From 89f6f5a560d82a775457f8b353db127a70c420e4 Mon Sep 17 00:00:00 2001
From: Aun Ali <aunvakil.AA@gmail.com>
Date: Sat, 9 Aug 2025 15:50:15 +0000
Subject: [PATCH] add some kind of simple but secure auth

---
 database.db               | Bin 0 -> 12288 bytes
 package-lock.json         |  25 ++++++++++++++
 package.json              |   3 ++
 src/app/login/page.tsx    |  69 ++++++++++++++++++++++++++++++++++++++
 src/app/page.tsx          |   9 ++++-
 src/components/header.tsx |  13 ++++++-
 src/lib/actions.ts        |  17 ++++++++++
 src/lib/auth-actions.ts   |  45 +++++++++++++++++++++++++
 src/lib/db.ts             |  37 +++++++++++++++-----
 src/lib/session.ts        |  25 ++++++++++++++
 src/middleware.ts         |  27 +++++++++++++++
 11 files changed, 259 insertions(+), 11 deletions(-)
 create mode 100644 database.db
 create mode 100644 src/app/login/page.tsx
 create mode 100644 src/lib/auth-actions.ts
 create mode 100644 src/lib/session.ts
 create mode 100644 src/middleware.ts

diff --git a/database.db b/database.db
new file mode 100644
index 0000000000000000000000000000000000000000..32dacf402f950312b26cb8a2ef59fa07101d2b7f
GIT binary patch
literal 12288
zcmeI1-EJGl6~~uWYEwz`aZxlE27&|K)J8}`vg|}iL8Oep2tp-W9~2VVNbKS4kUP=r
z&U$86^5!mb-=jdEqEFM8D0<)j%yLDUXi?<0n1v`Vcjx2G@BGg>v*hXVfpmgq+T_g9
zcJfKm=_G$5N|Iz9uQj~dql1(8+7Ed5pa0jfo(#<2K18cKAN@V~_<j6~M<fslL;{gO
zBoGNi0+B!@5D7#Akw7HyD+nCjx%=topLfn3n<`;nD?G%$wBmIo3cmVrZTDn6nv7{O
z`sQFvD{UVXEEhfWeE5s)-23$Y{m$EA7_&4wFP&Yy-Fat>#YKAXJ}nNJ(*D!QcyD|{
zM<@G-qmy&`^Z1-bXOn09Pto^q{B+X0Y3-y_f+pkdC-n3gUS|gf%bQ#mP89CH-7d5f
zHr!lxactgP`cK0d!JJ4(D+4ZUdFY?byLZo$kN*1M&%bpa{C@pk-GAJ>#D#c70+B!@
z5D7#Azm~xDXWee{$LsU6z2S-Avc&hxsHU`E%#BDTiksc1j9m)indBFupec%!b+(5S
z&AC>xM{{PB<UL|VN=oFqAX!jeV<ef*#ejB0T_Z+T<|V4BZ<h(CTvn55Cfz5_(1%@w
z@3$$HMIj71UC4Rn26SZfrA!4`C(8b`?)!I4Vx6hDle(~j5tWAFoHK<pzaQ{ll#{p=
zrcPN+l@)^*8#ArbjowBxDNdA}3F~SlHhy@t`RGZ1bEm(#HQ9Rd)#IJ79zPyz?|k|E
zTHNa<&;D{Rc`-bc=})>cg{Zwj?G%hoONO0HCd)kmt5L$S)KoYol}PDUr-fZk6K{!>
znRXf<l(ev&WX|S-^vttTLR|D{R=LVFH^rM$X$+6`l5MA?nbNpa%sq3s4!e=iy%5t%
zu>nmo0b8t`qfe$QmC{sDE(^@$=j_pybQ#T+zVc&CRR!ZY_kJHh1YA|1UNVE7mlMVY
zrp%UtI|`NrUj~Apo8RyO+OU-VydeUUafumsi}Rxu&cD0cP0p@)^4;)Ma|t&dLV%2p
zv~64o<SD#O2dpZ1_MP#+g#c62HV<vfw(SI~g1xY=&}i+K<^V#4t}UP|FBCtdyp*mc
zR+bQ<@;=*mE(&1TXz)RWP~HtZ@rKI)+{;)Lb2i8DOISuIamnC@jM>cZ_5h|avLB2D
zhn$%U;fL@F3?|*evb}=kv)^=+t+(6B*TWliogN?1aRp)T$xB2e#Ky1>W)@cROysQb
zsk_qDY`J^%3i3Dh6+Mt?kHR*Z&`zozLULYI<x7kp9tLN=(k5ND_5EJ@PAmsV$R*ru
znnODaCwPOfpEorkmSz%MJZ+~Pycjwxx;G)oc;>^=c*Qnefrqy@v5Gptdab~vT@p^Y
zPH)HO;}t+J-dj(;e!KR|`VYe~B7|Yo;|dO_a@s|ZRvvVF!%v4zI~Pa~2$R=~cD!xp
z?Ps+0s9y_a`dXy}I`dfDyv3BBOYG^r>)EBoql6PYD?--!iJ3VflUd3utPt;zqm_8(
zK?c;wLt(MVVz?9Lo=TraZB+_`me7<gnjDJgW5pbq6ek1BKdV$A=Tq;6*K(?_3gpPy
zO!7*(c12BemPS}VK$8|<YzQbkd;m$yk<qybOnoMP(|5X*+}@JklNGvaYu#jYeVUvP
z4_npJF3U^iGs-D&u);3#`x6+FmqICTqHS(934;o8g?izsVdaABK1zcqQdOhNY$iZx
z0?)L4ma&F21JUIuD#kxOHheM^1?3AvAR5N~gY}c=(s^dyi?*^zzy+I1Ja5)MIko18
z)t9x`ZWDrG0Droy0bi_8*tmlt`F1^-507e>!OOeQB%O#EN{%+@J3?ZDUy+ZHIZ$^N
z%~I4KrQu*K(APGvznNBxZ0m(hwvc5h&>L{fVnC8j%A1Oi#o+dIv5+2Nu<#2o{MgW7
zX(o(!t6%of_=t8;CNUZ_DRTHb%FiGxsJGS?N-gI0b6#bhP8pWf1{=b!G2GL{#n!HO
zA$_?5>BmkNfp~a)I{XICZxZ)@kozKYX>*gpwl+~~&?sc=CMJBjX3bSL)s>^sJ}Ot>
z7Xl$jq-nYo2&B!kx(9NLtP2LbGT;Ff;D3q;^Q*L#47qTj$7R&A%I|VG6!@**F8JK!
z=K$x$mIEe1t219jxshe4zJ5do+x^48uT<E~q)@#W?D@JL=D0%j4)SikAwXU#3g83k
zrSO;xz(b3E*b?|Uxm4lKZNOhV_s{>GkN=tAFCLLVBoGNi0+B!@5D7#Akw7F62}A;s
UKqT=0L*RqX+Wk)Rvw`jY8<vR0b^rhX

literal 0
HcmV?d00001

diff --git a/package-lock.json b/package-lock.json
index 5464fbb..82dbbf4 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -32,6 +32,7 @@
         "@radix-ui/react-tabs": "^1.1.3",
         "@radix-ui/react-toast": "^1.2.6",
         "@radix-ui/react-tooltip": "^1.1.8",
+        "bcryptjs": "^2.4.3",
         "class-variance-authority": "^0.7.1",
         "clsx": "^2.1.1",
         "date-fns": "^3.6.0",
@@ -39,6 +40,7 @@
         "embla-carousel-react": "^8.6.0",
         "firebase": "^11.9.1",
         "genkit": "^1.14.1",
+        "jose": "^5.8.0",
         "lucide-react": "^0.475.0",
         "next": "15.3.3",
         "patch-package": "^8.0.0",
@@ -54,6 +56,7 @@
         "zod": "^3.24.2"
       },
       "devDependencies": {
+        "@types/bcryptjs": "^2.4.6",
         "@types/node": "^20",
         "@types/react": "^18",
         "@types/react-dom": "^18",
@@ -4296,6 +4299,13 @@
         "https://trpc.io/sponsor"
       ]
     },
+    "node_modules/@types/bcryptjs": {
+      "version": "2.4.6",
+      "resolved": "https://registry.npmjs.org/@types/bcryptjs/-/bcryptjs-2.4.6.tgz",
+      "integrity": "sha512-9xlo6R2qDs5uixm0bcIqCeMCE6HiQsIyel9KQySStiyqNl2tnj2mP3DX1Nf56MD6KMenNNlBBsy3LJ7gUEQPXQ==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/@types/caseless": {
       "version": "0.12.5",
       "resolved": "https://registry.npmjs.org/@types/caseless/-/caseless-0.12.5.tgz",
@@ -4761,6 +4771,12 @@
         }
       ]
     },
+    "node_modules/bcryptjs": {
+      "version": "2.4.3",
+      "resolved": "https://registry.npmjs.org/bcryptjs/-/bcryptjs-2.4.3.tgz",
+      "integrity": "sha512-V/Hy/X9Vt7f3BbPJEi8BdVFMByHi+jNXrYkW3huaybV/kQ0KJg0Y6PkEMbn+zeT+i+SiKZ/HMqJGIIt4LZDqNQ==",
+      "license": "MIT"
+    },
     "node_modules/bignumber.js": {
       "version": "9.1.2",
       "resolved": "https://registry.npmjs.org/bignumber.js/-/bignumber.js-9.1.2.tgz",
@@ -7714,6 +7730,15 @@
         "jiti": "bin/jiti.js"
       }
     },
+    "node_modules/jose": {
+      "version": "5.10.0",
+      "resolved": "https://registry.npmjs.org/jose/-/jose-5.10.0.tgz",
+      "integrity": "sha512-s+3Al/p9g32Iq+oqXxkW//7jk2Vig6FF1CFqzVXoTUXt2qz89YWbL+OwS17NFYEvxC35n0FKeGO2LGYSxeM2Gg==",
+      "license": "MIT",
+      "funding": {
+        "url": "https://github.com/sponsors/panva"
+      }
+    },
     "node_modules/js-tokens": {
       "version": "4.0.0",
       "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz",
diff --git a/package.json b/package.json
index 7d3fc55..fdb530b 100644
--- a/package.json
+++ b/package.json
@@ -36,6 +36,7 @@
     "@radix-ui/react-tabs": "^1.1.3",
     "@radix-ui/react-toast": "^1.2.6",
     "@radix-ui/react-tooltip": "^1.1.8",
+    "bcryptjs": "^2.4.3",
     "class-variance-authority": "^0.7.1",
     "clsx": "^2.1.1",
     "date-fns": "^3.6.0",
@@ -43,6 +44,7 @@
     "embla-carousel-react": "^8.6.0",
     "firebase": "^11.9.1",
     "genkit": "^1.14.1",
+    "jose": "^5.8.0",
     "lucide-react": "^0.475.0",
     "next": "15.3.3",
     "patch-package": "^8.0.0",
@@ -58,6 +60,7 @@
     "zod": "^3.24.2"
   },
   "devDependencies": {
+    "@types/bcryptjs": "^2.4.6",
     "@types/node": "^20",
     "@types/react": "^18",
     "@types/react-dom": "^18",
diff --git a/src/app/login/page.tsx b/src/app/login/page.tsx
new file mode 100644
index 0000000..ad5ec0c
--- /dev/null
+++ b/src/app/login/page.tsx
@@ -0,0 +1,69 @@
+'use client';
+import { useFormState, useFormStatus } from 'react-dom';
+import { login } from '@/lib/auth-actions';
+import { Button } from '@/components/ui/button';
+import { Card, CardContent, CardDescription, CardHeader, CardTitle } from '@/components/ui/card';
+import { Input } from '@/components/ui/input';
+import { Label } from '@/components/ui/label';
+import { Loader2 } from 'lucide-react';
+import { useEffect } from 'react';
+import { useToast } from '@/hooks/use-toast';
+import { Logo } from '@/components/icons';
+
+const initialState = {
+  message: '',
+};
+
+function SubmitButton() {
+  const { pending } = useFormStatus();
+  return (
+    <Button type="submit" className="w-full" disabled={pending}>
+      {pending && <Loader2 className="mr-2 h-4 w-4 animate-spin" />}
+      Login
+    </Button>
+  );
+}
+
+export default function LoginPage() {
+  const [state, formAction] = useFormState(login, initialState);
+  const { toast } = useToast();
+
+  useEffect(() => {
+    if (state?.message) {
+      toast({
+        title: 'Login Failed',
+        description: state.message,
+        variant: 'destructive',
+      });
+    }
+  }, [state, toast]);
+
+  return (
+    <main className="flex items-center justify-center min-h-screen bg-background">
+      <Card className="w-full max-w-sm">
+        <CardHeader className="text-center">
+          <div className="flex justify-center items-center mb-4">
+            <Logo className="h-8 w-8 mr-2 text-primary" />
+            <h1 className="font-bold text-2xl">PromptVerse</h1>
+          </div>
+          <CardTitle>Welcome Back</CardTitle>
+          <CardDescription>Enter your password to access your prompts.</CardDescription>
+        </CardHeader>
+        <CardContent>
+          <form action={formAction} className="space-y-4">
+            <div className="space-y-2">
+              <Label htmlFor="password">Password</Label>
+              <Input
+                id="password"
+                name="password"
+                type="password"
+                required
+              />
+            </div>
+            <SubmitButton />
+          </form>
+        </CardContent>
+      </Card>
+    </main>
+  );
+}
diff --git a/src/app/page.tsx b/src/app/page.tsx
index c9185ca..221a906 100644
--- a/src/app/page.tsx
+++ b/src/app/page.tsx
@@ -1,12 +1,19 @@
+import { getSession } from '@/lib/session';
+import { redirect } from 'next/navigation';
 import { Header } from '@/components/header';
 import { PromptList, PromptListSkeleton } from '@/components/prompt-list';
 import { Suspense } from 'react';
 
-export default function Home({
+export default async function Home({
   searchParams,
 }: {
   searchParams?: { q?: string };
 }) {
+  const session = await getSession();
+  if (!session) {
+    redirect('/login');
+  }
+
   const query = searchParams?.q || '';
 
   return (
diff --git a/src/components/header.tsx b/src/components/header.tsx
index d6bc2b3..4b28210 100644
--- a/src/components/header.tsx
+++ b/src/components/header.tsx
@@ -1,10 +1,12 @@
 'use client';
 import { Logo } from '@/components/icons';
 import { Input } from '@/components/ui/input';
-import { Search } from 'lucide-react';
+import { Button } from '@/components/ui/button';
+import { Search, LogOut } from 'lucide-react';
 import { CreatePromptDialog } from '@/components/create-prompt-dialog';
 import { usePathname, useRouter, useSearchParams } from 'next/navigation';
 import { useRef } from 'react';
+import { logout } from '@/lib/auth-actions';
 
 export function Header() {
   const searchParams = useSearchParams();
@@ -27,6 +29,10 @@ export function Header() {
     }, 300);
   };
 
+  const handleLogout = async () => {
+    await logout();
+  }
+
   return (
     <header className="sticky top-0 z-50 w-full border-b border-border/40 bg-background/95 backdrop-blur supports-[backdrop-filter]:bg-background/60">
       <div className="container flex h-16 max-w-7xl items-center justify-between mx-auto px-4 sm:px-6 lg:px-8">
@@ -45,6 +51,11 @@ export function Header() {
             />
           </div>
           <CreatePromptDialog />
+           <form action={handleLogout}>
+            <Button variant="ghost" size="icon" type="submit" aria-label="Logout">
+              <LogOut className="h-4 w-4" />
+            </Button>
+          </form>
         </div>
       </div>
     </header>
diff --git a/src/lib/actions.ts b/src/lib/actions.ts
index b481be7..e466a34 100644
--- a/src/lib/actions.ts
+++ b/src/lib/actions.ts
@@ -7,8 +7,15 @@ import type { Prompt } from './types';
 import { suggestTags as suggestTagsFlow } from '@/ai/flows/suggest-tags';
 import { suggestTitle as suggestTitleFlow } from '@/ai/flows/suggest-title';
 import { z } from 'zod';
+import { getSession } from './session';
+import { redirect } from 'next/navigation';
 
 export async function getPrompts(query: string = ''): Promise<Prompt[]> {
+  const session = await getSession();
+  if (!session) {
+    return [];
+  }
+  
   const db = await getDb();
   const lowerCaseQuery = `%${query.toLowerCase()}%`;
 
@@ -38,6 +45,11 @@ const CreatePromptSchema = z.object({
 
 
 export async function createPrompt(prevState: any, formData: FormData) {
+  const session = await getSession();
+  if (!session) {
+    redirect('/login');
+  }
+
   const validatedFields = CreatePromptSchema.safeParse({
     content: formData.get('content'),
     notes: formData.get('notes'),
@@ -76,6 +88,11 @@ export async function createPrompt(prevState: any, formData: FormData) {
 }
 
 export async function suggestPromptTags(promptText: string): Promise<{tags?: string[]; error?: string}> {
+  const session = await getSession();
+  if (!session) {
+    return { error: 'You must be logged in to use AI suggestions.' };
+  }
+  
   if (!promptText || promptText.trim().length < 20) {
     return { error: 'Please provide a more detailed prompt for better suggestions.' };
   }
diff --git a/src/lib/auth-actions.ts b/src/lib/auth-actions.ts
new file mode 100644
index 0000000..e0a3e74
--- /dev/null
+++ b/src/lib/auth-actions.ts
@@ -0,0 +1,45 @@
+'use server';
+import { redirect } from 'next/navigation';
+import { compare } from 'bcryptjs';
+import { SignJWT } from 'jose';
+import { cookies } from 'next/headers';
+
+const secretKey = process.env.JWT_SECRET_KEY;
+const key = new TextEncoder().encode(secretKey);
+
+export async function encrypt(payload: any) {
+  return await new SignJWT(payload)
+    .setProtectedHeader({ alg: 'HS256' })
+    .setIssuedAt()
+    .setExpirationTime('1d') // 1 day
+    .sign(key);
+}
+
+export async function login(prevState: any, formData: FormData) {
+  const password = formData.get('password') as string;
+
+  if (!process.env.ADMIN_PASSWORD) {
+    return { message: 'Admin password is not set.' };
+  }
+
+  const passwordsMatch = await compare(password, process.env.ADMIN_PASSWORD);
+
+  if (passwordsMatch) {
+    // Create the session
+    const expires = new Date(Date.now() + 24 * 60 * 60 * 1000);
+    const session = await encrypt({ user: { id: 'admin' }, expires });
+
+    // Save the session in a cookie
+    cookies().set('session', session, { expires, httpOnly: true });
+
+    redirect('/');
+  }
+
+  return { message: 'Invalid password.' };
+}
+
+export async function logout() {
+  // Destroy the session
+  cookies().set('session', '', { expires: new Date(0) });
+  redirect('/login');
+}
diff --git a/src/lib/db.ts b/src/lib/db.ts
index 84e6e05..46b038c 100644
--- a/src/lib/db.ts
+++ b/src/lib/db.ts
@@ -2,10 +2,36 @@
 import { open } from 'sqlite';
 import sqlite3 from 'sqlite3';
 import { initialPrompts } from './data';
+import { hash } from 'bcryptjs';
 
 // Singleton pattern to ensure only one database connection is created.
 let db: Awaited<ReturnType<typeof open>> | null = null;
 
+async function seedDatabase(db: Awaited<ReturnType<typeof open>>) {
+    // Seed initial data if the table is empty
+    const countResult = await db.get('SELECT COUNT(*) as count FROM prompts');
+    if (countResult && countResult.count === 0) {
+      const stmt = await db.prepare('INSERT INTO prompts (title, content, notes, tags, createdAt) VALUES (?, ?, ?, ?, ?)');
+      for (const prompt of initialPrompts) {
+        await stmt.run(prompt.title, prompt.content, prompt.notes, JSON.stringify(prompt.tags), prompt.createdAt);
+      }
+      await stmt.finalize();
+    }
+}
+
+async function setupAdminPassword() {
+  if (process.env.ADMIN_PASSWORD) {
+     const plainPassword = process.env.ADMIN_PASSWORD;
+     // In a real app, you wouldn't log this. This is for demonstration.
+     console.log(`Hashing admin password: ${plainPassword}`);
+     process.env.ADMIN_PASSWORD = await hash(plainPassword, 10);
+     console.log(`Hashed admin password stored in environment.`);
+  } else {
+    console.warn("ADMIN_PASSWORD environment variable not set. Using default.");
+    process.env.ADMIN_PASSWORD = await hash('admin', 10);
+  }
+}
+
 export async function getDb() {
   if (!db) {
     const newDb = await open({
@@ -25,15 +51,8 @@ export async function getDb() {
       );
     `);
 
-    // Seed initial data if the table is empty
-    const countResult = await newDb.get('SELECT COUNT(*) as count FROM prompts');
-    if (countResult && countResult.count === 0) {
-      const stmt = await newDb.prepare('INSERT INTO prompts (title, content, notes, tags, createdAt) VALUES (?, ?, ?, ?, ?)');
-      for (const prompt of initialPrompts) {
-        await stmt.run(prompt.title, prompt.content, prompt.notes, JSON.stringify(prompt.tags), prompt.createdAt);
-      }
-      await stmt.finalize();
-    }
+    await setupAdminPassword();
+    await seedDatabase(newDb);
     
     db = newDb;
   }
diff --git a/src/lib/session.ts b/src/lib/session.ts
new file mode 100644
index 0000000..b46c21d
--- /dev/null
+++ b/src/lib/session.ts
@@ -0,0 +1,25 @@
+'use server';
+import 'server-only';
+import { cookies } from 'next/headers';
+import { jwtVerify } from 'jose';
+
+const secretKey = process.env.JWT_SECRET_KEY;
+const key = new TextEncoder().encode(secretKey);
+
+export async function decrypt(input: string): Promise<any> {
+  try {
+    const { payload } = await jwtVerify(input, key, {
+      algorithms: ['HS256'],
+    });
+    return payload;
+  } catch (error) {
+    return null;
+  }
+}
+
+export async function getSession() {
+  const sessionCookie = cookies().get('session')?.value;
+  if (!sessionCookie) return null;
+  const session = await decrypt(sessionCookie);
+  return session;
+}
diff --git a/src/middleware.ts b/src/middleware.ts
new file mode 100644
index 0000000..a35b848
--- /dev/null
+++ b/src/middleware.ts
@@ -0,0 +1,27 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { getSession } from './lib/session';
+
+const protectedRoutes = ['/'];
+const publicRoutes = ['/login'];
+
+export async function middleware(req: NextRequest) {
+  const path = req.nextUrl.pathname;
+  const isProtectedRoute = protectedRoutes.includes(path);
+  const isPublicRoute = publicRoutes.includes(path);
+
+  const session = await getSession();
+
+  if (isProtectedRoute && !session) {
+    return NextResponse.redirect(new URL('/login', req.nextUrl));
+  }
+
+  if (isPublicRoute && session && !req.nextUrl.searchParams.has('from')) {
+     return NextResponse.redirect(new URL('/', req.nextUrl));
+  }
+
+  return NextResponse.next();
+}
+
+export const config = {
+  matcher: ['/((?!api|_next/static|_next/image|.*\\.png$).*)'],
+};