Monza Motors wraps Supabase Auth in two thin service modules — one for client-side operations (Documentation Index
Fetch the complete documentation index at: https://mintlify.com/Jason-AML/MonzaSport-Nextjs/llms.txt
Use this file to discover all available pages before exploring further.
auth.client.js) and one for server-side session retrieval (auth.server.js). All functions use @supabase/ssr clients that handle cookie-based session management automatically. The client module (auth.client.js) instantiates a single shared createBrowserClient instance at module load time, while the server module (auth.server.js) creates a fresh createServerClient per request so that it can read the latest cookie state from next/headers.
Client-Side Auth Functions
File:src/services/auth/auth.client.js
These functions run in the browser and must only be called from 'use client' components or event handlers. They use the browser Supabase client, which stores the session in a cookie accessible to the @supabase/ssr middleware for automatic token refresh.
signIn(email, password)
Authenticates an existing user with email and password using Supabase’s signInWithPassword method.
The user’s email address. Must match a registered Supabase Auth account.
The user’s password. Passed directly to
supabase.auth.signInWithPassword.data object containing both user (the authenticated user record) and session (access and refresh tokens). The @supabase/ssr client automatically writes the session into the browser cookie so subsequent requests are authenticated.
| Behavior | Detail |
|---|---|
| Returns | { user: User, session: Session } |
| Throws | Error with Supabase’s error.message on wrong password, unverified email, or user-not-found |
signOut()
Signs the current user out by calling supabase.auth.signOut(), which clears the session cookie and invalidates the active token.
| Behavior | Detail |
|---|---|
| Parameters | None |
| Returns | void |
| Throws | Error with Supabase’s error.message if the sign-out request fails |
signOut(), redirect the user to a public route. Any server-side getUser() calls in subsequent requests will return null.
registerService(email, password)
Registers a new user account via Supabase’s signUp method. Unlike signIn and signOut, this function returns the raw Supabase { data, error } object rather than throwing, giving callers fine-grained control over the response.
The new user’s email address. Supabase will send a confirmation email to this address if email verification is enabled.
The new user’s chosen password. A minimum of 6 characters is recommended to satisfy Supabase’s default password policy.
Supabase does not return an error for duplicate email registrations by default. Instead, it returns a
data.user object with an empty identities array (data.user.identities.length === 0). Always check this condition in your registration flow to detect and communicate duplicate accounts to the user.| Behavior | Detail |
|---|---|
| Returns | Raw { data, error } from supabase.auth.signUp |
| Duplicate email | No error thrown — check data.user.identities.length === 0 |
| Network / policy error | Returned in error field, not thrown |
Server-Side Auth Functions
File:src/services/auth/auth.server.js
This module provides session-aware user retrieval for the server environment. It creates a fresh server Supabase client on each call to ensure the latest cookie state is reflected — essential in Next.js 15 where each Server Component render may have a different request context.
getUser()
Returns the currently authenticated Supabase User object by reading the session from the request cookies. Returns null if no valid session exists or if any error occurs.
| Behavior | Detail |
|---|---|
| Parameters | None |
| Returns | User object if authenticated, null if not authenticated or on error |
| Safe to call from | Any Server Component, layout.js, page.js, or route.js |
| Session source | Reads from HTTP cookies via next/headers — no client-side state needed |
Usage in the Root Layout
A common pattern in Monza Motors is to callgetUser() inside the root layout.js and pass the result into AuthProvider as initialUser. This pre-populates the client-side auth context on the first render, avoiding a loading flash or redundant client-side session fetch.
getUser() runs on the server before the page is streamed to the browser, AuthProvider receives the correct user state synchronously. Client components that consume AuthProvider will always have access to the initial user without waiting for an additional round-trip.