Documentation
User authentication
NextAuth.js handles email/password plus Google OAuth, with onboarding and middleware-protected dashboards baked in.
Auth providers
Credentials and Google providers are configured in `authOptions`. Email accounts respect verification status before allowing sign-in, and Google logins auto-verify on the first callback.
Relevant files
src/lib/auth.ts— NextAuth config
Pages and middleware
Login/register/forgot/reset screens live under `src/app/(auth)`. `src/middleware.ts` funnels users through onboarding before they can reach `/dashboard/*` routes and keeps auth-only pages hidden once someone is signed in.
Relevant files
src/middleware.ts— Middleware rules
Session data in the UI
Dashboard pages access the server session via `getServerSession`, while client components use `useSession` to show greetings, plan badges, and conditional UI.
Relevant files
src/components/site-header.tsx— Dashboard header example