add social-auth: google and github

[newways-dev]

No description provided.

[coderabbitai]

📝 Walkthrough

Summary by CodeRabbit

• New Features

  • Added social authentication via Google and GitHub sign-in options.
  • Created new authenticated home view with personalized user greeting and sign-out functionality.

• Chores

  • Added icon library dependency.

Walkthrough

This PR integrates Google and GitHub social authentication into the application. It adds the react-icons dependency, configures social providers in betterAuth, creates a new HomeView component for authenticated users, updates sign-in/sign-up views with social buttons, and refactors the root page to a server component that enforces session-based access control.

Changes

Social Authentication Integration

Layer / File(s)	Summary
Dependencies and Backend Auth Configuration package.json, src/lib/auth.ts	react-icons dependency is added; betterAuth is configured with Google and GitHub social providers wired to environment variables with scope configuration.
Home Component and Session Management src/modules/home/ui/views/home-view.tsx	New client component displays the logged-in user's name and provides a sign-out button that redirects to /sign-in on success. Session state is checked with loading fallback.
Auth Views with Social Sign-In Buttons src/modules/auth/ui/views/sign-in-view.tsx, src/modules/auth/ui/views/sign-up-view.tsx	Google and GitHub icon imports are added; a new onSocial(provider) handler calls authClient.signIn.social with callback URL /. Social buttons are updated to render icons only and manage pending/error state.
Root Page Navigation and Session Gating src/app/page.tsx	Root page is refactored from a client component with email form to an async server component that fetches the session via auth.api.getSession, redirects unauthenticated users to /sign-in, and renders HomeView for authenticated users.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• newways-dev/aidew#4: Adds the base betterAuth email configuration that this PR extends with social provider support.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	No pull request description was provided by the author, making it impossible to evaluate whether the description relates to the changeset.	Add a pull request description explaining the social authentication implementation, configuration changes, and any relevant context for reviewers.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The pull request title 'add social-auth: google and github' clearly and concisely summarizes the main change—adding Google and GitHub social authentication support.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

src/modules/auth/ui/views/sign-up-view.tsx (1)

202-219: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Icon-only social buttons need accessible names.

These buttons currently expose no accessible label for assistive tech.

Suggested fix

 <Button
   disabled={pending}
   variant="outline"
   type="button"
   className="w-full cursor-pointer"
   onClick={() => onSocial('google')}
+  aria-label="Continue with Google"
 >
   <FaGoogle />
+  <span className="sr-only">Continue with Google</span>
 </Button>
 <Button
   disabled={pending}
   variant="outline"
   type="button"
   className="w-full cursor-pointer"
   onClick={() => onSocial('github')}
+  aria-label="Continue with GitHub"
 >
   <FaGithub />
+  <span className="sr-only">Continue with GitHub</span>
 </Button>

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/modules/auth/ui/views/sign-up-view.tsx` around lines 202 - 219, The
social icon-only Buttons in sign-up-view.tsx (the Button components that call
onSocial('google') and onSocial('github') and render FaGoogle/FaGithub) lack
accessible names; add explicit accessible labels by either adding aria-label
attributes (e.g., aria-label="Continue with Google" and aria-label="Continue
with GitHub") or include visually hidden text (sr-only span) inside each Button
so screen readers can announce the purpose while keeping the visual icon-only
appearance.

src/modules/auth/ui/views/sign-in-view.tsx (1)

154-171: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Add accessible labels to icon-only social auth buttons.

Without accessible naming, screen readers can’t identify button purpose.

Suggested fix

 <Button
   disabled={pending}
   variant="outline"
   type="button"
   className="w-full cursor-pointer"
   onClick={() => onSocial('google')}
+  aria-label="Continue with Google"
 >
   <FaGoogle />
+  <span className="sr-only">Continue with Google</span>
 </Button>
 <Button
   disabled={pending}
   variant="outline"
   type="button"
   className="w-full cursor-pointer"
   onClick={() => onSocial('github')}
+  aria-label="Continue with GitHub"
 >
   <FaGithub />
+  <span className="sr-only">Continue with GitHub</span>
 </Button>

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/modules/auth/ui/views/sign-in-view.tsx` around lines 154 - 171, The
social auth buttons (the Button components rendering only FaGoogle and FaGithub
icons in sign-in-view.tsx) lack accessible names, so add an accessible label to
each Button (e.g., aria-label="Sign in with Google" and aria-label="Sign in with
GitHub") or include visually hidden text inside the Button to convey purpose;
update the two Button elements that call onSocial('google') and
onSocial('github') accordingly and ensure the labels match the icon intent so
screen readers can identify them.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/lib/auth.ts`:
- Around line 8-18: The socialProviders object is coercing env vars with "as
string" which hides missing values at runtime; add a startup validation that
checks the required env vars for google and github
(process.env.GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET, GITHUB_CLIENT_ID,
GITHUB_CLIENT_SECRET) and fail fast if any are missing. Implement a small
validator function (e.g., validateOAuthEnvVars or validateSocialProvidersEnv)
and call it before exporting/using socialProviders so it throws a clear error or
exits with a descriptive message identifying which provider and variable is
missing.

In `@src/modules/auth/ui/views/sign-in-view.tsx`:
- Line 141: The Tailwind class on the OctagonAlertIcon uses the deprecated
suffix form "text-destructive!"; update the JSX in sign-in-view (the
OctagonAlertIcon element) to use the modern prefix important modifier
"!text-destructive" instead of "text-destructive!" so the className becomes
"!text-destructive" (keep the existing size classes unchanged).

In `@src/modules/auth/ui/views/sign-up-view.tsx`:
- Line 189: The Tailwind class on OctagonAlertIcon uses the deprecated trailing
important marker; update the className for OctagonAlertIcon to use the leading
important modifier so the icon color is applied in Tailwind v4 (replace the
current "text-destructive!" usage with the leading form, e.g., use
"!text-destructive" alongside the existing "h-4 w-4" in the OctagonAlertIcon
className).

---

Outside diff comments:
In `@src/modules/auth/ui/views/sign-in-view.tsx`:
- Around line 154-171: The social auth buttons (the Button components rendering
only FaGoogle and FaGithub icons in sign-in-view.tsx) lack accessible names, so
add an accessible label to each Button (e.g., aria-label="Sign in with Google"
and aria-label="Sign in with GitHub") or include visually hidden text inside the
Button to convey purpose; update the two Button elements that call
onSocial('google') and onSocial('github') accordingly and ensure the labels
match the icon intent so screen readers can identify them.

In `@src/modules/auth/ui/views/sign-up-view.tsx`:
- Around line 202-219: The social icon-only Buttons in sign-up-view.tsx (the
Button components that call onSocial('google') and onSocial('github') and render
FaGoogle/FaGithub) lack accessible names; add explicit accessible labels by
either adding aria-label attributes (e.g., aria-label="Continue with Google" and
aria-label="Continue with GitHub") or include visually hidden text (sr-only
span) inside each Button so screen readers can announce the purpose while
keeping the visual icon-only appearance.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 69218708-a209-4044-9534-e63d013bce01

📥 Commits

Reviewing files that changed from the base of the PR and between 719caf1 and 59ddba4.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (6)

• package.json
• src/app/page.tsx
• src/lib/auth.ts
• src/modules/auth/ui/views/sign-in-view.tsx
• src/modules/auth/ui/views/sign-up-view.tsx
• src/modules/home/ui/views/home-view.tsx

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Fail fast when required OAuth env vars are missing.

Using as string here won’t protect runtime paths. Missing provider credentials will surface later as auth failures instead of startup-time errors.

Suggested fix

+const requiredEnv = (key: string) => {
+  const value = process.env[key]
+  if (!value) throw new Error(`Missing required env var: ${key}`)
+  return value
+}
+
 export const auth = betterAuth({
   socialProviders: {
     google: {
-      clientId: process.env.GOOGLE_CLIENT_ID as string,
-      clientSecret: process.env.GOOGLE_CLIENT_SECRET as string,
+      clientId: requiredEnv('GOOGLE_CLIENT_ID'),
+      clientSecret: requiredEnv('GOOGLE_CLIENT_SECRET'),
     },
     github: {
-      clientId: process.env.GITHUB_CLIENT_ID as string,
-      clientSecret: process.env.GITHUB_CLIENT_SECRET as string,
+      clientId: requiredEnv('GITHUB_CLIENT_ID'),
+      clientSecret: requiredEnv('GITHUB_CLIENT_SECRET'),
       scope: ['user:email'],
     },
   },

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/lib/auth.ts` around lines 8 - 18, The socialProviders object is coercing
env vars with "as string" which hides missing values at runtime; add a startup
validation that checks the required env vars for google and github
(process.env.GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET, GITHUB_CLIENT_ID,
GITHUB_CLIENT_SECRET) and fail fast if any are missing. Implement a small
validator function (e.g., validateOAuthEnvVars or validateSocialProvidersEnv)
and call it before exporting/using socialProviders so it throws a clear error or
exits with a descriptive message identifying which provider and variable is
missing.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🌐 Web query:

In Tailwind CSS v4, is text-destructive!valid syntax for the important modifier, or is the correct form!text-destructive?

💡 Result:

In Tailwind CSS v4, the important modifier syntax is! at the end of the class name, i.e.!text-destructive, not text-destructive!. Tailwind’s v4 upgrade guide states: “In v4 you should place the! at the very end of the class name instead” and shows the pattern flex! (with the note that the old way is deprecated) [1]. So for your example, use!text-destructive (optionally with variants as usual, e.g. hover:!text-destructive), while text-destructive! is not the recommended/valid v4 form per the upgrade guidance [1].

Citations:

• 1: https://tailwindcss.com/docs/upgrade-guide

---

Use !text-destructive instead of text-destructive! for Tailwind CSS v4 compatibility.

In Tailwind CSS v4, the important modifier syntax places ! at the beginning of the class name, not the end. The current text-destructive! syntax is invalid and deprecated; the alert icon color may silently fall back.

Suggested fix

-<OctagonAlertIcon className="h-4 w-4 text-destructive!" />
+<OctagonAlertIcon className="h-4 w-4 !text-destructive" />

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/modules/auth/ui/views/sign-up-view.tsx` at line 189, The Tailwind class
on OctagonAlertIcon uses the deprecated trailing important marker; update the
className for OctagonAlertIcon to use the leading important modifier so the icon
color is applied in Tailwind v4 (replace the current "text-destructive!" usage
with the leading form, e.g., use "!text-destructive" alongside the existing "h-4
w-4" in the OctagonAlertIcon className).