feat: implement new patch

[mehdiasadli]

Summary by CodeRabbit

• New Features

  • Added Google OAuth sign-in and sign-up integration across login and registration flows
  • Added security settings page for managing passwords, email verification, active sessions, and linked accounts
  • Added legal pages for Terms of Service and Privacy Policy

• Documentation

  • Updated setup documentation with Google OAuth configuration and troubleshooting guidance

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
xamsa-web	Ready	Preview, Comment	Apr 30, 2026 2:14pm

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

📝 Walkthrough

Walkthrough

The PR integrates Google OAuth sign-in functionality into the web application, introducing a new security settings page for account management, legal pages (Terms of Service and Privacy Policy), and backend OAuth helpers for automatic username generation and avatar mirroring. Environment variables and route configurations are updated to support the new features.

Changes

Cohort / File(s)	Summary
Google Sign-In UI Components apps/web/src/components/continue-with-google-button.tsx, apps/web/src/components/login-form.tsx, apps/web/src/components/register-form.tsx	New Google sign-in button component with loading state, error handling, and OAuth flow initiation. Login and registration forms updated to include Google authentication option with visual separator and legal consent text.
Settings Navigation & Organization apps/web/src/components/settings-nav.tsx, apps/web/src/routes/settings/index.tsx	New navigation component for settings sections (Profile/Security). Settings profile page refactored to remove email change flow and link to the new security page.
New Legal & Security Pages apps/web/src/routes/legal/privacy-policy.tsx, apps/web/src/routes/legal/terms-of-service.tsx, apps/web/src/routes/settings/security.tsx	Three new pages: Privacy Policy with data handling disclosures, Terms of Service with usage policies and disclaimers, and comprehensive Security Settings page for managing credentials, sessions, email verification, and Google account linking.
Backend OAuth & Password Management packages/auth/src/oauth-google.ts, packages/auth/src/fix-set-password-route.ts, packages/auth/src/index.ts, packages/auth/src/better-auth-rpc.ts	New OAuth helper module for Google sign-up (username auto-generation, display name normalization, avatar mirroring). Set-password endpoint plugin for credential-less accounts. Better Auth configuration extended with Google provider and user creation hooks. JSON-RPC utility for auth API calls.
Auth Client & Configuration apps/web/src/lib/auth-client.ts	Auth client initialization updated to conditionally set baseURL from environment variables for multi-origin deployments.
Environment & Build Configuration packages/env/src/server.ts, packages/env/src/web.ts, packages/auth/package.json, turbo.json, docs/SETUP.md	Environment schemas extended with Google OAuth credentials (GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET) and Better Auth URL (VITE_PUBLIC_BETTER_AUTH_URL). Build script and Turbo configuration updated. Setup documentation expanded with OAuth configuration and troubleshooting guidance.
Routing & Sitemap apps/web/src/routeTree.gen.ts, packages/api/src/public-sitemap-urls.ts	Route tree generated with three new paths. Sitemap extended to include legal pages in public entries.
Type Exports & Release Notes packages/db/src/index.ts, packages/utils/src/app-releases.ts, draft.md	Prisma client type exported. Release notes updated for version 26 with security settings and legal page highlights. Roadmap entry removed.

Sequence Diagram(s)

sequenceDiagram
    participant User as User (Browser)
    participant WebApp as Web App
    participant AuthServer as Better Auth Server
    participant GoogleOAuth as Google OAuth
    participant Database as Database

    User->>WebApp: Click "Continue with Google"
    WebApp->>WebApp: Set loading state, compute safe redirect
    WebApp->>AuthServer: POST /api/auth/signin/google<br/>(with callbackURL)
    AuthServer->>GoogleOAuth: Redirect to Google consent
    GoogleOAuth->>GoogleOAuth: User authorizes
    GoogleOAuth->>AuthServer: Return authorization code
    AuthServer->>Database: Check for existing Google account
    alt New User
        AuthServer->>Database: Create user with auto-generated username
        AuthServer->>Database: Fetch & mirror Google avatar
    else Existing User
        AuthServer->>Database: Link Google account
    end
    AuthServer->>WebApp: Redirect to callbackURL with session
    WebApp->>User: Navigate to redirect destination

Loading

Estimated Code Review Effort

🎯 4 (Complex) | ⏱️ ~75 minutes

Possibly Related PRs

• feat: implement new patch #32 — Adds Cloudinary avatar utilities and frontend image cropping; directly related through shared avatar handling and image upload flow with the new Google avatar mirroring logic.
• feat: improve performance, add better seo, json-ld, sitemap and robots #15 — Introduces sitemap and robots.txt generation; related through sitemap entry updates and route registration patterns applied in this PR.
• feat(web): route metadata, og tags, calver 26.4.1 #6 — Modifies route head and SEO handling in settings pages; related through route metadata updates and settings page restructuring in this PR.

Suggested Labels

app:web, dependencies, config, docs, size:xl

Poem

🐰 Google's golden gates swing wide today,
Usernames bloom where login lights play,
Avatars dance from the cloud up high,
While lawyers draft terms 'neath the digital sky,
Security blooms in the settings we stay!

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 21.74% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The title 'feat: implement new patch' is too generic and does not meaningfully describe the actual changes, which include Google OAuth integration, security settings pages, legal documentation routes, and password management features.	Replace with a more specific title that summarizes the main feature, such as 'feat: add Google OAuth sign-in and security settings page' or 'feat: add social authentication and account security management'.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch v26-04-26

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Review rate limit: 0/1 reviews remaining, refill in 60 minutes.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}