Skip to content

Integrate end-to-end forgot/reset password and logout flows (RHF + Zod, TanStack Query) #55

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 14 commits into from
Oct 9, 2025
Merged

Integrate end-to-end forgot/reset password and logout flows (RHF + Zod, TanStack Query) #55

merged 14 commits into from
Oct 9, 2025

Conversation

SepidehShahbazi
Copy link
Contributor

@SepidehShahbazi SepidehShahbazi commented Sep 22, 2025
edited by coderabbitai bot
Loading

Refs #29

✨ Summary

This PR integrates the authentication flow (forgot/reset password, logout) end to end. It wires RHF + Zod forms to TanStack Query, introduces reusable hooks (forms, data) and a live PasswordValidation UI, implements accessible inline/server error handling, and sets up cache invalidation.

✅ Implemented

🔐 Auth data layer

  • Added useForgotPasswordMutation and useResetPasswordMutation (TanStack Query) under hooks/data/auth.
  • Updated useSignOutMutation to disable automatic redirect and manually navigate with router.replace(callbackUrl ?? '/login') for consistent post-logout UX.

🧾 Forms (RHF + Zod)

Implemented reusable form hooks in hooks/forms:

  • useForgotPasswordForm and useResetPasswordForm — composed hooks used by the pages.

🖥️ Pages

Moved forgot and reset password from SSR page.tsx to client components (ForgotPasswordForm.tsx, ResetPasswordForm.tsx).

  • Forgot password (app/(client)/(auth)/password/forgot/page.tsx + ForgotPasswordForm.tsx):
    • Wired to RHF + schemas + useForgotPasswordMutation.
  • Reset password (app/(client)/(auth)/password/reset/page.tsx + ResetPasswordForm.tsx):
    • Wired to RHF + schemas + useResetPasswordMutation.
    • invalidated ['auth', 'session'], and redirected to /login.
    • Read token from searchParams.

🧩 Reusable components & 🎨 Icons

  • Implemented a reusable PasswordValidation component and Applied it to all pages with password fields on Register and Reset Password forms.
  • Added XCircleIcon and CheckCircleIcon SVGs and converted them to React components for use inside PasswordValidation.

🛠️ Backend & API

  • Updated the /api/auth/password/reset endpoint to reject cases where the new password matches the current password.

🛣️ Public Routes & Middleware

  • Updated publicRoutes.ts and Middleware.ts to include /password/forgot and /password/reset.

📸 UI Changes

register login forgot reset

Summary by CodeRabbit

  • New Features
    • Added full Forgot/Reset Password flow with email submission, token handling, success/error toasts, and real-time password strength checks.
    • Prevent resetting to the current password for improved security.
  • Refactor
    • Standardized auth routes to /password/forgot and /password/reset; updated middleware and public route handling.
    • Sign-out now redirects to Login and improves cache invalidation.
  • Documentation
    • Major README overhaul and new docs: Architecture, Development Guide, and Getting Started.
  • Style
    • Updated UI copy: “Signing in/out” → “Logging in/out”.
    • Homepage footer links adjusted; placeholders added for docs and support.

@coderabbitai coderabbitai
Copy link
Contributor

coderabbitai bot commented Sep 22, 2025
edited
Loading

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

🗂️ Base branches to auto review (2)
  • dev
  • master

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

Adds comprehensive documentation (README overhaul and new docs). Implements full forgot/reset password client flow with new forms, hooks, and pages, plus password strength UI. Updates validation utilities and schemas. Adjusts middleware/public routes and sign-out behavior. Server adds a check preventing reuse of the current password. Minor UI text and footer link updates.

Changes

Cohort / File(s) Summary
Docs
README.md, docs/architecture.md, docs/development-guide.md, docs/getting-started.md		 Expanded README and added architecture, development guide, and getting-started docs; prose-only changes.
Auth password flows (client)
src/app/(client)/(auth)/components/ForgotPasswordForm.tsx, src/app/(client)/(auth)/components/ResetPasswordForm.tsx, src/app/(client)/(auth)/password/forgot/page.tsx, src/app/(client)/(auth)/password/reset/page.tsx		 New forgot/reset password forms and pages; handle token, submission, redirects, toasts, and wrappers.
Auth UI components
src/app/(client)/components/form/PasswordValidation.tsx, src/app/(client)/components/index.ts, src/app/(client)/(auth)/components/RegisterForm.tsx, src/app/(client)/components/auth/GoogleAuthButton.tsx		 Added PasswordValidation component and export; integrated into RegisterForm; updated auth button loading/sign-out text literals.
Form hooks
src/app/(client)/hooks/forms/useForgotPasswordForm.ts, src/app/(client)/hooks/forms/useResetPasswordForm.ts, src/app/(client)/hooks/forms/useFormSubmission.ts, src/app/(client)/hooks/forms/index.ts		 New form hooks for forgot/reset; useFormSubmission onSuccess signature now passes mutation result; exports updated.
Data hooks and sign-out
src/app/(client)/hooks/data/auth/useForgotPasswordMutation.ts, src/app/(client)/hooks/data/auth/useResetPasswordMutation.ts, src/app/(client)/hooks/data/index.ts, src/app/(client)/hooks/data/useSignOutMutation.ts		 Added mutations for forgot/reset password; data index exports; sign-out now non-redirecting API + manual router redirect, query invalidation, and message updates.
Server auth API and service
src/app/(server)/api/auth/password/forgot/route.ts, src/app/(server)/api/auth/password/reset/route.ts, src/app/(server)/services/auth/service.ts		 API route comments corrected; service resetPassword now fetches hashedPassword and rejects if new password matches current (422).
Middleware/public routes
src/lib/middleware/publicRoutes.ts, src/middleware.ts		 Public routes/prefixes updated to /password/forgot and /password/reset; middleware auth-page checks aligned.
Validation schemas and utils
src/lib/validation/auth.schemas.ts, src/lib/validation/validationUtils.ts		 Added ResetPasswordFormSchema/types/defaults (client-side); exposed getPasswordChecks; validatePasswordComplexity converted to arrow function.
App shell tweak
src/app/(client)/page.tsx		 Footer links updated (GitHub URL; placeholders for docs/support).

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor User
  participant ForgotPage as Forgot Password Page
  participant Form as ForgotPasswordForm
  participant Hook as useForgotPasswordMutation
  participant API as POST /api/auth/password/forgot
  participant Router as Next Router

  User->>ForgotPage: Visit /password/forgot
  ForgotPage->>Form: Render
  User->>Form: Enter email + Submit
  Form->>Hook: mutate({ email })
  Hook->>API: POST { email }
  API-->>Hook: { token? }
  Hook-->>Form: result
  Note over Form: On success, derive redirect target
  alt token returned
    Form->>Router: replace(/password/reset?token=...)
  else no token (dev-only)
    Form->>Router: replace(/password/reset)
  end
  Note over User,Form: Errors surfaced via toast
Loading 
sequenceDiagram
  autonumber
  actor User
  participant ResetPage as Reset Password Page
  participant Form as ResetPasswordForm
  participant Mut as useResetPasswordMutation
  participant API as POST /api/auth/password/reset
  participant Service as auth.service.resetPassword
  participant DB as DB
  participant Query as QueryClient
  participant Router as Next Router

  User->>ResetPage: Visit /password/reset?token=...
  ResetPage->>Form: Render (reads token)
  User->>Form: Enter new/confirm password + Submit
  Form->>Mut: mutate({ token, newPassword, confirmPassword })
  Mut->>API: POST { token, newPassword, confirmPassword }
  API->>Service: resetPassword(...)
  Service->>DB: Fetch user (include hashedPassword)
  Service-->>Service: verify(newPassword != current)
  alt new == current
    Service-->>API: 422 error
    API-->>Mut: error
    Mut-->>Form: error
    Form-->>User: toast(error)
  else new != current
    Service->>DB: Update hashed password
    Service-->>API: success
    API-->>Mut: { ok: true }
    Mut-->>Form: result
    Form->>Query: invalidate(auth.session)
    Form->>Router: replace(/login?reset=done)
    Form-->>User: toast(success)
  end
Loading 
sequenceDiagram
  autonumber
  actor User
  participant MW as middleware.ts
  participant Routes as publicRoutes.ts

  User->>MW: Request /password/forgot or /password/reset
  MW->>Routes: Check PUBLIC_ROUTES/PREFIXES
  alt Authenticated and visiting auth page
    MW-->>User: Redirect to dashboard
  else Not authenticated or public route
    MW-->>User: Continue
  end
Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~30 minutes

Possibly related PRs

Suggested labels

📖 Documentation

Poem

Thump-thump go my paws on keys tonight,
Reset links gleam, a moonlit byte—
New forms hop in, with passwords strong,
No reusing carrots you've munched too long!
Docs bloom wide, a garden bright—
Now hop to login; all is right. 🥕✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 28.57% which is insufficient. The required threshold is 80.00%. You can run @coderabbitai generate docstrings to improve docstring coverage.
✅ Passed checks (2 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check ✅ Passed The title clearly and concisely describes the primary change implemented by the pull request, namely the integration of end-to-end forgot and reset password flows plus logout functionality using React Hook Form, Zod, and TanStack Query, which aligns directly with the PR objectives and major code additions.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@SepidehShahbazi SepidehShahbazi self-assigned this Sep 22, 2025
@SepidehShahbazi SepidehShahbazi added ✨ New Feature Proposal or work to add a new feature. 🧩 Core Changes to core system architecture or critical modules. 🎨 Frontend Frontend related issue. 🛠 Backend Backend related issue. 🖌️ UX/UI Change User experience or interface design change. ✅ Testing General label for testing tasks (UI/UX, unit, integration). labels Sep 22, 2025
@SepidehShahbazi SepidehShahbazi linked an issue Sep 22, 2025 that may be closed by this pull request
Frontend/Backend Integration (Login, Register, Reset, Session) #29
Open
35 tasks
@SepidehShahbazi SepidehShahbazi removed a link to an issue Sep 22, 2025
Frontend/Backend Integration (Login, Register, Reset, Session) #29
Open
35 tasks
@mahid797 mahid797 removed ✨ New Feature Proposal or work to add a new feature. 🧩 Core Changes to core system architecture or critical modules. 🎨 Frontend Frontend related issue. 🛠 Backend Backend related issue. ✅ Testing General label for testing tasks (UI/UX, unit, integration). labels Sep 25, 2025
@coderabbitai coderabbitai
Copy link
Contributor

coderabbitai bot commented Sep 25, 2025

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@mahid797 mahid797 added ✨ New Feature Proposal or work to add a new feature. 🧩 Core Changes to core system architecture or critical modules. 🎨 Frontend Frontend related issue. labels Sep 25, 2025
@mahid797 mahid797 added the 🛠 Backend Backend related issue. label Sep 25, 2025
@mahid797
Copy link
Contributor

@coderabbitai review

@coderabbitai coderabbitai
Copy link
Contributor

coderabbitai bot commented Sep 28, 2025

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@coderabbitai coderabbitai bot added the 📖 Documentation Docs tasks: writing, updating, or restructuring documentation. label Sep 28, 2025
coderabbitai[bot]
coderabbitai bot reviewed Sep 28, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 23

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (4)
src/app/(client)/(auth)/components/RegisterForm.tsx (1)

44-46: Use onSuccess(data) param instead of reading registerMutation.data inside the callback

Prevents potential stale reads and aligns with TanStack Query best practices.

-				const message =
-					registerMutation.data?.message ?? 'Account created. Redirecting to your dashboard…';
+				const message =
+					// `data` is the first param of onSuccess from the register mutation
+					// Ensure useFormSubmission forwards it through.
+					(data as any)?.message ?? 'Account created. Redirecting to your dashboard…';

If useFormSubmission doesn’t currently pass onSuccess(data), extend its types to forward the mutation result. As per coding guidelines.

src/app/(client)/hooks/forms/useFormSubmission.ts (3)

137-139: Bug: surfaces a phantom error string when there is no mutation error

toMessage(undefined) returns "An unexpected error occurred.", so error is non-empty even when no error occurred.

Apply:

- const loading = mutation ? mutation.isPending : localLoading;
- const error = mutation ? toMessage(mutation.error as unknown) : localError;
+ const loading = mutation ? mutation.isPending : localLoading;
+ const error = mutation?.error ? toMessage(mutation.error as unknown) : localError;

168-173: Guard against double-submits

Submitting while isPending/localLoading risks duplicate requests.

Apply:

   const handleSubmit = async (e: FormEvent) => {
     e.preventDefault();
     if (validate && !validate()) return;
+    // Prevent re-entrancy
+    if (mutation ? mutation.isPending : localLoading) return;

172-183: Reset legacy local error before a new attempt

Keeps error UI accurate between attempts in legacy mode.

Apply:

   try {
+    if (!mutation) setLocalError('');
     let result: R | undefined;
📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9649cd2 and 393690a.

⛔ Files ignored due to path filters (9)
  • .coderabbit.yaml is excluded by none and included by none
  • CODEOWNERS is excluded by none and included by none
  • CODE_OF_CONDUCT.md is excluded by none and included by none
  • CONTRIBUTING.md is excluded by none and included by none
  • SECURITY.md is excluded by none and included by none
  • package.json is excluded by none and included by none
  • public/assets/icons/general/CheckCircleIcon.tsx is excluded by !public/assets/** and included by none
  • public/assets/icons/general/XCircleIcon.tsx is excluded by !public/assets/** and included by none
  • public/assets/icons/index.ts is excluded by !public/assets/** and included by none
📒 Files selected for processing (28)
  • README.md (1 hunks)
  • docs/architecture.md (1 hunks)
  • docs/development-guide.md (1 hunks)
  • docs/getting-started.md (1 hunks)
  • src/app/(client)/(auth)/components/ForgotPasswordForm.tsx (1 hunks)
  • src/app/(client)/(auth)/components/RegisterForm.tsx (3 hunks)
  • src/app/(client)/(auth)/components/ResetPasswordForm.tsx (1 hunks)
  • src/app/(client)/(auth)/password/forgot/page.tsx (1 hunks)
  • src/app/(client)/(auth)/password/reset/page.tsx (1 hunks)
  • src/app/(client)/components/auth/GoogleAuthButton.tsx (3 hunks)
  • src/app/(client)/components/form/PasswordValidation.tsx (1 hunks)
  • src/app/(client)/components/index.ts (1 hunks)
  • src/app/(client)/hooks/data/auth/useForgotPasswordMutation.ts (1 hunks)
  • src/app/(client)/hooks/data/auth/useResetPasswordMutation.ts (1 hunks)
  • src/app/(client)/hooks/data/index.ts (1 hunks)
  • src/app/(client)/hooks/data/useSignOutMutation.ts (3 hunks)
  • src/app/(client)/hooks/forms/index.ts (1 hunks)
  • src/app/(client)/hooks/forms/useForgotPasswordForm.ts (1 hunks)
  • src/app/(client)/hooks/forms/useFormSubmission.ts (3 hunks)
  • src/app/(client)/hooks/forms/useResetPasswordForm.ts (1 hunks)
  • src/app/(client)/page.tsx (1 hunks)
  • src/app/(server)/api/auth/password/forgot/route.ts (1 hunks)
  • src/app/(server)/api/auth/password/reset/route.ts (1 hunks)
  • src/app/(server)/services/auth/service.ts (2 hunks)
  • src/lib/middleware/publicRoutes.ts (2 hunks)
  • src/lib/validation/auth.schemas.ts (3 hunks)
  • src/lib/validation/validationUtils.ts (1 hunks)
  • src/middleware.ts (1 hunks)
🧰 Additional context used
📓 Path-based instructions (7)
src/app/[(]server[)]/api/**/route.ts

⚙️ CodeRabbit configuration file

src/app/[(]server[)]/api/**/route.ts: Keep route handlers thin: validate with Zod (shared schemas), call a Service, then return a typed response. Do NOT import prisma/redis or perform business logic here. Example: parse with a schema from src/lib/validation/** and call a function in src/app/(server)/services/** that returns typed data.

Files:

  • src/app/(server)/api/auth/password/reset/route.ts
  • src/app/(server)/api/auth/password/forgot/route.ts
src/app/[(]client[)]/**

⚙️ CodeRabbit configuration file

src/app/[(]client[)]/**: Use TanStack Query hooks for server data (no inline fetches in components). Import query keys from src/lib/queryKeys.ts (canonical). Keep components presentational; Tailwind-first styling. Example: import { keys } from 'src/lib/queryKeys' and call a typed hook rather than fetch in the component.

Files:

  • src/app/(client)/hooks/forms/useForgotPasswordForm.ts
  • src/app/(client)/components/index.ts
  • src/app/(client)/hooks/data/index.ts
  • src/app/(client)/(auth)/password/reset/page.tsx
  • src/app/(client)/hooks/forms/useResetPasswordForm.ts
  • src/app/(client)/page.tsx
  • src/app/(client)/hooks/forms/index.ts
  • src/app/(client)/components/form/PasswordValidation.tsx
  • src/app/(client)/(auth)/components/ForgotPasswordForm.tsx
  • src/app/(client)/(auth)/components/ResetPasswordForm.tsx
  • src/app/(client)/hooks/forms/useFormSubmission.ts
  • src/app/(client)/hooks/data/auth/useResetPasswordMutation.ts
  • src/app/(client)/components/auth/GoogleAuthButton.tsx
  • src/app/(client)/hooks/data/auth/useForgotPasswordMutation.ts
  • src/app/(client)/(auth)/components/RegisterForm.tsx
  • src/app/(client)/(auth)/password/forgot/page.tsx
  • src/app/(client)/hooks/data/useSignOutMutation.ts
src/lib/validation/**

⚙️ CodeRabbit configuration file

src/lib/validation/**: Define Zod schemas and infer types via z.infer. Avoid duplicate shapes; export schemas for reuse in Services and API routes. Co-locate schema files by domain.

Files:

  • src/lib/validation/auth.schemas.ts
  • src/lib/validation/validationUtils.ts
src/lib/middleware/**

⚙️ CodeRabbit configuration file

src/lib/middleware/**: Shared middleware helpers. Keep lean; no business logic or side effects.

Files:

  • src/lib/middleware/publicRoutes.ts
docs/**

⚙️ CodeRabbit configuration file

docs/**: Keep Development Guide aligned with current directory structure and conventions. Update docs when APIs/routes/schemas change.

Files:

  • docs/development-guide.md
  • docs/getting-started.md
  • docs/architecture.md
src/middleware.ts

⚙️ CodeRabbit configuration file

src/middleware.ts: Global middleware for auth/guards/request shaping only. No business logic.

Files:

  • src/middleware.ts
src/app/[(]server[)]/services/**

⚙️ CodeRabbit configuration file

src/app/[(]server[)]/services/**: All business logic lives here. No Request/Response/cookies; accept plain inputs and return typed results. Reuse shared types and Zod schemas from src/lib/validation/**. Keep services framework-agnostic and unit-testable.

Files:

  • src/app/(server)/services/auth/service.ts
🪛 markdownlint-cli2 (0.18.1)
docs/development-guide.md

14-14: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

16-16: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

19-19: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

21-21: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

24-24: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

25-25: Tables should be surrounded by blank lines

(MD058, blanks-around-tables)

44-44: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

46-46: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

53-53: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

56-56: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

62-62: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

67-67: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

72-72: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

README.md

3-3: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

6-6: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

21-21: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

22-22: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Above

(MD022, blanks-around-headings)

22-22: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

26-26: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

30-30: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

34-34: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

38-38: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

41-41: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

45-45: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

50-50: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

51-51: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Above

(MD022, blanks-around-headings)

51-51: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

57-57: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

63-63: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

67-67: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

72-72: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

77-77: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

82-82: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

88-88: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

93-93: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

docs/architecture.md

3-3: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

6-6: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

21-21: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

22-22: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Above

(MD022, blanks-around-headings)

22-22: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

26-26: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

30-30: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

34-34: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

38-38: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

41-41: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

45-45: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

50-50: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

51-51: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Above

(MD022, blanks-around-headings)

51-51: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

57-57: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

63-63: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

67-67: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

72-72: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

77-77: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

82-82: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

88-88: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

93-93: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

🔇 Additional comments (13)
src/app/(client)/(auth)/password/reset/page.tsx (1)

3-4: Import paths are correct; no updates needed — ‘../../components/...’ already resolves to src/app/(client)/(auth)/components.

src/lib/middleware/publicRoutes.ts (1)

14-16: Route updates LGTM. No stale references to /forgot-password or /reset-password found across the repository.

src/app/(client)/hooks/data/auth/useResetPasswordMutation.ts (1)

14-18: Avoid sending confirmPassword if server doesn’t require it.

If the server validates equality itself from two fields, keep it. If not required, drop confirmPassword from the payload to minimize surface.

Do you want me to scan the server route to confirm whether confirmPassword is used before trimming it here?

src/app/(client)/hooks/data/index.ts (1)

8-9: LGTM: new auth mutations are properly re-exported.

Public surface looks consistent with existing pattern.

docs/development-guide.md (1)

75-89: Confirm MD022/031 fixes manually
markdownlint-cli2 --fix didn’t apply the blank-line changes around headings and fenced code blocks. Please manually add missing blank lines in docs/development-guide.md at lines 14–16, 32–34, 52–54, 55–56, 75–89 and 112–116.

src/app/(client)/hooks/forms/useFormSubmission.ts (1)

114-114: Good change: pass mutation result to onSuccess

Allowing onSuccess to receive (result?: R) enables result-aware flows (e.g., navigation with returned token). Looks correct.

src/app/(client)/(auth)/components/ForgotPasswordForm.tsx (3)

24-42: Integration with mutation+form hook looks solid

Good use of adapter mode (getVariables, validate, manual error toast). Redirects on success are handled in onSuccess.

29-35: Security: avoid passing raw reset token in the URL in non-dev

Query strings leak via logs/referrers. If this is dev-only, guard with an env check and prefer server-delivered reset links in production.

Would you like a follow-up patch that gates this branch with process.env.NEXT_PUBLIC_ENV === 'development' and uses a toast-only path otherwise?

28-36: No changes required: ForgotPasswordResult already defines token?: string, so res?.token is type-safe.

src/app/(client)/hooks/data/auth/useForgotPasswordMutation.ts (1)

13-18: Double-check API does not return raw reset tokens in production

Returning a reset token to the client is typically unsafe. Ensure the endpoint only returns a generic success in prod.

Would you like a conditional mock/dev implementation and production-safe response contract?

src/app/(client)/hooks/data/useSignOutMutation.ts (1)

21-27: Good alignment with app architecture

Using useRouter + @tanstack/react-query and importing canonical queryKeys matches the client app guidelines.

src/app/(client)/(auth)/components/ResetPasswordForm.tsx (2)

10-10: Nice reuse

Pulling in PasswordValidation here is a solid UX touch and keeps validation logic DRY.

32-55: I’ve initiated a script to locate and display the useFormSubmission definition. Once we have its signature and implementation details, we can confirm whether onSuccess receives the mutation result payload.

README.md
Comment on lines 7 to 26
## Table of Contents
- [Table of Contents](#table-of-contents)
- [Overview](#overview)
- [Features](#features)
- [Architecture](#architecture)
- [Tech stack](#tech-stack)
- [Quick start](#quick-start)
- [Prerequisites](#prerequisites)
- [Environment](#environment)
- [Commands](#commands)
- [Project structure](#project-structure)
- [Configuration and scripts](#configuration-and-scripts)
- [Testing](#testing)
- [CI/CD and deployment](#cicd-and-deployment)
- [Conventions](#conventions)
- [Community](#community)
- [Security](#security)
- [Troubleshooting / FAQ](#troubleshooting--faq)
- [License](#license)

This comment was marked as off-topic.

Sign in to view

README.md
Comment on lines 159 to 161
## License
No license file is currently included (TODO). Ownership and licensing terms are undecided.

This comment was marked as off-topic.

Sign in to view

src/app/(client)/page.tsx
Comment on lines 136 to 141
<span className='text-muted-foreground'>
[TODO: Insert external docs site link when available]
</span>
<span className='text-muted-foreground'>
[TODO: Insert support contact when available]
</span>

This comment was marked as off-topic.

Sign in to view

@mahid797
Copy link
Contributor

@SepidehShahbazi Please review and resolve comments from CodeRabbit

Not all might be applicable & some are already resolved so you can ignore them

@bluewave-labs bluewave-labs deleted a comment from coderabbitai bot Sep 30, 2025
@bluewave-labs bluewave-labs deleted a comment from coderabbitai bot Sep 30, 2025
@SepidehShahbazi
Copy link
Contributor Author

@SepidehShahbazi Please review and resolve comments from CodeRabbit

Not all might be applicable & some are already resolved so you can ignore them

@mahid797 I reviewed the CodeRabbit comments and resolved all applicable ones.

@SepidehShahbazi SepidehShahbazi merged commit 6dfe4f5 into feat/29-auth-pages-integration Oct 9, 2025
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@mahid797 mahid797 Awaiting requested review from mahid797 mahid797 is a code owner

@DeboraSerra DeboraSerra Awaiting requested review from DeboraSerra

Assignees

@SepidehShahbazi SepidehShahbazi

Labels

🛠 Backend Backend related issue. 🧩 Core Changes to core system architecture or critical modules. 📖 Documentation Docs tasks: writing, updating, or restructuring documentation. 🎨 Frontend Frontend related issue. ✨ New Feature Proposal or work to add a new feature. 🖌️ UX/UI Change User experience or interface design change.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@SepidehShahbazi @mahid797