Fixed Issue #6

.gitignore

@@ -32,6 +32,7 @@ yarn-error.log*
 
 # env files (can opt-in for committing if needed)
 .env*
+.env.local
 
 # vercel
 .vercel

app/HomeWrapper.tsx

@@ -0,0 +1,30 @@
+"use client"
+
+import { useSession } from "next-auth/react"
+import { useRouter } from "next/navigation"
+import { useEffect } from "react"
+
+export default function HomeWrapper({ children }: { children: React.ReactNode }) {
+  const { data: session, status } = useSession()
+  const router = useRouter()
+
+  useEffect(() => {
+    if (status === "loading") return
+
+    if (session?.user?.needsPassword) {
+      router.replace("/set-password?email=" + session.user.email)
+    }
+  }, [session, status, router])
+
+  if (status === "loading") {
+    return (
+      <div className="flex min-h-screen items-center justify-center">
+        <p className="text-sm text-muted">Loading...</p>
+      </div>
+    )
+  }
+
+  if (session?.user?.needsPassword) return null
+
+  return <>{children}</>
+}

app/api/auth/[...nextauth]/route.ts

@@ -0,0 +1,3 @@
+
+
+export { GET, POST } from "@/lib/auth"

app/api/rate-limit/route.ts

@@ -0,0 +1,10 @@
+import { NextResponse } from "next/server"
+import { checkRateLimit } from "@/lib/rateLimit"
+
+export async function POST(req: Request) {
+  const { email } = await req.json()
+
+  const result = checkRateLimit(email)
+
+  return NextResponse.json(result)
+}

app/api/set-password/route.ts

@@ -0,0 +1,38 @@
+import { NextResponse } from "next/server"
+import clientPromise from "@/lib/mongodb"
+import bcrypt from "bcryptjs"
+
+export async function POST(req: Request) {
+  try {
+    const { email, password } = await req.json()
+
+    if (!email || !password) {
+      return NextResponse.json(
+        { error: "Missing email or password" },
+        { status: 400 }
+      )
+    }
+
+    const client = await clientPromise
+    const db = client.db()
+
+    const hashedPassword = await bcrypt.hash(password, 10)
+
+    await db.collection("users").updateOne(
+      { email },
+      {
+        $set: {
+          password: hashedPassword,
+        },
+      }
+    )
+
+    return NextResponse.json({ success: true })
+  } catch (err) {
+    console.error("SET PASSWORD ERROR:", err)
+    return NextResponse.json(
+      { error: "Internal server error" },
+      { status: 500 }
+    )
+  }
+}

app/layout.tsx

@@ -3,6 +3,7 @@ import { Geist, Fraunces } from "next/font/google";
 import "./globals.css";
 import { Navbar } from "@/components/Navbar";
 import { Footer } from "@/components/Footer";
+import Providers from "./providers"; // ✅ ADD THIS
 
 const geistSans = Geist({
   variable: "--font-geist-sans",
@@ -42,10 +43,14 @@ export default function RootLayout({
       className={`${geistSans.variable} ${fraunces.variable} h-full antialiased`}
     >
       <body className="min-h-full flex flex-col bg-background text-foreground">
-        <Navbar />
-        <main className="flex-1">{children}</main>
-        <Footer />
+
+        <Providers>
+          <Navbar />
+          <main className="flex-1">{children}</main>
+          <Footer />
+        </Providers>
+
       </body>
     </html>
   );
-}
+}

app/login/LoginClient.tsx

@@ -0,0 +1,102 @@
+"use client"
+
+import Link from "next/link"
+import { Section } from "@/components/Section"
+import { signIn } from "next-auth/react"
+import { useState } from "react"
+
+export default function LoginClient() {
+  const [email, setEmail] = useState("")
+  const [error, setError] = useState("")
+
+  const handleLogin = async (e: React.FormEvent) => {
+    e.preventDefault()
+
+    setError("")
+
+    try {
+      // rate limit check BEFORE signIn
+      const res = await fetch("/api/rate-limit", {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+        },
+        body: JSON.stringify({ email }),
+      })
+
+      const data = await res.json()
+
+      if (!data.allowed) {
+        setError("Too many requests. Please try again later.")
+        return
+      }
+
+      // proceed normally
+      await signIn("email", {
+        email,
+        callbackUrl: "/",
+      })
+    } catch (err) {
+      setError("Something went wrong. Please try again.")
+    }
+  }
+
+  return (
+    <Section className="py-20">
+      <div className="mx-auto max-w-md rounded-xl border border-border bg-background p-8">
+        <p className="mt-2 text-sm text-muted">
+          Sign in to access the alumni directory, events, and the job board.
+        </p>
+
+        <form className="mt-6 space-y-4" onSubmit={handleLogin}>
+          <div>
+            <label className="text-sm font-medium">Email</label>
+            <input
+              type="email"
+              value={email}
+              onChange={(e) => setEmail(e.target.value)}
+              className="mt-1 h-10 w-full rounded-md border border-border bg-background px-3 text-sm"
+            />
+          </div>
+
+          <div>
+            <label className="text-sm font-medium">Password</label>
+            <input
+              type="password"
+              className="mt-1 h-10 w-full rounded-md border border-border bg-background px-3 text-sm"
+            />
+          </div>
+
+          <button
+            type="submit"
+            className="inline-flex h-11 w-full items-center justify-center rounded-md bg-brand text-sm font-semibold text-white hover:bg-brand-700"
+          >
+            Sign in
+          </button>
+        </form>
+
+        {/* ERROR MESSAGE (no UI change, just added) */}
+        {error && (
+          <p className="mt-2 text-sm text-red-500">
+            {error}
+          </p>
+        )}
+
+        <button
+          type="button"
+          onClick={() => signIn("google", { callbackUrl: "/" })}
+          className="mt-4 inline-flex h-11 w-full items-center justify-center rounded-md border border-border text-sm font-semibold"
+        >
+          Sign in with Google
+        </button>
+
+        <p className="mt-4 text-center text-sm text-muted">
+          New to IIITL Alumni?{" "}
+          <Link href="/register" className="font-medium text-brand">
+            Create an account
+          </Link>
+        </p>
+      </div>
+    </Section>
+  )
+}

app/login/page.tsx

@@ -1,45 +1,7 @@
-import Link from "next/link";
-import { Section } from "@/components/Section";
+import LoginClient from "./LoginClient"
 
-export const metadata = { title: "Sign in" };
+export const metadata = { title: "Sign in" }
 
-export default function LoginPage() {
-  return (
-    <Section className="py-20">
-      <div className="mx-auto max-w-md rounded-xl border border-border bg-background p-8">
-        <h1 className="font-serif text-3xl font-semibold">Welcome back</h1>
-        <p className="mt-2 text-sm text-muted">
-          Sign in to access the alumni directory, events, and the job board.
-        </p>
-        <form className="mt-6 space-y-4">
-          <div>
-            <label className="text-sm font-medium">Email</label>
-            <input
-              type="email"
-              className="mt-1 h-10 w-full rounded-md border border-border bg-background px-3 text-sm"
-            />
-          </div>
-          <div>
-            <label className="text-sm font-medium">Password</label>
-            <input
-              type="password"
-              className="mt-1 h-10 w-full rounded-md border border-border bg-background px-3 text-sm"
-            />
-          </div>
-          <button
-            type="button"
-            className="inline-flex h-11 w-full items-center justify-center rounded-md bg-brand text-sm font-semibold text-white hover:bg-brand-700"
-          >
-            Sign in
-          </button>
-        </form>
-        <p className="mt-4 text-center text-sm text-muted">
-          New to IIITL Alumni?{" "}
-          <Link href="/register" className="font-medium text-brand">
-            Create an account
-          </Link>
-        </p>
-      </div>
-    </Section>
-  );
-}
+export default function Page() {
+  return <LoginClient />
+}