone() instead of new URL() for redirects
- This preserves the /leopost basePath in redirect URLs
- Fixes 404 error when unauthenticated user visits /dashboard
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Issue found:
- Middleware redirect missing basePath (redirects to /login/ instead of /leopost/login/)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Document nginx buffer configuration for Supabase Auth OAuth
- Document Next.js basePath/trailingSlash configuration
- Document middleware matcher best practices
- Add useful commands and current phase status
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Remove hardcoded /leopost path from Google OAuth redirect
- Use environment variable for flexible deployment URL
- Fallback to window.location.origin for local development
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Display all plans (Free, Creator, Pro) in card grid
- Highlight current plan with 'Piano attuale' badge
- Add feature comparison table
- Include FAQ section
- Show payment deferral notice
- All text in Italian
- Create switchPlan server action for plan changes
- Create getCurrentPlan utility function
- Build PlanCard component with feature display
- Handle plan switching with loading state
- Revalidate dashboard and subscription pages on change
- Add Plan and PlanFeatures TypeScript interfaces
- Add Profile type with plan relationship
- Create plan utility functions with Italian labels
- Add formatPrice, formatFeatureValue, getPlanBadgeColor helpers
Tasks completed: 3/3
- Create middleware helper and main middleware
- Create protected dashboard layout and page
- Update home page to redirect appropriately
SUMMARY: .planning/phases/01-foundation-auth/01-05-SUMMARY.md
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Redirect authenticated users to dashboard
- Show landing page with value proposition for visitors
- Add clear CTAs for register and login
- Italian copy reflecting core product value
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create UserNav component with logout functionality
- Add dashboard layout with header, navigation, and user info
- Create dashboard page displaying plan info and onboarding steps
- All text in Italian for target audience
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create updateSession helper for Supabase session management
- Add main middleware with protected and auth route handling
- Configure matcher to exclude static files for performance
- Session refresh on every request prevents random logouts
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Email/password auth was implemented by 01-04 during parallel wave execution.
All must-haves verified present in codebase.
Co-Authored-By: Claude Sonnet 4 <noreply@anthropic.com>
- Handle OAuth and email verification callback
- Exchange code for session using Supabase SSR
- Redirect to next param or /dashboard on success
- Redirect to /login with error on failure
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Tasks completed: 3/3
- Create Google Sign-In button component
- Add Google button to login and register pages
- Document Google OAuth setup process
SUMMARY: .planning/phases/01-foundation-auth/01-04-SUMMARY.md
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add Zod validation schemas for auth operations
- Add server actions for register, login, reset, update password
- Add clsx and tailwind-merge for class utilities
- Password validation: 8+ chars, 1 number, 1 uppercase
- Error messages in Italian per user requirement
- Specific error messages (not generic 'invalid credentials')
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Step-by-step Google Cloud Console configuration
- Supabase Dashboard provider setup instructions
- Environment variables section
- Test integration checklist
- Troubleshooting guide for common errors
- Security notes and best practices
- Local vs production comparison table
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add auth layout with centered card design
- Add Input component for form fields
- Add LoginForm component with email/password and validation
- Add RegisterForm component with password requirements
- Add login page with Google button + 'oppure' divider + email form
- Add register page with Google button + 'oppure' divider + email form
- Italian text throughout (Accedi, Registrati, oppure)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add cn() utility function for class name merging
- Add Button component with default/outline/ghost variants
- Add Card component with Header, Title, Description, Content, Footer
- Add GoogleSignInButton with signInWithOAuth for Google provider
- Italian text: 'Accedi con Google'
- Redirects to /auth/callback after consent
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- src/lib/supabase/client.ts: Browser client for Client Components
- Uses createBrowserClient from @supabase/ssr
- Reads NEXT_PUBLIC_* env vars
- src/lib/supabase/server.ts: Server client for SSR/Actions
- Uses createServerClient from @supabase/ssr
- Async cookies() for Next.js 15+ compatibility
- Cookie handlers for session management
- Try/catch in setAll for Server Component safety
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- .env.example template for required variables
- .env.local with placeholders (gitignored)
- NEXT_PUBLIC_SUPABASE_URL for API endpoint
- NEXT_PUBLIC_SUPABASE_ANON_KEY for client-side auth
- SUPABASE_SERVICE_ROLE_KEY for server-side operations
- NEXT_PUBLIC_APP_URL for callback URLs
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Tasks completed: 3/3
- Create database migration with plans and profiles
- Create seed file for development
- Document database schema
SUMMARY: .planning/phases/01-foundation-auth/01-02-SUMMARY.md
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Document plans and profiles tables with all columns
- Document RLS policies and performance notes
- Document helper functions with TypeScript examples
- Document triggers and migration options
- Include security notes and best practices
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Verify plans exist before seeding
- Log seed completion with NOTICE
- Minimal seed - plans created in migration, profiles via trigger
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Phase 01: Foundation & Auth
- Email verification mandatory
- Password: medium strength (8+, 1 num, 1 upper)
- Specific error messages (not generic)
- New device login notification
- Password reset via email link
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
