Skip to content

Feature/CDP-222-SignupFunction#64

Merged
leeunduck merged 4 commits intomainfrom
Feature/CDP-222-SignupFunction
Jan 27, 2026
Merged

Feature/CDP-222-SignupFunction#64
leeunduck merged 4 commits intomainfrom
Feature/CDP-222-SignupFunction

Conversation

@leeunduck
Copy link
Owner

🚀 Pull Request

📝 PR 유형

  • 기능 추가 (Feature)
  • 버그 수정 (Bug Fix)
  • 코드 개선 (Refactoring)
  • 문서 작업 (Docs)
  • 환경 설정 (Configuration)
  • 최종 점검 (Release Check)

🔍 변경 사항

회원가입 기능 추가


📸 스크린샷


🚧 관련 이슈


🛠️ 최종 배포 점검 리스트

  • 주요 기능 동작 확인
  • 빌드/배포 환경 점검
  • 문서/설정 검토

✅ 최종 배포 점검 결과

@vercel
Copy link
Contributor

vercel bot commented Jan 27, 2026

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Review Updated (UTC)
custom-daily-planner Error Error Jan 27, 2026 7:41am

Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: da92abd379

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment on lines +60 to +64
const { data, error } = await supabaseAdmin
.from("profiles")
.update({ name })
.eq("email", email)
.select("id")

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Require auth before admin profile update

This route updates profiles (and then auth.users metadata) using the service-role client with only an email address as the selector. Because there is no access‑token check anywhere in the handler, any unauthenticated caller who knows or guesses an email can change that user’s name and metadata. The /api/set-password route already shows the pattern for verifying a Bearer token; the same kind of auth check is needed here to prevent unauthorized profile tampering.

Useful? React with 👍 / 👎.

Comment on lines +161 to +165
setOtp("");
setOtpMsg("");
setIsVerified(null);

sendOtp();

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Avoid auto-resending OTP on failed verification

Because the effect depends on isVerified, any failed verification (isVerified=false) triggers this block, which clears the OTP and immediately calls sendOtp(). The block also sets isVerified(null), which causes the effect to run again and can send another OTP on the next render. This means a single wrong code can spam multiple OTP emails and wipe the user’s input/error message, making retries confusing. Consider only auto‑sending on the initial “email is available” transition or gating it with a separate flag.

Useful? React with 👍 / 👎.

@leeunduck leeunduck merged commit 03e53e4 into main Jan 27, 2026
10 of 14 checks passed
@leeunduck leeunduck deleted the Feature/CDP-222-SignupFunction branch January 27, 2026 08:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant