Skip to content

Online mode: Google OAuth, board privacy, and offline-aware sync#17

Merged
pedrobritx merged 1 commit into
mainfrom
claude/determined-franklin-1crdxq
Jun 10, 2026
Merged

Online mode: Google OAuth, board privacy, and offline-aware sync#17
pedrobritx merged 1 commit into
mainfrom
claude/determined-franklin-1crdxq

Conversation

@pedrobritx

@pedrobritx pedrobritx commented Jun 10, 2026

Copy link
Copy Markdown
Owner

Summary

Makes NotUX work as a complete online app — real-time multiplayer (already in place), Google sign-in, account-scoped privacy for annotations/login info, and graceful fallback to local-only mode when Supabase is unreachable. No secrets are added to the repo.

What changed

Authentication

  • New unified useAuth hook (replaces useMagicLink) adding Google OAuth (signInWithOAuth) alongside the email magic-link fallback.
  • Home shows a "Sign in with Google" button with an "or email instead" fallback.
  • OAuth is brokered entirely by Supabase — the frontend never holds the Google client ID/secret.

Privacy & data scoping (supabase/migrations/0004_profiles_and_privacy.sql)

  • New profiles table (name, avatar, provider), owner-only RLS — a user's account info is readable only by themselves.
  • Trigger auto-provisions/refreshes a profile from auth metadata on every sign-in.
  • Boards created while signed in default to private; pages/snapshots/assets RLS now gates on is_public OR owner_id = auth.uid(), so private-board annotations are owner-only.

Sharing

  • BoardAccessIndicator chip lets the owner flip a board between 🔒 Private and a 🔗 Shared collaborative link.

Identity / presence

  • Presence uses the Google display name + avatar, derived only from the user's own session — never by reading another user's profile row.

Offline

  • SaveStatus surfaces an offline state and reassures that edits persist locally (IndexedDB) and resync on reconnect.

Docs / config

  • docs/SETUP.md: end-to-end setup (Supabase keys, Google OAuth client, Supabase provider config, CI secrets, verification).
  • supabase/config.toml: declares the Google provider (secrets via env) and the localhost callback URL.
  • .env* remain git-ignored; .env.local is not tracked.

Manual steps required (documented in docs/SETUP.md)

  1. Google Cloud Console — create an OAuth Web client; set the authorized redirect URI to https://<project>.supabase.co/auth/v1/callback.
  2. Supabase Dashboard → Authentication → Providers → Google — paste the Client ID + Secret and enable.
  3. Apply migrationssupabase db push (adds profiles + privacy RLS).
  4. GitHub Actions secretsVITE_SUPABASE_URL, VITE_SUPABASE_ANON_KEY (no Google value needed at build time).

Verification

  • pnpm -r typecheck
  • pnpm -F @notux/web build
  • Manual: Google sign-in round-trip, private-by-default new board, Share toggle, offline indicator (see docs/SETUP.md §5).

Design note

Real-time collaboration and per-account privacy are reconciled by making signed-in users' boards private by default with explicit opt-in sharing, rather than the previous free-for-all-public default. Existing public boards keep working unchanged.

https://claude.ai/code/session_015VWZXTJebcCq2EWZybJ6xi

Generated by Claude Code

@claude
Add Google OAuth, board privacy, and offline-aware sync
97655a6 
Enable complete online operation with secure, account-scoped data:

- Auth: unify auth into useAuth hook adding Google OAuth alongside the
  existing email magic-link; Home shows a Google button with email fallback.
- Privacy: new profiles table (owner-only RLS) auto-provisioned from auth
  metadata via trigger; boards created while signed in default to private,
  with RLS gating pages/snapshots/assets on (is_public OR owner_id = uid).
- Sharing: BoardAccessIndicator chip lets the owner flip a board between
  private and a collaborative shared link.
- Identity: presence now uses the Google display name + avatar, derived only
  from the user's own session (never another user's profile row).
- Offline: SaveStatus reports an offline state and that edits persist locally
  and resync on reconnect.
- Docs: docs/SETUP.md covers Supabase, Google OAuth, and CI secrets; secrets
  stay out of the repo (.env* already git-ignored).

https://claude.ai/code/session_015VWZXTJebcCq2EWZybJ6xi
@pedrobritx pedrobritx marked this pull request as ready for review June 10, 2026 17:07
@pedrobritx pedrobritx merged commit 48dc48c into main Jun 10, 2026
4 checks passed
@pedrobritx pedrobritx deleted the claude/determined-franklin-1crdxq branch June 10, 2026 17:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pedrobritx @claude