Closed
Conversation
There was a problem hiding this comment.
Pull request overview
Adds an end-to-end Cognito/Amplify authentication flow that lets the frontend authenticate with Cognito, resolve an app-specific UserType from the backend database, and protect admin/candidate routes accordingly (Issue #188).
Changes:
- Frontend: configure Amplify Auth, add login/signup/logout screens, cache
UserTypein session storage, and add route guards (RequireAuth/RequireRole) with role-based landing redirects. - Frontend: attach Cognito ID token to API requests and add a
getUserByEmailAPI call to resolve the current user role. - Backend: configure Cognito JWT strategy from env vars, enrich
request.userfrom DB via email claim, and adjust seeds to match new test Cognito users.
Reviewed changes
Copilot reviewed 23 out of 26 changed files in this pull request and generated 11 comments.
Show a summary per file
| File | Description |
|---|---|
| package.json | Adds aws-amplify dependency for frontend auth. |
| example.env | Documents new Vite Cognito env vars. |
| apps/frontend/src/vite-env.d.ts | Types Vite env vars for Cognito + API base URL. |
| apps/frontend/src/main.tsx | Calls configureAmplify() at app startup. |
| apps/frontend/src/containers/login.tsx | New login form + session userType resolution. |
| apps/frontend/src/containers/signup.tsx | New signup form using Amplify Auth. |
| apps/frontend/src/containers/logout.tsx | New logout screen calling Amplify sign-out. |
| apps/frontend/src/components/NavBar/NavBar.tsx | Updates admin dashboard link to real route. |
| apps/frontend/src/auth/session.ts | Adds sessionStorage helpers for caching UserType. |
| apps/frontend/src/auth/current-session-user-type.ts | Fetches Cognito email + backend userType and caches it. |
| apps/frontend/src/auth/cognito.ts | Wraps Amplify Auth primitives (sign-in/up/out, token retrieval). |
| apps/frontend/src/auth/amplify.ts | Centralizes Amplify configuration + env assertions. |
| apps/frontend/src/auth/RoleHomeRedirect.tsx | Redirects / to role-specific landing page. |
| apps/frontend/src/auth/RequireRole.tsx | Route guard enforcing allowed UserTypes. |
| apps/frontend/src/auth/RequireAuth.tsx | Route guard enforcing Cognito authentication. |
| apps/frontend/src/app.tsx | Adds auth routes + protected admin/candidate route trees. |
| apps/frontend/src/api/types.ts | Adds User type used by /users/email/:email response. |
| apps/frontend/src/api/apiClient.ts | Adds auth header interceptor + getUserByEmail(). |
| apps/backend/src/users/users.controller.ts | Adds logging and reads auth header on user lookup. |
| apps/backend/src/seeds/seed.ts | Updates seeded emails + aligns learner/volunteer info with app types. |
| apps/backend/src/interceptors/current-user.interceptor.ts | Enriches request user from DB via JWT email claim. |
| apps/backend/src/auth/jwt.strategy.ts | Validates Cognito JWTs using issuer/audience from env config. |
| apps/backend/src/auth/aws-exports.ts | Reads Cognito config from env vars instead of hardcoding. |
| apps/backend/src/auth/auth.service.ts | Makes AWS credentials optional + clarifies docstrings. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 23 out of 25 changed files in this pull request and generated 7 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
rayyanmridha
requested changes
Apr 4, 2026
apps/backend/src/auth/roles.guard.ts
Outdated
| let resolvedUserType = requestUser.userType; | ||
|
|
||
| if (!resolvedUserType) { | ||
| const databaseUser = await this.usersService.findOne(requestUser.email); |
Collaborator
There was a problem hiding this comment.
Does the database grab the user with the necessary role? Not sure if userType is included everytime a request happens.
… mocking to help tests.
…t secret) and backend app client id (with secret)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
ℹ️ Issue
Closes #188
📝 Description
Added Authentication - created two users in AWS console:
After login, the backend database is queried to get the user which informs the frontend about the userType.
Protected the /Admin routes with the Admin userType
Protected the /Candidate routes with the Candidate userType.
The login for the admin will go to the admin landing page which is the page that shows all of the candidates.
The login for the candidate will go to the candidate view my application page which ... shows nothing because it isn't implemented yet.
Logout by going to /logout and pressing the button
Make sure to drop and recreate the database and reseed it.
✔️ Verification
I went through both user flows with login and verified the users in aws cognito.