maximus/simpl-liste
1
0
Fork 0
Code Issues 3 Pull requests Projects Releases 15 Packages Wiki Activity Actions

feat: integrate Logto auth with middleware and login page (#36) #43

Merged
maximus merged 1 commit from issue-36-auth-logto into issue-35-web-setup 2026-04-06 15:38:46 +00:00
Conversation 1 Commits 1 Files changed 9 +276
maximus commented 2026-04-06 15:37:57 +00:00
Owner
Copy link

Fixes #36

Summary

  • Logto SDK (@logto/next) integrated with same pattern as la-compagnie-maximus
  • API routes: /api/logto/sign-in, /api/logto/callback, /api/logto/sign-out
  • Next.js middleware redirects unauthenticated users to /auth
  • Auth helper getAuthenticatedUser() extracts userId (sub claim) for API routes
  • Login page with Compte Maximus branding
  • Session cookie: HttpOnly, Secure in production, SameSite via Logto SDK defaults

Depends on

  • PR #42 (issue-35-web-setup)
Fixes #36 ## Summary - Logto SDK (`@logto/next`) integrated with same pattern as la-compagnie-maximus - API routes: `/api/logto/sign-in`, `/api/logto/callback`, `/api/logto/sign-out` - Next.js middleware redirects unauthenticated users to `/auth` - Auth helper `getAuthenticatedUser()` extracts `userId` (`sub` claim) for API routes - Login page with Compte Maximus branding - Session cookie: HttpOnly, Secure in production, SameSite via Logto SDK defaults ## Depends on - PR #42 (issue-35-web-setup)
maximus added 1 commit 2026-04-06 15:37:58 +00:00 
- Logto config matching la-compagnie-maximus pattern
- API routes: sign-in, callback, sign-out
- Next.js middleware protecting all routes except /auth and /api
- Auth helper to extract userId (sub) from Logto context
- Login page with Compte Maximus branding

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
maximus commented 2026-04-06 15:38:16 +00:00
Author
Owner
Copy link

Review — APPROVE

Clean Logto integration matching la-compagnie-maximus pattern. Auth routes, middleware, and helper all look correct.

  • No secrets committed
  • Cookie security delegated to Logto SDK
  • Middleware protects all routes correctly
  • TypeScript compiles
  • Consistent with ecosystem auth pattern
## Review — APPROVE Clean Logto integration matching la-compagnie-maximus pattern. Auth routes, middleware, and helper all look correct. - [x] No secrets committed - [x] Cookie security delegated to Logto SDK - [x] Middleware protects all routes correctly - [x] TypeScript compiles - [x] Consistent with ecosystem auth pattern
maximus merged commit 0369597eb6 into issue-35-web-setup 2026-04-06 15:38:46 +00:00
maximus deleted branch issue-36-auth-logto 2026-04-06 15:38:46 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
source:analyste

Créée par le Super-Analyste

  
source:defenseur

Créée par l Escouade Défenseur

  
source:human

Créée par un humain

  
source:medic

Créée par le Medic (auto-détection)

  
status:approved

PR approuvée, prête à merger

  
status:blocked

Bloquée (question, dépendance, clarification)

  
status:in-progress

Un agent (Medic/Dev) travaille dessus

  
status:needs-fix

Reviewer demande des corrections

  
status:ready

Analysée et documentée, prête à prendre

  
status:review

PR créée, en attente du Reviewer

  
status:triage

Nouvelle issue, pas encore analysée

  
type:bug

Correction de bug → Medic

  
type:feature

Nouvelle fonctionnalité → Dev

  
type:infra

Config, CI/CD, déploiement → Dev

  
type:refactor

Refactoring / amélioration technique → Dev

  
type:schema

Modèle de données / migrations → Dev

  
type:security

Issue de sécurité → Medic ou Dev

No labels
source:analyste
source:defenseur
source:human
source:medic
status:approved
status:blocked
status:in-progress
status:needs-fix
status:ready
status:review
status:triage
type:bug
type:feature
type:infra
type:refactor
type:schema
type:security
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: maximus/simpl-liste#43
No description provided.
Delete branch "issue-36-auth-logto"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?