arbret/frontend/app/auth-context.tsx

"use client";

import { createContext, useContext, useState, useEffect, useCallback, ReactNode } from "react";

import { api } from "./api";
import { components } from "./generated/api";
import { extractApiErrorMessage } from "./utils/error-handling";

// Permission type from generated OpenAPI schema
export type PermissionType = components["schemas"]["Permission"];

// Permission constants - derived from backend's Permission enum via OpenAPI.
// The type annotation ensures compile-time validation against the generated schema.
// Adding a new permission in the backend will cause a type error here until updated.
export const Permission: Record<string, PermissionType> = {
  VIEW_AUDIT: "view_audit",
  FETCH_PRICE: "fetch_price",
  MANAGE_OWN_PROFILE: "manage_own_profile",
  MANAGE_INVITES: "manage_invites",
  VIEW_OWN_INVITES: "view_own_invites",
  // Exchange permissions (regular users)
  CREATE_EXCHANGE: "create_exchange",
  VIEW_OWN_EXCHANGES: "view_own_exchanges",
  CANCEL_OWN_EXCHANGE: "cancel_own_exchange",
  // Availability/Exchange permissions (admin)
  MANAGE_AVAILABILITY: "manage_availability",
  VIEW_ALL_EXCHANGES: "view_all_exchanges",
  CANCEL_ANY_EXCHANGE: "cancel_any_exchange",
  COMPLETE_EXCHANGE: "complete_exchange",
} as const;

// Use generated type from OpenAPI schema
type User = components["schemas"]["UserResponse"];

interface AuthContextType {
  user: User | null;
  isLoading: boolean;
  login: (email: string, password: string) => Promise<void>;
  register: (email: string, password: string, inviteIdentifier: string) => Promise<void>;
  logout: () => Promise<void>;
  hasPermission: (permission: PermissionType) => boolean;
  hasRole: (role: string) => boolean;
}

const AuthContext = createContext<AuthContextType | null>(null);

export function AuthProvider({ children }: { children: ReactNode }) {
  const [user, setUser] = useState<User | null>(null);
  const [isLoading, setIsLoading] = useState(true);

  useEffect(() => {
    checkAuth();
  }, []);

  const checkAuth = async () => {
    try {
      const userData = await api.get<User>("/api/auth/me");
      setUser(userData);
    } catch {
      // Not authenticated
    } finally {
      setIsLoading(false);
    }
  };

  const login = async (email: string, password: string) => {
    try {
      const userData = await api.post<User>("/api/auth/login", { email, password });
      setUser(userData);
    } catch (err) {
      throw new Error(extractApiErrorMessage(err, "Login failed"));
    }
  };

  const register = async (email: string, password: string, inviteIdentifier: string) => {
    try {
      const userData = await api.post<User>("/api/auth/register", {
        email,
        password,
        invite_identifier: inviteIdentifier,
      });
      setUser(userData);
    } catch (err) {
      throw new Error(extractApiErrorMessage(err, "Registration failed"));
    }
  };

  const logout = async () => {
    try {
      await api.post("/api/auth/logout");
    } catch {
      // Ignore errors on logout
    }
    setUser(null);
  };

  const hasPermission = useCallback(
    (permission: PermissionType): boolean => {
      return user?.permissions.includes(permission) ?? false;
    },
    [user]
  );

  const hasRole = useCallback(
    (role: string): boolean => {
      return user?.roles.includes(role) ?? false;
    },
    [user]
  );

  return (
    <AuthContext.Provider
      value={{
        user,
        isLoading,
        login,
        register,
        logout,
        hasPermission,
        hasRole,
      }}
    >
      {children}
    </AuthContext.Provider>
  );
}

export function useAuth() {
  const context = useContext(AuthContext);
  if (!context) {
    throw new Error("useAuth must be used within an AuthProvider");
  }
  return context;
}
tests passing 2025-12-18 22:08:31 +01:00			`"use client";`

review 2025-12-18 23:54:51 +01:00			`import { createContext, useContext, useState, useEffect, useCallback, ReactNode } from "react";`
tests passing 2025-12-18 22:08:31 +01:00
refactor(frontend): improve code quality and maintainability - Extract API error handling utility (utils/error-handling.ts) - Centralize error message extraction logic - Add type guards for API errors - Replace duplicated error handling across components - Create reusable Toast component (components/Toast.tsx) - Extract toast notification logic from profile page - Support auto-dismiss functionality - Consistent styling with shared styles - Extract form validation debouncing hook (hooks/useDebouncedValidation.ts) - Reusable debounced validation logic - Clean timeout management - Used in profile page for form validation - Consolidate duplicate styles (styles/auth-form.ts) - Use shared style tokens instead of duplicating values - Reduce code duplication between auth-form and shared styles - Extract loading state component (components/LoadingState.tsx) - Standardize loading UI across pages - Replace duplicated loading JSX patterns - Used in profile, exchange, and trades pages - Fix useRequireAuth dependency array - Remove unnecessary hasPermission from dependencies - Add eslint-disable comment with explanation - Improve hook stability and performance All frontend tests pass. Linting passes. 2025-12-25 19:04:45 +01:00			`import { api } from "./api";`
implemented 2025-12-20 23:06:05 +01:00			`import { components } from "./generated/api";`
refactor(frontend): improve code quality and maintainability - Extract API error handling utility (utils/error-handling.ts) - Centralize error message extraction logic - Add type guards for API errors - Replace duplicated error handling across components - Create reusable Toast component (components/Toast.tsx) - Extract toast notification logic from profile page - Support auto-dismiss functionality - Consistent styling with shared styles - Extract form validation debouncing hook (hooks/useDebouncedValidation.ts) - Reusable debounced validation logic - Clean timeout management - Used in profile page for form validation - Consolidate duplicate styles (styles/auth-form.ts) - Use shared style tokens instead of duplicating values - Reduce code duplication between auth-form and shared styles - Extract loading state component (components/LoadingState.tsx) - Standardize loading UI across pages - Replace duplicated loading JSX patterns - Used in profile, exchange, and trades pages - Fix useRequireAuth dependency array - Remove unnecessary hasPermission from dependencies - Add eslint-disable comment with explanation - Improve hook stability and performance All frontend tests pass. Linting passes. 2025-12-25 19:04:45 +01:00			`import { extractApiErrorMessage } from "./utils/error-handling";`
first round of review 2025-12-18 22:24:46 +01:00
refactor: derive Permission type from generated OpenAPI schema Issue #3: The frontend Permission enum was manually duplicated from the backend. While full generation isn't practical, this change ties the frontend constants to the generated OpenAPI types for compile-time validation. Changes: - Update ConstantsResponse schema to use actual Permission/InviteStatus enums (enables OpenAPI to include enum values) - Import enums in schemas.py (no circular dependency issue) - Update auth-context.tsx to derive PermissionType from generated schema - Update meta route to return enum instances instead of string values - Permission values are now type-checked against the OpenAPI schema If a permission is added to the backend but not to the frontend's Permission object, TypeScript will fail to compile. This provides a safety net without requiring a complex build-time generation step. 2025-12-21 23:55:47 +01:00			`// Permission type from generated OpenAPI schema`
			`export type PermissionType = components["schemas"]["Permission"];`

			`// Permission constants - derived from backend's Permission enum via OpenAPI.`
			`// The type annotation ensures compile-time validation against the generated schema.`
			`// Adding a new permission in the backend will cause a type error here until updated.`
			`export const Permission: Record<string, PermissionType> = {`
tests passing 2025-12-18 23:33:32 +01:00			`VIEW_AUDIT: "view_audit",`
feat: add FETCH_PRICE permission for manual price fetch endpoint The POST /api/audit/price-history/fetch endpoint now requires FETCH_PRICE permission instead of VIEW_AUDIT, which is more semantically correct since it's a write operation. 2025-12-22 16:22:54 +01:00			`FETCH_PRICE: "fetch_price",`
refactor(auth): unify authorization patterns with MANAGE_OWN_PROFILE permission Issue #2: The profile route used a custom role-based check instead of the permission-based pattern used everywhere else. Changes: - Add MANAGE_OWN_PROFILE permission to backend Permission enum - Add permission to ROLE_REGULAR role definition - Update profile routes to use require_permission(MANAGE_OWN_PROFILE) - Remove custom require_regular_user dependency - Update frontend Permission constant and profile page - Update invites page to use permission instead of role check - Update profile tests with proper permission mocking This ensures consistent authorization patterns across all routes. 2025-12-21 23:50:06 +01:00			`MANAGE_OWN_PROFILE: "manage_own_profile",`
first implementation 2025-12-20 11:12:11 +01:00			`MANAGE_INVITES: "manage_invites",`
			`VIEW_OWN_INVITES: "view_own_invites",`
Fix: Update permissions and add missing /api/exchange/slots endpoint - Updated auth-context.tsx to use new exchange permissions (CREATE_EXCHANGE, VIEW_OWN_EXCHANGES, etc.) instead of old appointment permissions (BOOK_APPOINTMENT, etc.) - Updated exchange/page.tsx, trades/page.tsx, admin/trades/page.tsx to use correct permission constants - Updated profile/page.test.tsx mock permissions - Updated admin/availability/page.tsx to use constants.exchange instead of constants.booking - Added /api/exchange/slots endpoint to return available slots for a date, filtering out already booked slots - Fixed E2E tests: - exchange.spec.ts: Wait for button to be enabled before clicking - permissions.spec.ts: Use more specific heading selector - price-history.spec.ts: Expect /exchange redirect for regular users 2025-12-22 21:42:42 +01:00			`// Exchange permissions (regular users)`
			`CREATE_EXCHANGE: "create_exchange",`
			`VIEW_OWN_EXCHANGES: "view_own_exchanges",`
			`CANCEL_OWN_EXCHANGE: "cancel_own_exchange",`
			`// Availability/Exchange permissions (admin)`
Phase 2: Admin availability UI with calendar grid, edit modal, and e2e tests 2025-12-20 23:54:34 +01:00			`MANAGE_AVAILABILITY: "manage_availability",`
Fix: Update permissions and add missing /api/exchange/slots endpoint - Updated auth-context.tsx to use new exchange permissions (CREATE_EXCHANGE, VIEW_OWN_EXCHANGES, etc.) instead of old appointment permissions (BOOK_APPOINTMENT, etc.) - Updated exchange/page.tsx, trades/page.tsx, admin/trades/page.tsx to use correct permission constants - Updated profile/page.test.tsx mock permissions - Updated admin/availability/page.tsx to use constants.exchange instead of constants.booking - Added /api/exchange/slots endpoint to return available slots for a date, filtering out already booked slots - Fixed E2E tests: - exchange.spec.ts: Wait for button to be enabled before clicking - permissions.spec.ts: Use more specific heading selector - price-history.spec.ts: Expect /exchange redirect for regular users 2025-12-22 21:42:42 +01:00			`VIEW_ALL_EXCHANGES: "view_all_exchanges",`
			`CANCEL_ANY_EXCHANGE: "cancel_any_exchange",`
			`COMPLETE_EXCHANGE: "complete_exchange",`
tests passing 2025-12-18 23:33:32 +01:00			`} as const;`

implemented 2025-12-20 23:06:05 +01:00			`// Use generated type from OpenAPI schema`
			`type User = components["schemas"]["UserResponse"];`
tests passing 2025-12-18 22:08:31 +01:00
			`interface AuthContextType {`
			`user: User \| null;`
			`isLoading: boolean;`
			`login: (email: string, password: string) => Promise<void>;`
first implementation 2025-12-20 11:12:11 +01:00			`register: (email: string, password: string, inviteIdentifier: string) => Promise<void>;`
first round of review 2025-12-18 22:24:46 +01:00			`logout: () => Promise<void>;`
tests passing 2025-12-18 23:33:32 +01:00			`hasPermission: (permission: PermissionType) => boolean;`
			`hasRole: (role: string) => boolean;`
tests passing 2025-12-18 22:08:31 +01:00			`}`

			`const AuthContext = createContext<AuthContextType \| null>(null);`

			`export function AuthProvider({ children }: { children: ReactNode }) {`
			`const [user, setUser] = useState<User \| null>(null);`
			`const [isLoading, setIsLoading] = useState(true);`

			`useEffect(() => {`
first round of review 2025-12-18 22:24:46 +01:00			`checkAuth();`
tests passing 2025-12-18 22:08:31 +01:00			`}, []);`

first round of review 2025-12-18 22:24:46 +01:00			`const checkAuth = async () => {`
tests passing 2025-12-18 22:08:31 +01:00			`try {`
some fixes and refactors 2025-12-19 11:08:19 +01:00			`const userData = await api.get<User>("/api/auth/me");`
			`setUser(userData);`
tests passing 2025-12-18 22:08:31 +01:00			`} catch {`
first round of review 2025-12-18 22:24:46 +01:00			`// Not authenticated`
tests passing 2025-12-18 22:08:31 +01:00			`} finally {`
			`setIsLoading(false);`
			`}`
			`};`

			`const login = async (email: string, password: string) => {`
some fixes and refactors 2025-12-19 11:08:19 +01:00			`try {`
			`const userData = await api.post<User>("/api/auth/login", { email, password });`
			`setUser(userData);`
			`} catch (err) {`
refactor(frontend): improve code quality and maintainability - Extract API error handling utility (utils/error-handling.ts) - Centralize error message extraction logic - Add type guards for API errors - Replace duplicated error handling across components - Create reusable Toast component (components/Toast.tsx) - Extract toast notification logic from profile page - Support auto-dismiss functionality - Consistent styling with shared styles - Extract form validation debouncing hook (hooks/useDebouncedValidation.ts) - Reusable debounced validation logic - Clean timeout management - Used in profile page for form validation - Consolidate duplicate styles (styles/auth-form.ts) - Use shared style tokens instead of duplicating values - Reduce code duplication between auth-form and shared styles - Extract loading state component (components/LoadingState.tsx) - Standardize loading UI across pages - Replace duplicated loading JSX patterns - Used in profile, exchange, and trades pages - Fix useRequireAuth dependency array - Remove unnecessary hasPermission from dependencies - Add eslint-disable comment with explanation - Improve hook stability and performance All frontend tests pass. Linting passes. 2025-12-25 19:04:45 +01:00			`throw new Error(extractApiErrorMessage(err, "Login failed"));`
tests passing 2025-12-18 22:08:31 +01:00			`}`
			`};`

first implementation 2025-12-20 11:12:11 +01:00			`const register = async (email: string, password: string, inviteIdentifier: string) => {`
some fixes and refactors 2025-12-19 11:08:19 +01:00			`try {`
first implementation 2025-12-20 11:12:11 +01:00			`const userData = await api.post<User>("/api/auth/register", {`
			`email,`
			`password,`
			`invite_identifier: inviteIdentifier,`
			`});`
some fixes and refactors 2025-12-19 11:08:19 +01:00			`setUser(userData);`
			`} catch (err) {`
refactor(frontend): improve code quality and maintainability - Extract API error handling utility (utils/error-handling.ts) - Centralize error message extraction logic - Add type guards for API errors - Replace duplicated error handling across components - Create reusable Toast component (components/Toast.tsx) - Extract toast notification logic from profile page - Support auto-dismiss functionality - Consistent styling with shared styles - Extract form validation debouncing hook (hooks/useDebouncedValidation.ts) - Reusable debounced validation logic - Clean timeout management - Used in profile page for form validation - Consolidate duplicate styles (styles/auth-form.ts) - Use shared style tokens instead of duplicating values - Reduce code duplication between auth-form and shared styles - Extract loading state component (components/LoadingState.tsx) - Standardize loading UI across pages - Replace duplicated loading JSX patterns - Used in profile, exchange, and trades pages - Fix useRequireAuth dependency array - Remove unnecessary hasPermission from dependencies - Add eslint-disable comment with explanation - Improve hook stability and performance All frontend tests pass. Linting passes. 2025-12-25 19:04:45 +01:00			`throw new Error(extractApiErrorMessage(err, "Registration failed"));`
tests passing 2025-12-18 22:08:31 +01:00			`}`
			`};`

first round of review 2025-12-18 22:24:46 +01:00			`const logout = async () => {`
some fixes and refactors 2025-12-19 11:08:19 +01:00			`try {`
			`await api.post("/api/auth/logout");`
			`} catch {`
			`// Ignore errors on logout`
			`}`
tests passing 2025-12-18 22:08:31 +01:00			`setUser(null);`
			`};`

Add Prettier for TypeScript formatting - Install prettier - Configure .prettierrc.json and .prettierignore - Add npm scripts: format, format:check - Add Makefile target: format-frontend - Format all frontend files 2025-12-21 21:59:26 +01:00			`const hasPermission = useCallback(`
			`(permission: PermissionType): boolean => {`
			`return user?.permissions.includes(permission) ?? false;`
			`},`
			`[user]`
			`);`
tests passing 2025-12-18 23:33:32 +01:00
Add Prettier for TypeScript formatting - Install prettier - Configure .prettierrc.json and .prettierignore - Add npm scripts: format, format:check - Add Makefile target: format-frontend - Format all frontend files 2025-12-21 21:59:26 +01:00			`const hasRole = useCallback(`
			`(role: string): boolean => {`
			`return user?.roles.includes(role) ?? false;`
			`},`
			`[user]`
			`);`
tests passing 2025-12-18 23:33:32 +01:00
tests passing 2025-12-18 22:08:31 +01:00			`return (`
tests passing 2025-12-18 23:33:32 +01:00			`<AuthContext.Provider`
			`value={{`
			`user,`
			`isLoading,`
			`login,`
			`register,`
			`logout,`
			`hasPermission,`
			`hasRole,`
			`}}`
			`>`
tests passing 2025-12-18 22:08:31 +01:00			`{children}`
			`</AuthContext.Provider>`
			`);`
			`}`

			`export function useAuth() {`
			`const context = useContext(AuthContext);`
			`if (!context) {`
			`throw new Error("useAuth must be used within an AuthProvider");`
			`}`
			`return context;`
			`}`