Dev

[deekshithgowda85]

Summary by CodeRabbit

• New Features

  • Implemented new authentication system supporting email/password credentials and optional GitHub OAuth integration
  • Added GitHub console page allowing users to securely connect GitHub accounts and manage repositories

• Documentation

  • Updated contribution guide with detailed scoring rubric and project guidelines
  • Added security audit report documenting recommendations

• Chores

  • Removed Firebase dependency

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
sec-dev-3lx6	Error		May 29, 2026 4:55pm

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 87a00afc-c2d0-4bd2-830a-a2db19294cc9

📥 Commits

Reviewing files that changed from the base of the PR and between 5d9f5c9 and 746df1d.

📒 Files selected for processing (15)

• CONTRIBUTING_GUIDE_GSSOC.md
• GOOD_FIRST_ISSUE.md
• app/api/auth/register/route.ts
• app/console/account/page.tsx
• app/console/github/page.tsx
• app/login/page.tsx
• app/register/page.tsx
• components/console/account-page-client.tsx
• components/console/github-connect-button.tsx
• components/console/repository-list.tsx
• components/console/top-navbar.tsx
• lib/auth.ts
• lib/firebase.ts
• lib/user-auth.ts
• package.json

---

📝 Walkthrough

Walkthrough

This PR replaces Firebase client-side authentication with NextAuth credentials provider and optional GitHub OAuth, introducing server-backed user storage with PBKDF2 password hashing, refactoring auth pages and console components, and removing Firebase from dependencies.

Changes

NextAuth Credential & GitHub OAuth Integration

Layer / File(s)	Summary
User Authentication Library with PBKDF2 lib/user-auth.ts	Database-backed user creation, authentication, and profile lookup using PBKDF2 password hashing with per-user salt; supports lookup by ID or normalized email.
NextAuth Configuration with Credentials & GitHub Providers lib/auth.ts	NextAuth setup with always-enabled credentials provider (calling authenticateUser) and conditional GitHub provider; JWT callbacks persist email and GitHub accessToken; session callbacks inject user ID and email.
Registration Page and API Endpoint app/api/auth/register/route.ts, app/register/page.tsx	New POST endpoint validates and creates users via createUser; register page fetches endpoint, handles email-in-use errors with login link, and redirects to login on success.
Login Page with NextAuth Credentials Flow app/login/page.tsx	Updated to call signIn("credentials") instead of Firebase; getLoginErrorMessage maps errors to UI; navigates to /console/dashboard on success.
Account Settings Server & Client Components app/console/account/page.tsx, components/console/account-page-client.tsx	Account page refactored to async server component that loads user profile; new AccountPageClient renders profile, password update, GitHub connection CTA, active sessions, and account deletion; includes save-state feedback and password visibility toggles.
GitHub Integration: Console Page & Connect Button app/console/github/page.tsx, components/console/github-connect-button.tsx	New GitHub console page checks accessToken to derive connection state; renders GitHub-not-connected panel with GitHubConnectButton when disconnected; GitHubConnectButton triggers NextAuth GitHub sign-in.
Top Navbar & Repository List NextAuth Updates components/console/top-navbar.tsx, components/console/repository-list.tsx	Top navbar removed session-derived display data and GitHub sign-in button; repository list unauthenticated path now uses NextAuth signIn("github") instead of plain link.
Documentation & Dependency Updates CONTRIBUTING_GUIDE_GSSOC.md, GOOD_FIRST_ISSUE.md, package.json	GSSoC guide repositioned scoring section; GOOD_FIRST_ISSUE.md replaced with SecDev Audit Report; Firebase dependency removed.

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly Related PRs

• deekshithgowda85/SecDev#26: Modifies the same "GSSoC Labels & Scoring (Project-specific)" section in CONTRIBUTING_GUIDE_GSSOC.md.

🐰 NextAuth springs to life, where passwords are hashed with care,
PBKDF2 salts ensure security beyond compare,
GitHub connections bloom like spring flowers,
Credentials flow through server powers,
Firebase fades, a new era does dawn! 🌸

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dev

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

ESLint install failed: lockfile failed supply-chain policy check. Run pnpm install locally to update the lockfile.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}