Commit Graph

6 Commits

Author SHA1 Message Date
Ryan Salazar
dd93a74bdf Brand cleanup: swap remaining user-facing BB strings + accent blue → AV orange
Hit pages we didn't get the first pass: rss, gear, show-coverage,
articles/[slug], contributor, manufacturers, login, client-login, terms,
dashboard/show-calendar, and team-page derive helpers (domain + comment).
2026-06-01 15:39:09 +00:00
Ryan Salazar
fc4181cd46 HOTFIX: redirect post-login to /home-page (where auth works) instead of /contributor (race condition) 2026-05-10 13:10:51 +00:00
Ryan Salazar
e5de543268 debug: add console logging to login form for error visibility
Logs success payload (sans secrets — just success/migrated/legacy/uid/
email/hasToken booleans) and the post-login document.cookie state so
DevTools can show whether the auth cookie actually landed in the
browser before the /contributor redirect runs.
2026-05-09 10:01:39 +00:00
Ryan Salazar
9e3b48c10d client-login: hard reload to /contributor instead of setSession+router.push
The previous attempt at hydrating the Supabase browser client via
supabase.auth.setSession() was racing against the server-set cookie.
The server cookie was written with Path=/; SameSite=Lax (no Secure
flag — Next.js cookies().set defaults), but the browser supabase
client's setAll handler writes cookies with Secure; SameSite=None.
The two writes for the same cookie name produced inconsistent state.

Drop setSession + router.push entirely. Instead, do a hard
window.location.href = '/contributor' redirect after a successful
POST. The server renders /contributor with the freshly-set auth
cookie; the browser supabase client boots up reading it from
document.cookie on page load. No client-side hydration race.
2026-05-09 06:39:28 +00:00
Ryan Salazar
275f0c9627 client-login: hydrate Supabase session from API response before redirect
The wp-login API sets the auth cookie via NextResponse, but a
client-side router.push() doesn't always pick up the new cookie before
the destination page's AuthContext snapshots auth state — leading to a
brief 'logged out' flash on /contributor right after a successful
login.

Fix: after a successful POST to /api/auth/wp-login, call
supabase.auth.setSession({ access_token, refresh_token }) using the
session payload returned by the API. That hydrates the Supabase
browser client (and therefore AuthContext) immediately, so the next
render is authenticated. router.refresh() is also called to invalidate
the Next.js Router Cache for any stale RSC payloads.

Also adds console.error on both the !res.ok branch and the catch block
so login failures are inspectable in DevTools.
2026-05-09 03:12:50 +00:00
Ryan Salazar
66ff0f08ae add client login page for PR Firms 2026-05-08 18:28:41 +00:00