feat: V2 microservices stack — backend services, gateway, JWT auth

Add full V2 architecture: identity, content, studio (.NET 10) and file,
render, notification, gateway (Go) services with vendored deps, plus DB
migrations, event/API contracts, and an init-db script.

Wire the Next.js frontend to the gateway: server-side JWT auth routes
(login/register/refresh/logout/me), gateway fetch helper, and session/
cookie/jwt helpers under src/lib.

Containerize the stack via docker-compose.v2.yml and per-service
Dockerfiles. Base images resolve through a Nexus mirror (Docker Hub) and
MCR directly; npm/NuGet pull from Nexus groups. Self-host fonts via
next/font/local to avoid Google Fonts (geo-blocked).

Add CI workflow and ignore .env.v2, *.stackdump, and .NET bin/obj.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

src/components/auth/AuthPageContent.tsx

@@ -1,6 +1,6 @@
 "use client";
 
-import { useCallback, useEffect, useMemo, useState } from "react";
+import { useCallback, useEffect, useState } from "react";
 import Link from "next/link";
 import { useRouter, useSearchParams } from "next/navigation";
 import { zodResolver } from "@hookform/resolvers/zod";
@@ -8,18 +8,22 @@ import { Loader2 } from "lucide-react";
 import { useForm } from "react-hook-form";
 
 import { AuthLoadingSpinner } from "@/components/auth/AuthLoadingSpinner";
-import { SupabaseSetupNotice } from "@/components/auth/SupabaseSetupNotice";
 import { authFormSchema, type AuthFormValues } from "@/components/auth/auth-schemas";
 import { Button } from "@/components/ui/button";
-import { createClient } from "@/lib/supabase";
 import { cn } from "@/lib/utils";
 
 type AuthTab = "sign-in" | "sign-up";
 
+/** Only allow same-origin relative redirects to avoid open-redirect issues. */
+function safeNext(next: string | null): string {
+  if (next && next.startsWith("/") && !next.startsWith("//")) return next;
+  return "/dashboard";
+}
+
 export function AuthPageContent() {
   const router = useRouter();
   const searchParams = useSearchParams();
-  const supabase = useMemo(() => createClient(), []);
+  const nextPath = safeNext(searchParams.get("next"));
 
   const initialTab =
     searchParams.get("tab") === "sign-up" ? "sign-up" : "sign-in";
@@ -27,7 +31,6 @@ export function AuthPageContent() {
   const [activeTab, setActiveTab] = useState<AuthTab>(initialTab);
   const [authLoading, setAuthLoading] = useState(true);
   const [submitting, setSubmitting] = useState(false);
-  const [oauthLoading, setOauthLoading] = useState(false);
   const [formError, setFormError] = useState<string | null>(null);
   const [formMessage, setFormMessage] = useState<string | null>(null);
 
@@ -41,58 +44,30 @@ export function AuthPageContent() {
     defaultValues: { email: "", password: "" },
   });
 
-  const redirectIfAuthenticated = useCallback(async () => {
-    if (!supabase) return false;
-
-    const {
-      data: { session },
-    } = await supabase.auth.getSession();
-
-    if (session) {
-      router.replace("/dashboard");
-      return true;
+  // Redirect away if already authenticated.
+  const checkSession = useCallback(async () => {
+    try {
+      const res = await fetch("/api/auth/me", { cache: "no-store" });
+      const data = await res.json().catch(() => null);
+      if (data?.user) {
+        router.replace(nextPath);
+        return true;
+      }
+    } catch {
+      /* not signed in */
     }
-
     return false;
-  }, [router, supabase]);
+  }, [router, nextPath]);
 
   useEffect(() => {
-    if (!supabase) {
-      setAuthLoading(false);
-      return;
-    }
-
     let mounted = true;
-
-    const init = async () => {
-      const redirected = await redirectIfAuthenticated();
-      if (mounted && !redirected) {
-        setAuthLoading(false);
-      }
-    };
-
-    init();
-
-    const {
-      data: { subscription },
-    } = supabase.auth.onAuthStateChange((_event, session) => {
-      if (session) {
-        router.replace("/dashboard");
-      }
+    checkSession().then((redirected) => {
+      if (mounted && !redirected) setAuthLoading(false);
     });
-
     return () => {
       mounted = false;
-      subscription.unsubscribe();
     };
-  }, [redirectIfAuthenticated, router, supabase]);
-
-  useEffect(() => {
-    const error = searchParams.get("error");
-    if (error === "auth_callback_failed") {
-      setFormError("Authentication failed. Please try again.");
-    }
-  }, [searchParams]);
+  }, [checkSession]);
 
   const handleTabChange = (tab: AuthTab) => {
     setActiveTab(tab);
@@ -102,66 +77,46 @@ export function AuthPageContent() {
   };
 
   const onSubmit = async (values: AuthFormValues) => {
-    if (!supabase) return;
-
     setSubmitting(true);
     setFormError(null);
     setFormMessage(null);
 
-    if (activeTab === "sign-in") {
-      const { error } = await supabase.auth.signInWithPassword({
-        email: values.email,
-        password: values.password,
-      });
+    const endpoint =
+      activeTab === "sign-in" ? "/api/auth/login" : "/api/auth/register";
 
-      if (error) {
-        setFormError(error.message);
+    try {
+      const res = await fetch(endpoint, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ email: values.email, password: values.password }),
+      });
+      const data = await res.json().catch(() => null);
+
+      if (!res.ok) {
+        setFormError(data?.error ?? "Something went wrong. Please try again.");
         setSubmitting(false);
         return;
       }
 
-      router.replace("/dashboard");
-    } else {
-      const { data, error } = await supabase.auth.signUp({
-        email: values.email,
-        password: values.password,
-      });
-
-      if (error) {
-        setFormError(error.message);
-        setSubmitting(false);
-        return;
-      }
-
-      if (data.session) {
-        router.replace("/dashboard");
-      } else {
+      // Registered but not auto-logged-in (verification gate) — prompt sign-in.
+      if (data?.registered && !data?.user) {
         setFormMessage(
-          "Check your email to confirm your account, then sign in."
+          data.verificationRequired
+            ? "Account created. Check your email to verify, then sign in."
+            : "Account created. Please sign in."
         );
         setActiveTab("sign-in");
+        reset();
+        setSubmitting(false);
+        return;
       }
-    }
 
-    setSubmitting(false);
-  };
-
-  const handleGoogleSignIn = async () => {
-    if (!supabase) return;
-
-    setOauthLoading(true);
-    setFormError(null);
-
-    const { error } = await supabase.auth.signInWithOAuth({
-      provider: "google",
-      options: {
-        redirectTo: `${window.location.origin}/auth/callback?next=/dashboard`,
-      },
-    });
-
-    if (error) {
-      setFormError(error.message);
-      setOauthLoading(false);
+      // Logged in — cookies are set; refresh server components and go.
+      router.replace(nextPath);
+      router.refresh();
+    } catch {
+      setFormError("Network error. Please try again.");
+      setSubmitting(false);
     }
   };
 
@@ -173,19 +128,11 @@ export function AuthPageContent() {
     );
   }
 
-  if (!supabase) {
-    return (
-      <SupabaseSetupNotice nextPath={searchParams.get("next")} />
-    );
-  }
-
-  const isBusy = submitting || oauthLoading;
-
   return (
     <div className="mx-auto w-full max-w-md px-4 py-12 sm:py-16">
       <div className="text-center">
         <h1 className="font-heading text-3xl font-bold text-neutral-900">
-          Welcome to CreatorStudio
+          Welcome to FlatRender
         </h1>
         <p className="mt-2 text-sm text-neutral-600">
           {activeTab === "sign-in"
@@ -213,28 +160,6 @@ export function AuthPageContent() {
       </div>
 
       <div className="mt-6 rounded-xl border border-gray-100 bg-white p-6 shadow-sm">
-        <Button
-          type="button"
-          variant="outline"
-          className="w-full"
-          disabled={isBusy}
-          onClick={handleGoogleSignIn}
-        >
-          {oauthLoading ? (
-            <Loader2 className="h-4 w-4 animate-spin" aria-hidden />
-          ) : null}
-          Continue with Google
-        </Button>
-
-        <div className="relative my-6">
-          <div className="absolute inset-0 flex items-center">
-            <span className="w-full border-t border-gray-100" />
-          </div>
-          <p className="relative mx-auto w-fit bg-white px-3 text-xs text-neutral-500">
-            or continue with email
-          </p>
-        </div>
-
         <form onSubmit={handleSubmit(onSubmit)} className="space-y-4" noValidate>
           <div>
             <label
@@ -247,7 +172,7 @@ export function AuthPageContent() {
               id="email"
               type="email"
               autoComplete="email"
-              disabled={isBusy}
+              disabled={submitting}
               className={cn(
                 "mt-1.5 w-full rounded-lg border bg-white px-3 py-2.5 text-sm text-neutral-900 shadow-sm focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-primary-600 focus-visible:ring-offset-2 disabled:opacity-50",
                 errors.email ? "border-red-300" : "border-gray-100"
@@ -272,7 +197,7 @@ export function AuthPageContent() {
               autoComplete={
                 activeTab === "sign-in" ? "current-password" : "new-password"
               }
-              disabled={isBusy}
+              disabled={submitting}
               className={cn(
                 "mt-1.5 w-full rounded-lg border bg-white px-3 py-2.5 text-sm text-neutral-900 shadow-sm focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-primary-600 focus-visible:ring-offset-2 disabled:opacity-50",
                 errors.password ? "border-red-300" : "border-gray-100"
@@ -298,7 +223,7 @@ export function AuthPageContent() {
             </p>
           )}
 
-          <Button type="submit" className="w-full" disabled={isBusy}>
+          <Button type="submit" className="w-full" disabled={submitting}>
             {submitting ? (
               <Loader2 className="h-4 w-4 animate-spin" aria-hidden />
             ) : null}