{"id":50695763,"url":"https://github.com/hngprojects/vuln-watch-fe","last_synced_at":"2026-06-09T06:08:40.766Z","repository":{"id":356891346,"uuid":"1234465243","full_name":"hngprojects/vuln-watch-fe","owner":"hngprojects","description":null,"archived":false,"fork":false,"pushed_at":"2026-05-10T09:41:27.000Z","size":170,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"dev","last_synced_at":"2026-05-10T10:34:40.931Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hngprojects.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2026-05-10T08:06:37.000Z","updated_at":"2026-05-10T09:38:48.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/hngprojects/vuln-watch-fe","commit_stats":null,"previous_names":["hngprojects/vuln-watch-fe"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/hngprojects/vuln-watch-fe","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hngprojects%2Fvuln-watch-fe","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hngprojects%2Fvuln-watch-fe/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hngprojects%2Fvuln-watch-fe/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hngprojects%2Fvuln-watch-fe/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hngprojects","download_url":"https://codeload.github.com/hngprojects/vuln-watch-fe/tar.gz/refs/heads/dev","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hngprojects%2Fvuln-watch-fe/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34093841,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-09T02:00:06.510Z","response_time":63,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-06-09T06:08:39.979Z","updated_at":"2026-06-09T06:08:40.759Z","avatar_url":"https://github.com/hngprojects.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# VulnWatch FE\n\nVulnWatch AI — Enterprise vulnerability intelligence platform. Built with Next.js 16, React 19, TypeScript, and Tailwind v4.\n\n## Stack\n\n- **Next.js 16** App Router with Turbopack\n- **React 19**, **TypeScript** (strict)\n- **Tailwind v4** with shadcn `radix-maia` style\n- **Zustand** for client state management\n- **React Query (@tanstack/react-query)** for server state\n- **Zod** for form and env validation\n- **@react-oauth/google** for Google OAuth\n- **Sonner** for toast notifications\n\n## Getting Started\n\n```bash\npnpm install\ncp .env.example .env.local   # fill in values\npnpm dev\n```\n\nOpen \u003chttp://localhost:3000\u003e.\n\n## Scripts\n\n| Command          | What it does                     |\n| ---------------- | -------------------------------- |\n| `pnpm dev`       | Dev server (Turbopack)           |\n| `pnpm build`     | Production build                 |\n| `pnpm start`     | Run the production build         |\n| `pnpm lint`      | ESLint                           |\n| `pnpm typecheck` | `tsc --noEmit`                   |\n\n## Environment Variables\n\nCreate a `.env.local` file in the root with the following:\n\n| Variable                        | Description                                      |\n| ------------------------------- | ------------------------------------------------ |\n| `NEXT_PUBLIC_API_URL`           | Backend staging API base URL                     |\n| `NEXT_PUBLIC_GOOGLE_CLIENT_ID`  | Google OAuth Client ID                           |\n| `BASE_URL`                      | Server-side backend base URL (with `/api` path)  |\n| `AUTH_SECRET`                   | Secret for NextAuth session signing              |\n\nExample `.env.local`:\n```env\nNEXT_PUBLIC_API_URL=https://api.staging.vuln-watch.hng14.com\nNEXT_PUBLIC_GOOGLE_CLIENT_ID=your-google-client-id.apps.googleusercontent.com\nBASE_URL=https://api.staging.vuln-watch.hng14.com/api\nAUTH_SECRET=your-secret-key\n```\n\n## Authentication\n\n- **Email/Password**: Login, Register, and Forgot Password forms are implemented and connected to the backend API via server-side proxy routes to avoid CORS issues.\n- **Google OAuth**: Implemented using `GoogleLogin` from `@react-oauth/google`. The Google ID token is sent to the backend at `POST /api/auth/google` via the internal Next.js route `/api/social/google`.\n\n## API Proxy Routes\n\nTo bypass CORS during development and production, all auth API calls are routed through Next.js server-side API routes:\n\n| Frontend Route              | Proxies To                          |\n| --------------------------- | ----------------------------------- |\n| `POST /api/proxy/login`     | `POST /api/auth/login` (backend)    |\n| `POST /api/proxy/register`  | `POST /api/auth/register` (backend) |\n| `POST /api/proxy/forgot-password` | `POST /api/auth/forgot-password` (backend) |\n| `POST /api/social/google`   | `POST /api/auth/google` (backend)   |\n\n## Project Structure\n\n```\nsrc/\n├── app/                        # App Router routes \u0026 pages\n│   ├── (main)/\n│   │   ├── (landing-routes)/   # Landing page\n│   │   └── (auth-routes)/      # Login, Register, Forgot Password\n│   └── api/\n│       ├── proxy/              # CORS proxy routes for auth\n│       └── social/google/      # Google OAuth proxy route\n├── components/\n│   ├── auth/                   # Auth form components\n│   └── ui/                     # shadcn UI components\n├── features/\n│   └── landing/                # Landing page sections (Hero, FAQs, Testimonials, etc.)\n├── schemas/                    # Zod validation schemas\n├── services/                   # API service layer\n├── types/                      # TypeScript type definitions\n└── config/                     # Environment config\n```\n\n## Links\n\n- **Staging:** https://staging.vuln-watch.hng14.com\n- **Production:** https://vuln-watch.hng14.com\n- **API Docs:** https://api.staging.vuln-watch.hng14.com/docs\n\n\nNext.js 16 + React 19 + Tailwind v4 + shadcn (radix-maia). Validated env, typed proxy, and the standard set of route conventions wired up.\n\n## Stack\n\n- **Next.js 16** App Router (`proxy.ts`, `forbidden.tsx`, `unauthorized.tsx`)\n- **React 19**, **TypeScript** (strict)\n- **Tailwind v4** with shadcn `radix-maia` style\n- **`@t3-oss/env-nextjs`** + **Zod 4** for build-time env validation\n\n## Getting started\n\n```bash\npnpm install\ncp .env.example .env.local   # fill in values\npnpm dev\n```\n\nOpen \u003chttp://localhost:3000\u003e.\n\n## Scripts\n\n| Command            | What it does                              |\n| ------------------ | ----------------------------------------- |\n| `pnpm dev`         | Dev server                                |\n| `pnpm build`       | Production build (validates env)          |\n| `pnpm start`       | Run the production build                  |\n| `pnpm lint`        | ESLint                                    |\n| `pnpm typecheck`   | `tsc --noEmit`                            |\n\n## Environment variables\n\nSchemas live in [`src/env/`](./src/env), split by side:\n\n- [`src/env/server.ts`](./src/env/server.ts) — server-only vars. t3-env throws at runtime if a client component reads it.\n- [`src/env/client.ts`](./src/env/client.ts) — `NEXT_PUBLIC_*` vars, safe everywhere.\n\nBoth are imported in [`next.config.ts`](./next.config.ts) so the build fails on any malformed value. Set `SKIP_ENV_VALIDATION=1` to bypass (Docker, lint-only CI).\n\n| Var                     | Side    | Required | Notes                                          |\n| ----------------------- | ------- | -------- | ---------------------------------------------- |\n| `NODE_ENV`              | server  | auto     | `development` / `test` / `production`          |\n| `API_BASE_URL`          | server  | optional | Upstream API for server-side `fetch`           |\n| `API_SECRET`            | server  | optional | Bearer token forwarded server-side             |\n| `NEXT_PUBLIC_APP_URL`   | client  | optional | Defaults to `http://localhost:3000`            |\n| `NEXT_PUBLIC_APP_NAME`  | client  | optional | Defaults to `Next Starter`                     |\n\nUse it like:\n\n```ts\n// Server code (route handlers, Server Components, Server Actions)\nimport { env } from \"@/env/server\";\n\nawait fetch(`${env.API_BASE_URL}/users`, {\n  headers: { Authorization: `Bearer ${env.API_SECRET}` },\n});\n\n// Client code or shared metadata\nimport { env } from \"@/env/client\";\n\nconsole.log(env.NEXT_PUBLIC_APP_URL);\n```\n\n## Proxy (`src/proxy.ts`)\n\nReplaces the legacy `middleware.ts` (Next.js 16 renamed it). It runs before the cache and:\n\n- Generates an `x-request-id` and forwards it to the request headers + response\n- Sets baseline security headers (`X-Frame-Options`, `X-Content-Type-Options`, `Referrer-Policy`, `Permissions-Policy`)\n- Skips static assets via the matcher\n\nAdd auth gating, rewrites, or redirects there as needed. Note: `runtime` config is **not** allowed in `proxy.ts` — it always runs on Node.js.\n\n## Route conventions wired up\n\n| File                              | Purpose                                  |\n| --------------------------------- | ---------------------------------------- |\n| `src/app/loading.tsx`             | Root suspense fallback                   |\n| `src/app/error.tsx`               | Client error boundary (`unstable_retry`) |\n| `src/app/not-found.tsx`           | 404 page                                 |\n| `src/app/forbidden.tsx`           | 403 page (calls `forbidden()`)           |\n| `src/app/unauthorized.tsx`        | 401 page (calls `unauthorized()`)        |\n| `src/app/robots.ts`               | `/robots.txt`                            |\n| `src/app/sitemap.ts`              | `/sitemap.xml`                           |\n| `src/app/api/health/route.ts`     | Liveness probe at `GET /api/health`      |\n\n`forbidden.tsx` and `unauthorized.tsx` require `experimental.authInterrupts: true`, already enabled in [`next.config.ts`](./next.config.ts).\n\n## Project layout\n\n```\nsrc/\n├── app/                # App Router routes \u0026 file conventions\n│   └── api/health/     # Liveness probe\n├── components/ui/      # shadcn components (added via `pnpm dlx shadcn@latest add ...`)\n├── lib/utils.ts        # cn() helper\n├── env/\n│   ├── server.ts       # Server-only env schema\n│   └── client.ts       # NEXT_PUBLIC_* env schema\n└── proxy.ts            # Next.js 16 proxy (formerly middleware)\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhngprojects%2Fvuln-watch-fe","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhngprojects%2Fvuln-watch-fe","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhngprojects%2Fvuln-watch-fe/lists"}