Skip to content

Improve: sign up verification #160

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 5 commits into
base: main
Choose a base branch
from
Draft

Improve: sign up verification #160

wants to merge 5 commits into from

Conversation

ben-fornefeld
Copy link
Member

@ben-fornefeld ben-fornefeld commented Oct 8, 2025
edited by cursor bot
Loading

Note

Adds BotId integration for bot detection on sign-up, gated by NEXT_PUBLIC_USE_BOT_ID, with client/server hooks and conditional Next.js config.

  • Security / Anti-bot:
    • Add botid dependency and feature flag USE_BOT_ID (NEXT_PUBLIC_USE_BOT_ID).
    • Client init: new src/instrumentation-client.ts calls initBotId with protected POST /sign-up when enabled.
    • Server check: signUpAction in src/server/auth/auth-actions.ts runs checkBotId() and blocks suspected bots.
    • Next.js config: wrap exported config with withBotId when flag is on.
  • Auth typing:
    • Replace OAuth provider schema with z.enum(['google','github']) in signInWithOAuthAction.

Written by Cursor Bugbot for commit 4302e39. This will update automatically on new commits. Configure here.

@ben-fornefeld ben-fornefeld added the improvement Improvements in-code label Oct 8, 2025
@linear
Copy link

linear bot commented Oct 8, 2025

ENG-3143 Feat: Integrate BotID

@vercel
Copy link

vercel bot commented Oct 8, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
web Ready Ready Preview Comment Oct 8, 2025 3:44pm
web-juliett Ready Ready Preview Comment Oct 8, 2025 3:44pm

@ben-fornefeld
Copy link
Member Author

bugbot run

cursor[bot]
cursor bot reviewed Oct 8, 2025
View reviewed changes
next.config.mjs
}

export default config
const exportedConfig = process.env.NEXT_PUBLIC_USE_BOT_ID === '1' ? withBotId(config) : config
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Bot Detection Inconsistency Across Build and Runtime

The NEXT_PUBLIC_USE_BOT_ID environment variable controls bot detection, but it's evaluated at build time in next.config.mjs for the withBotId wrapper and at runtime in src/configs/flags.ts. This difference can cause inconsistent bot detection behavior if the variable's value isn't consistent between build and runtime.

Fix in Cursor Fix in Web

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i am aware of this inconsistency, this HOF only configures certain rewrites to make it more effective in production

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

improvement Improvements in-code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ben-fornefeld