Revert "Revert "feat: Add OAuth providers (Google, Apple, Facebook) and email verification""

[marcodejongh]

Reverts #519

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
boardsesh	Ready	Preview, Comment	Jan 2, 2026 1:09am

[claude]

Claude Review

✅ Ready to merge - Minor issues noted below, but nothing blocking.

Issues

1. In-memory rate limiting is ineffective in serverless (packages/web/app/lib/auth/rate-limiter.ts:1-18)

   • The code documents this limitation but it renders rate limiting largely ineffective on Vercel. Consider upgrading to Vercel KV or Upstash Redis before deploying auth to production.

2. Missing tests for critical auth flows

   • No tests for email-service.ts, verify-email/route.ts, resend-verification/route.ts, or register/route.ts
   • The rate-limiter tests are good, but the email verification and registration flows need coverage for edge cases (expired tokens, duplicate emails, email sending failures).

3. Style props instead of CSS (packages/web/app/components/auth/social-login-buttons.tsx:105,118-126)

   • Per project guidelines: "Try to avoid use of the style property". The inline styles for button styling should use CSS or Ant Design component props.

4. Timing attack protection may not work as expected (packages/web/app/api/auth/resend-verification/route.ts:22-28)

   • The 2.5s delay adds latency for legitimate users. Since the endpoint returns the same message regardless of user existence, the timing protection may be unnecessary.

Documentation

• New docs/oauth-setup.md is well-documented and covers the new OAuth/email verification features appropriately.