feat: add Google OAuth login with USER role and pending approval flow

- Add GET /api/auth/google and GET /api/auth/callback/google routes with CSRF state protection and account linking via googleId - Add getPublicOrigin() for dynamic redirect_uri (supports reverse proxy via X-Forwarded-Proto) - Add USER role to schema (default for new Google sign-ins), make password optional, add googleId and image fields - Role-based redirect after login: USER → /profile, ADMIN/DEVELOPER → /dashboard - Profile page shows pending approval alert for USER role - Dashboard redirects USER role back to profile - Login page shows specific error messages per OAuth error code Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-28 15:06:13 +08:00
parent 9d80eb3b85
commit 94724a5081
9 changed files with 219 additions and 21 deletions
--- a/src/frontend/routes/login.tsx
+++ b/src/frontend/routes/login.tsx
@@ -27,7 +27,7 @@ export const Route = createFileRoute('/login')({
        queryFn: () => fetch('/api/auth/session', { credentials: 'include' }).then((r) => r.json()),
      })
      if (data?.user) {
-        throw redirect({ to: '/dashboard' })
+        throw redirect({ to: data.user.role === 'USER' ? '/profile' : '/dashboard' })
      }
    } catch (e) {
      if (e instanceof Error) return
@@ -59,7 +59,14 @@ function LoginPage() {

            {(login.isError || searchError) && (
              <Alert icon={<TbAlertCircle size={16} />} color="red" variant="light">
-                {login.isError ? login.error.message : 'Google login failed, please try again.'}
+                {login.isError ? login.error.message : (
+                  {
+                    google_denied: 'Login dengan Google dibatalkan.',
+                    invalid_state: 'Sesi OAuth tidak valid, silakan coba lagi.',
+                    token_failed: 'Gagal menukar token Google, silakan coba lagi.',
+                    userinfo_failed: 'Gagal mengambil info akun Google, silakan coba lagi.',
+                  }[searchError ?? ''] ?? 'Login dengan Google gagal, silakan coba lagi.'
+                )}
              </Alert>
            )}

@@ -89,6 +96,17 @@ function LoginPage() {
            >
              Sign in
            </Button>
+
+            <Divider label="or" labelPosition="center" />
+
+            <Button
+              variant="default"
+              fullWidth
+              leftSection={<FcGoogle size={18} />}
+              onClick={() => { window.location.href = '/api/auth/google' }}
+            >
+              Continue with Google
+            </Button>
          </Stack>
        </form>
      </Paper>