"use client" import Link from "next/link" import { useRouter, useSearchParams } from "next/navigation" import { type FormEvent, useMemo, useState } from "react" import { AdminLocaleSwitcher } from "@/components/admin-locale-switcher" import { useAdminT } from "@/providers/admin-i18n-provider" type LoginFormProps = { mode: "signin" | "signup-owner" | "signup-user" | "signup-disabled" } type AuthResponse = { user?: { role?: string } message?: string } function persistRoleCookie(role: unknown) { if (typeof role !== "string") { return } // biome-ignore lint/suspicious/noDocumentCookie: Temporary fallback for middleware role resolution. document.cookie = `cms_role=${encodeURIComponent(role)}; Path=/; SameSite=Lax` } export function LoginForm({ mode }: LoginFormProps) { const router = useRouter() const searchParams = useSearchParams() const t = useAdminT() const nextPath = useMemo(() => searchParams.get("next") || "/", [searchParams]) const [name, setName] = useState("Admin User") const [username, setUsername] = useState("") const [email, setEmail] = useState("") const [password, setPassword] = useState("") const [isBusy, setIsBusy] = useState(false) const [error, setError] = useState(null) const [success, setSuccess] = useState(null) const canSubmitSignUp = mode === "signup-owner" || mode === "signup-user" async function handleSignIn(event: FormEvent) { event.preventDefault() setIsBusy(true) setError(null) setSuccess(null) try { const response = await fetch("/api/auth/sign-in/email", { method: "POST", headers: { "content-type": "application/json", }, body: JSON.stringify({ identifier: email, password, callbackURL: nextPath, }), }) const payload = (await response.json().catch(() => null)) as AuthResponse | null if (!response.ok) { setError(payload?.message ?? t("auth.errors.signInFailed", "Sign in failed")) return } persistRoleCookie(payload?.user?.role) router.push(nextPath) router.refresh() } catch { setError(t("auth.errors.networkSignIn", "Network error while signing in")) } finally { setIsBusy(false) } } async function handleSignUp(event: FormEvent) { event.preventDefault() if (!name.trim()) { setError(t("auth.errors.nameRequired", "Name is required for account creation")) return } setIsBusy(true) setError(null) setSuccess(null) try { const response = await fetch("/api/auth/sign-up/email", { method: "POST", headers: { "content-type": "application/json", }, body: JSON.stringify({ name, username, email, password, callbackURL: nextPath, }), }) const payload = (await response.json().catch(() => null)) as AuthResponse | null if (!response.ok) { setError(payload?.message ?? t("auth.errors.signUpFailed", "Sign up failed")) return } persistRoleCookie(payload?.user?.role) setSuccess( mode === "signup-owner" ? t("auth.messages.ownerCreated", "Owner account created. Registration is now disabled.") : t("auth.messages.accountCreated", "Account created."), ) router.push(nextPath) router.refresh() } catch { setError(t("auth.errors.networkSignUp", "Network error while signing up")) } finally { setIsBusy(false) } } return (

{t("auth.badge", "Admin Auth")}

{mode === "signin" ? t("auth.titles.signIn", "Sign in to CMS Admin") : mode === "signup-owner" ? t("auth.titles.signUpOwner", "Welcome to CMS Admin") : mode === "signup-user" ? t("auth.titles.signUpUser", "Create an admin account") : t("auth.titles.signUpDisabled", "Registration is disabled")}

{mode === "signin" ? t("auth.descriptions.signIn", "Better Auth is active on this app via /api/auth.") : mode === "signup-owner" ? t( "auth.descriptions.signUpOwner", "Create the first owner account to initialize this admin instance.", ) : mode === "signup-user" ? t("auth.descriptions.signUpUser", "Self-registration is enabled for admin users.") : t( "auth.descriptions.signUpDisabled", "Self-registration is currently turned off by an administrator.", )}

{mode === "signin" ? (

{t("auth.fields.emailOrUsername", "Email or username")} setEmail(event.target.value)} className="w-full rounded-md border border-neutral-300 px-3 py-2 text-sm" />

{t("auth.fields.password", "Password")} setPassword(event.target.value)} className="w-full rounded-md border border-neutral-300 px-3 py-2 text-sm" />

{t("auth.links.needAccount", "Need an account?")}{" "} {t("auth.links.register", "Register")}

{error ?

{error}

: null}

) : canSubmitSignUp ? (

{t("auth.fields.name", "Name")} setName(event.target.value)} className="w-full rounded-md border border-neutral-300 px-3 py-2 text-sm" />

{t("auth.fields.email", "Email")} setEmail(event.target.value)} className="w-full rounded-md border border-neutral-300 px-3 py-2 text-sm" />

{t("auth.fields.username", "Username (optional)")} setUsername(event.target.value)} className="w-full rounded-md border border-neutral-300 px-3 py-2 text-sm" />

{t("auth.fields.password", "Password")} setPassword(event.target.value)} className="w-full rounded-md border border-neutral-300 px-3 py-2 text-sm" />

{t("auth.links.alreadyHaveAccount", "Already have an account?")}{" "} {t("auth.links.goToSignIn", "Go to sign in")}

{error ?

{error}

: null} {success ?

{success}

: null}

) : (

{t( "auth.messages.registrationDisabled", "Registration is disabled for this admin instance. Ask an administrator to create an account or enable self-registration.", )}

{t("auth.links.goToSignIn", "Go to sign in")}

)}

) }