Secure Access

Welcome Back

Demo login: admin@noemail.com / admin123

If demo login is blocked in this environment, create an account and confirm your email from the inbox, then sign in.

New to IB Scheduling? Create an account

Back to home

System Architecture

Explore how we handle high-concurrency booking using Go goroutines and Postgres row-level locking.

App architecture Deployment architecture

Auth & session (this step)

What happens when you sign in: Supabase sessions, Next middleware, and why the Go API trusts your Bearer token.

This app uses @supabase/supabase-js with the anon key in the browser only. Email/password (and sign-up with email confirmation) talk to Supabase Auth — not to the Go API.

signInWithPassword / signUp set a session; cookies are maintained for SSR via @supabase/ssr.
Go never receives the anon key. Protected API calls send only the user’s access_token as Bearer.

TypeScript / Next

apps/web/src/lib/supabase/client.ts — createClientBrowser Supabase client (anon key).
apps/web/src/app/login/page.tsxsignInWithPassword after the user has an account.
apps/web/src/app/signup/page.tsxsignUp with emailRedirectTo → /auth/callback?next=…

Welcome Back

System Architecture

AuthSupabase Auth in the browser

Next.jsMiddleware: session refresh + /book gate

AuthPKCE / email link: /auth/callback

Go APIWhat Go validates on each protected request

Welcome Back