StudentSuite · yakew7 · Jun 28, 2026 · Jun 28, 2026 · Jun 28, 2026 · Jun 28, 2026
diff --git a/.env.example b/.env.example
@@ -1,5 +1,10 @@
-# No environment variables are required to run StudyMap locally.
-# npm run dev works out of the box with no .env.local file.
+# ---------------------------------------------------------------------------
+# Supabase (required for auth — sign in / sign up / Google OAuth)
+# Get these from: Supabase dashboard > Settings > API
+# ---------------------------------------------------------------------------
+
+NEXT_PUBLIC_SUPABASE_URL=https://your-project-ref.supabase.co
+NEXT_PUBLIC_SUPABASE_ANON_KEY=your-anon-public-key
 
 # ---------------------------------------------------------------------------
 # Analytics (optional)

diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,8 +1,8 @@
 blank_issues_enabled: false
 contact_links:
   - name: General question or feedback
-    url: mailto:dhawansanay@gmail.com
+    url: mailto:studentsuite0@gmail.com
     about: Questions and general feedback — from CONTRIBUTING.md.
   - name: Security vulnerability
-    url: mailto:dhawansanay@gmail.com
+    url: mailto:studentsuite0@gmail.com
     about: Report security issues privately — do not open a public issue.
diff --git a/README.md b/README.md
@@ -2,7 +2,7 @@
 
 A crowdsourced map of student-important places across the Mumbai Metropolitan Region (Mumbai, Thane, Navi Mumbai). Open source, zero setup, free forever.
 
-**Live:** [study-map-psi.vercel.app](https://study-map-psi.vercel.app)  
+**Live:** [studymapp.vercel.app](https://studymapp.vercel.app)  
 
 ---
 

diff --git a/middleware.ts b/middleware.ts
@@ -0,0 +1,66 @@
+import { createServerClient } from "@supabase/ssr";
+import { NextResponse, type NextRequest } from "next/server";
+
+export async function middleware(request: NextRequest) {
+  let supabaseResponse = NextResponse.next({ request });
+
+  const supabase = createServerClient(
+    process.env.NEXT_PUBLIC_SUPABASE_URL!,
+    process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,
+    {
+      cookies: {
+        getAll() {
+          return request.cookies.getAll();
+        },
+        setAll(cookiesToSet) {
+          cookiesToSet.forEach(({ name, value }) =>
+            request.cookies.set(name, value),
+          );
+          supabaseResponse = NextResponse.next({ request });
+          cookiesToSet.forEach(({ name, value, options }) =>
+            supabaseResponse.cookies.set(name, value, options),
+          );
+        },
+      },
+    },
+  );
+
+  // Refresh session — must not run any code between createServerClient and getUser
+  const {
+    data: { user },
+  } = await supabase.auth.getUser();
+
+  const { pathname } = request.nextUrl;
+
+  // Public paths that never require auth
+  const isPublicPath =
+    pathname.startsWith("/login") || pathname.startsWith("/auth");
+
+  if (isPublicPath) {
+    // Already logged in — send them to the map instead of showing login again
+    if (user && pathname === "/login") {
+      return NextResponse.redirect(new URL("/map", request.url));
+    }
+    return supabaseResponse;
+  }
+
+  // Everything else requires a session
+  if (!user) {
+    const loginUrl = new URL("/login", request.url);
+    return NextResponse.redirect(loginUrl);
+  }
+
+  return supabaseResponse;
+}
+
+export const config = {
+  matcher: [
+    /*
+     * Match all paths except:
+     * - _next/static  (static files)
+     * - _next/image   (image optimisation)
+     * - favicon, icons, brand, logo assets, manifest
+     */
+    "/((?!_next/static|_next/image|favicon|icons|brand|logo|manifest).*)",
+  ],
+};
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -11,6 +11,8 @@
   },
   "dependencies": {
     "@base-ui/react": "^1.5.0",
+    "@supabase/ssr": "^0.12.0",
+    "@supabase/supabase-js": "^2.108.2",
     "class-variance-authority": "^0.7.1",
     "clsx": "^2.1.1",
     "leaflet": "^1.9.4",

diff --git a/src/app/auth/callback/route.ts b/src/app/auth/callback/route.ts
@@ -0,0 +1,36 @@
+import { createServerClient } from "@supabase/ssr";
+import { cookies } from "next/headers";
+import { NextResponse } from "next/server";
+
+export async function GET(request: Request) {
+  const { searchParams, origin } = new URL(request.url);
+  const code = searchParams.get("code");
+  const next = searchParams.get("next") ?? "/map";
+
+  if (code) {
+    const cookieStore = await cookies();
+    const supabase = createServerClient(
+      process.env.NEXT_PUBLIC_SUPABASE_URL!,
+      process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,
+      {
+        cookies: {
+          getAll() {
+            return cookieStore.getAll();
+          },
+          setAll(cookiesToSet) {
+            cookiesToSet.forEach(({ name, value, options }) =>
+              cookieStore.set(name, value, options),
+            );
+          },
+        },
+      },
+    );
+
+    const { error } = await supabase.auth.exchangeCodeForSession(code);
+    if (!error) {
+      return NextResponse.redirect(`${origin}${next}`);
+    }
+  }
+
+  return NextResponse.redirect(`${origin}/login?error=auth_error`);
+}
-Original file line number
+Diff line change
@@ Expand Up / @@ -2,7 +2,7 @@ @@
     A crowdsourced map of student-important places across the Mumbai Metropolitan Region (Mumbai, Thane, Navi Mumbai). Open source, zero setup, free forever.
-    **Live:** [study-map-psi.vercel.app](https://study-map-psi.vercel.app)
+    **Live:** [studymapp.vercel.app](https://studymapp.vercel.app)
     ---
@@ Expand Down @@