Merge pull request #54 from hack4impact/dev

Sprint 1 & 2 & 3

Author: martin0024

.env.example

@@ -0,0 +1,6 @@
+NEXT_PUBLIC_SUPABASE_URL=https://your-project.supabase.co
+NEXT_PUBLIC_SUPABASE_PUBLISHABLE_DEFAULT_KEY=sb_publishable_your-key
+DATABASE_URL=postgresql://postgres:password@db.your-project.supabase.co:5432/postgres
+STRIPE_PRICE_ID=
+STRIPE_SECRET_KEY=
+NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY=

.github/workflows/ci.yml

@@ -0,0 +1,30 @@
+name: CI
+
+on:
+  push:
+    branches: [main, dev]
+  pull_request:
+
+concurrency:
+  group: ci-${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: "25"
+          cache: npm
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Lint
+        run: npm run lint
+
+      - name: Unit tests
+        run: npm run test:ci

.gitignore

@@ -0,0 +1,64 @@
+# dependencies
+/node_modules
+/.pnp
+.pnp.*
+.yarn/*
+!.yarn/patches
+!.yarn/plugins
+!.yarn/releases
+!.yarn/versions
+
+# testing
+/coverage
+
+# next.js
+/.next/
+/out/
+
+# production
+/build
+
+# misc
+.DS_Store
+*.pem
+Thumbs.db
+
+# debug
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+.pnpm-debug.log*
+
+# env files
+.env
+.env.*
+!.env.example
+
+# vercel
+.vercel
+
+# typescript
+*.tsbuildinfo
+next-env.d.ts
+
+# editors
+.vscode/*
+!.vscode/settings.json
+!.vscode/extensions.json
+.idea/
+*.swp
+*.swo
+*~
+
+# drizzle
+drizzle/meta/
+
+# supabase
+.supabase/
+
+
+.agents/
+.playwright-mcp/
+.mcp.json
+.claude/
+.cursor/

.prettierrc.json

@@ -0,0 +1,3 @@
+{
+  "tabWidth": 3
+}

AGENTS.md

@@ -0,0 +1,5 @@
+<!-- BEGIN:nextjs-agent-rules -->
+# This is NOT the Next.js you know
+
+This version has breaking changes — APIs, conventions, and file structure may all differ from your training data. Read the relevant guide in `node_modules/next/dist/docs/` before writing any code. Heed deprecation notices.
+<!-- END:nextjs-agent-rules -->

CLAUDE.md

@@ -0,0 +1 @@
+@AGENTS.md

README.md

@@ -1 +1,98 @@
-# mcld-project
+# mcld-project
+
+## Stack
+
+- **Framework**: Next.js 16 (App Router, Turbopack)
+- **Auth**: Supabase Auth (email/password, SSR via `@supabase/ssr`)
+- **Database**: PostgreSQL via Supabase + Drizzle ORM
+- **UI**: shadcn/ui (Radix) + Tailwind
+- **Hosting**: Vercel
+
+## Setup
+
+### 1. Install dependencies
+
+```bash
+pnpm install
+```
+
+### 2. Configure environment
+
+```bash
+cp .env.example .env.local
+sudo nano .env
+```
+
+Fill in your Supabase credentials from [supabase.com/dashboard](https://supabase.com/dashboard) > Project Settings > API (or Dashboard > Framework > Next.js > Environment Variables):
+
+only on `.env.local`:
+
+- `NEXT_PUBLIC_SUPABASE_URL` — Project URL
+- `NEXT_PUBLIC_SUPABASE_PUBLISHABLE_DEFAULT_KEY` — Publishable (anon) key
+
+only on `.env`:
+
+- `DATABASE_URL` — Connection string (Dashboard > Direct (connextion string) > Copy connection string (for the password go to Database > Settings > Database password > Reset password))
+
+### 3. Configure Supabase Auth (if you dont use port 3000)
+
+In your Supabase dashboard under **Authentication > URL Configuration**:
+
+- **Site URL**: `http://localhost:PORT`
+- **Redirect URLs**: add `http://localhost:PORT/auth/callback`
+
+Make sure **Email** provider is enabled under **Authentication > Sign In/Providers**.
+
+### 4. Set up the database
+
+```bash
+pnpm db:push       # push schema to Supabase
+pnpm db:generate   # generate migration files
+pnpm db:migrate    # run migrations
+```
+
+### 5. Run
+
+```bash
+pnpm dev
+```
+
+Open [http://localhost:3000](http://localhost:3000). You'll be redirected to `/login` if not authenticated.
+
+## Adding shadcn/ui components
+
+```bash
+npx shadcn@latest add <component>
+```
+
+Examples:
+
+```bash
+npx shadcn@latest add button
+npx shadcn@latest add card input label
+npx shadcn@latest add dialog dropdown-menu
+```
+
+Components are installed to `components/ui/`. Browse available components at [ui.shadcn.com](https://ui.shadcn.com).
+
+## Project structure
+
+```
+app/
+  layout.tsx          # Root layout (Helvetica font)
+  page.tsx            # Home (protected, shows user + sign out)
+  login/
+    page.tsx          # Login / signup form
+    actions.ts        # Server actions (login, signup, signout)
+  auth/
+    callback/
+      route.ts        # Email confirmation callback
+components/ui/        # shadcn/ui components
+utils/supabase/
+  client.ts           # Browser Supabase client
+  server.ts           # Server Supabase client
+  middleware.ts       # Session refresh + auth redirect logic
+proxy.ts              # Next.js 16 proxy (replaces middleware.ts)
+drizzle/              # Drizzle schema + migrations
+drizzle.config.ts     # Drizzle config
+```

__tests__/sanity.test.tsx

@@ -0,0 +1,10 @@
+import { render, screen } from "@testing-library/react";
+import DashboardPage from "@/app/dashboard/page";
+
+describe("jest setup", () => {
+  it("runs React + Testing Library", async () =>  {
+    const jsx = await DashboardPage();
+    render(jsx);
+    expect(screen.getByText("You are admin")).toBeInTheDocument();
+  });
+});

app/api/checkout/route.ts

@@ -0,0 +1,39 @@
+import { NextRequest, NextResponse } from "next/server";
+import { stripe, getOrCreateStripeCustomer } from "@/lib/stripe";
+import { createClient } from "@/utils/supabase/server";
+
+export async function POST(request: NextRequest) {
+  const supabase = await createClient();
+  const {
+    data: { user },
+  } = await supabase.auth.getUser();
+
+  if (!user) {
+    return NextResponse.json({ error: "Not authenticated" }, { status: 401 });
+  }
+
+  const { priceId, mode = "subscription" } = await request.json();
+
+  if (!priceId) {
+    return NextResponse.json(
+      { error: "Price ID is required" },
+      { status: 400 },
+    );
+  }
+
+  const stripeCustomerId = await getOrCreateStripeCustomer(
+    user.id,
+    user.email!,
+  );
+
+  const session = await stripe.checkout.sessions.create({
+    customer: stripeCustomerId,
+    mode: mode as "subscription" | "payment",
+    payment_method_types: ["card"],
+    line_items: [{ price: priceId, quantity: 1 }],
+    success_url: `${request.nextUrl.origin}/checkout/success`,
+    cancel_url: `${request.nextUrl.origin}/checkout/cancel`,
+  });
+
+  return NextResponse.json({ url: session.url });
+}

app/api/webhooks/stripe/route.ts

@@ -0,0 +1,90 @@
+import { NextRequest, NextResponse } from "next/server";
+import { stripe, syncStripeData } from "@/lib/stripe";
+import { db } from "@/lib/db";
+import { profiles, purchases } from "@/lib/db/schema";
+import { eq } from "drizzle-orm";
+import Stripe from "stripe";
+
+const allowedEvents: Stripe.Event.Type[] = [
+   "checkout.session.completed",
+   "customer.subscription.created",
+   "customer.subscription.updated",
+   "customer.subscription.deleted",
+   "customer.subscription.paused",
+   "customer.subscription.resumed",
+   "invoice.paid",
+   "invoice.payment_failed",
+   "invoice.payment_succeeded",
+];
+
+export async function POST(request: NextRequest) {
+   const body = await request.text();
+   const signature = request.headers.get("stripe-signature");
+
+   if (!signature) {
+      return NextResponse.json({ error: "No signature" }, { status: 400 });
+   }
+
+   let event: Stripe.Event;
+   try {
+      event = stripe.webhooks.constructEvent(
+         body,
+         signature,
+         process.env.STRIPE_WEBHOOK_SECRET!,
+      );
+   } catch (err) {
+      console.error("Webhook signature verification failed:", err);
+      return NextResponse.json({ error: "Invalid signature" }, { status: 400 });
+   }
+
+   if (!allowedEvents.includes(event.type)) {
+      return NextResponse.json({ received: true });
+   }
+
+   if (event.type === "checkout.session.completed") {
+      const session = event.data.object as Stripe.Checkout.Session;
+
+      if (session.mode === "payment" && session.customer) {
+         const customerId = session.customer as string;
+
+         const profile = await db.query.profiles.findFirst({
+            where: eq(profiles.stripeCustomerId, customerId),
+         });
+
+         if (profile) {
+            const lineItems = await stripe.checkout.sessions.listLineItems(
+               session.id,
+               { limit: 1 },
+            );
+            const item = lineItems.data[0];
+            if (item) {
+               await db.insert(purchases).values({
+                  userId: profile.id,
+                  stripePriceId: item.price?.id ?? "",
+                  stripeSessionId: session.id,
+                  productName: item.description ?? "Product",
+                  amount: session.amount_total ?? 0,
+                  currency: session.currency ?? "cad",
+               });
+            }
+         }
+
+         return NextResponse.json({ received: true });
+      }
+   }
+
+   const { customer: customerId } = event.data.object as {
+      customer: string;
+   };
+
+   if (typeof customerId !== "string") {
+      console.error(
+         `[STRIPE WEBHOOK] No customer ID on event type: ${event.type}`,
+      );
+      return NextResponse.json({ received: true });
+   }
+
+   await syncStripeData(customerId);
+
+   return NextResponse.json({ received: true });
+}