Authentication & Identity (C/F)

EshtriAppN enforces a stringent authentication layer, relying actively on Supabase GoTrue integration utilizing HttpOnly SSR cookies generated mathematically by the Next.js execution engine.

Authentication Layers

1. Client Browser State (@supabase/ssr) Frontend components natively instantiate browser clients connecting directly to the Supabase Node endpoint fetching active JWT token payloads on every hydration path.

2. Server React Edge Middleware Every backend API call routing exclusively through the middleware.ts forces a token mathematical signature verification check preventing generic requests from bleeding through unauthorized bounds.

3. Role-Based Access Control (RBAC) Admin panels (apps/admin and apps/docs) uniquely validate nested JWT metadata logic bounds (app_metadata.role = 'admin'). Any invalid credentials natively redirect via Next.js ServerRouter HTTP 307 Temporary Redirect.

JWT Flow Constraints

sequenceDiagram
  participant U as User Endpoint
  participant N as Next.js API
  participant S as Supabase GoTrue
  U->>S: POST /auth/login (Email/Password)
  S-->>U: JWT Access & Refresh Token
  U->>N: Fetch Profile (cookies headers)
  N->>N: Middleware Token Validate (Mathematical Proof)
  N-->>U: Secure Page Render or HTTP 307