feat: added an authprovider component

[Anushreebasics]

fixes #676

Here’s a summary of all the changes made:

Global Authentication Enforcement

• Added an [AuthProvider] component that checks authentication status and redirects unauthenticated users to the sign-in page.
• Integrated [AuthProvider] into the main layout so all protected pages require authentication.

Redundant Code Cleanup

• Removed all redundant [signOut()] calls from files in [app] and [components] that were only used to handle unauthenticated status. Authentication is now handled globally by [AuthProvider].

Consistency and Security

• Ensured no protected page or component is accessible without full authentication.
• The codebase is now cleaner, with authentication logic centralized and no duplicate checks.

[heliocastro]

@Anushreebasics Please mark this review as WIP if ir not ready, but i'm already reviewing and the build is failing

[heliocastro]

@Anushreebasics There are missing headers on the new files, please check the build and then later move this to out of WIP.

Suggestion, ALWAYS run pnpm check and/or setup pre-commit before push a PR

[heliocastro]

Some minr changes, the logic of code is most wanted.
Just wanted to pass properly on the build and check

[Copilot]

Pull request overview

This PR centralizes authentication handling via a new AuthProvider that enforces login at the layout level and removes scattered unauthenticated signOut() checks from individual components. It also does some minor refactoring/formatting and small behavioral tweaks where session handling was simplified.

Changes:

• Introduced src/components/AuthProvider.tsx as a client-side wrapper using useSession/signIn to redirect unauthenticated users and show a spinner while auth state is loading.
• Wrapped the [locale] root layout body content in AuthProvider, ensuring all localized pages behind this layout require authentication.
• Removed many per-component useEffect hooks that previously signed the user out when status === 'unauthenticated', leaving underlying data-fetch logic (mostly getSession-based) intact; also made some small layout/formatting adjustments in a few components.

Reviewed changes

Copilot reviewed 26 out of 26 changed files in this pull request and generated 24 comments.

Show a summary per file

File	Description
src/components/AuthProvider.tsx	New client component that blocks rendering until useSession is authenticated, shows a spinner while loading, and calls signIn with a callback to the current path when unauthenticated.
src/app/[locale]/layout.tsx	Wraps the main container (Navbar, children, Footer) in AuthProvider so all localized pages are now globally protected by centralized auth.
src/components/sw360/FossologyClearing/FossologyClearing.tsx	Removes the local unauthenticated signOut effect and leaves the rest of the Fossology polling/clearing logic unchanged.
src/components/ResourcesUsing/ResourcesUsing.tsx	Deletes the useEffect that signed out on session.status === 'unauthenticated', keeps the useEffect that fetches “used by” resources via useSession().data, and adjusts a guard to early-return instead of signing out if session.data is null.
src/components/ReleaseSummary/ReleaseSummary.tsx	Drops the useEffect that signed out on unauthenticated status; leaves release summary/edit logic intact.
src/components/ComponentVulnerabilities/ChangeStateDialog.tsx	Removes the per-dialog unauthenticated signOut watcher and keeps getSession-based checks and PATCH logic for vulnerability state updates.
src/app/[locale]/vulnerabilities/components/VulnerabilityAccess.tsx	Deletes the unauthenticated signOut effect; the rest of the payload-update form logic for vulnerability access fields is unchanged.
src/app/[locale]/requests/moderationRequest/[id]/components/currentComponent/CurrentComponentDetail.tsx	Removes the local useSession-based unauthenticated sign-out, keeping getSession-guarded fetches for component detail and vulnerabilities/changelogs.
src/app/[locale]/requests/components/ClosedModerationRequest.tsx	Removes the unauthenticated signOut effect; retains useSession-driven fetch of closed moderation requests with signOut still used when session.data is null inside the fetch.
src/app/[locale]/projects/add/page.tsx	Eliminates the status === 'unauthenticated' sign-out effect; leaves getSession-based config fetch and project creation logic as before.
src/app/[locale]/preferences/components/UserAccessToken.tsx	Removes the unauthenticated signOut effect while keeping getSession checks and POST logic for generating access tokens.
src/app/[locale]/preferences/components/TokensTable.tsx	Deletes the unauthenticated signOut effect; preserves useSession-driven fetch and sign-out behavior when session.data is null or responses are unauthorized.
src/app/[locale]/preferences/components/NotificationSettingForm.tsx	Drops the unauthenticated signOut effect but retains getSession checks for reading/updating user notification settings.
src/app/[locale]/ecc/components/ECC.tsx	Removes the redundant unauthenticated signOut watcher; ECC overview still uses useSession for status gating and fetches ECC data with session.data.
src/app/[locale]/components/releases/detail/[id]/components/spdx/SPDXDocumentTab.tsx	Deletes the local unauthenticated signOut effect while keeping getSession-guarded fetch and sign-out on unauthorized for SPDX document data.
src/app/[locale]/components/editRelease/[id]/components/EditSPDXDocument.tsx	Removes the unauthenticated signOut effect, leaving the getSession-based data loading and sign-out-on-unauthorized behavior intact.
src/app/[locale]/components/edit/[id]/components/EditComponent.tsx	Drops the useSession-based unauthenticated signOut effect while preserving getSession-based fetches and sign-outs for component details and attachments.
src/app/[locale]/components/edit/[id]/components/ComponentEditSummary.tsx	Removes the unauthenticated signOut effect; the rest of the summary/edit wiring and getSession usage for server calls remain unchanged.
src/app/[locale]/admin/users/details/[id]/page.tsx	Eliminates the status === 'unauthenticated' sign-out effect, keeping getSession checks and sign-out/notFound behavior when fetching a user by ID.
src/app/[locale]/admin/users/components/EditSecondaryDepartmentsAndRolesModal.tsx	Removes the unauthenticated signOut effect and retains getSession-based fetching and patching of user secondary departments/roles.
src/app/[locale]/admin/licenseTypes/components/DeleteLicenseTypesModal.tsx	Deletes the unauthenticated sign-out effect; still uses getSession for license type usage and delete operations, with sign-out or error messaging on failure.
src/app/[locale]/admin/fossology/components/FossologyOverview.tsx	Drops the redundant unauthenticated sign-out watcher and keeps Fossology config/status fetches guarded with getSession and sign-out on unauthorized.
src/app/[locale]/admin/departments/edit/page.tsx	Removes the useSession-based unauthenticated sign-out, leaving getSession-checked PATCH/GET calls for department members.
src/app/[locale]/admin/departments/components/ViewLogsModal.tsx	Deletes the unauthenticated signOut effect, keeping getSession checks around log file/date retrieval and sign-out when the session is missing.
src/app/[locale]/admin/configurations/components/FrontEndConfigs.tsx	Removes the unauthenticated signOut effect, leaving UI config fetch/update guarded by getSession and sign-out/error handling.
src/app/[locale]/admin/configurations/components/FeatureConfigurations.tsx	Drops the unauthenticated signOut effect; backend configuration fetch/update logic continues to use getSession with sign-out on invalid session.

Comments suppressed due to low confidence (1)

src/app/[locale]/admin/departments/components/ViewLogsModal.tsx:65

• The status value from useSession() is declared but not used in this component; consider removing it and the associated useSession import to avoid unused-variable warnings.

    const { status } = useSession()

    // Removed redundant signOut() call for unauthenticated status

    const fetchLogFiles = useCallback(async () => {
        const session = await getSession()
        if (CommonUtils.isNullOrUndefined(session)) {
            return signOut()
        }
        const response = await ApiUtils.GET('departments/logFiles', session.user.access_token)
        if (response.status !== StatusCodes.OK) {
            return
        }
        const logFiles = (await response.json()) as string[]
        const logFilesDate = Object.values(logFiles).map((logFile) => logFile.replace('.log', ''))
        logFilesDate.sort((a, b) => new Date(b).getTime() - new Date(a).getTime())
        setLogFilesDate(logFilesDate)
        if (logFilesDate.length > 0) {
            setSelectedDate(logFilesDate[0])
        } else {
            setSelectedDate('')
        }
    }, [])

    const fetchLogFileContentBySelectedDate = useCallback(async () => {
        if (CommonUtils.isNullEmptyOrUndefinedString(selectedDate)) {
            return
        }
        const session = await getSession()
        if (CommonUtils.isNullOrUndefined(session)) {
            return signOut()
        }
        const response = await ApiUtils.GET(
            `departments/logFileContent?date=${selectedDate}`,
            session.user.access_token,

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

In this file, status from useSession() and the signOut/useEffect imports are no longer referenced after removing the per-component unauthenticated sign-out logic; consider removing those to prevent unused-symbol warnings.

[Copilot]

status from useSession() is unused after the redundant unauthenticated sign-out logic was removed; please drop this destructuring (and, if applicable, the useSession import) to keep the file lint-clean.

[Anushreebasics]

@heliocastro please review the changes

[deo002]

Please format the code with git diff --name-only | xargs pnpm check::fix

[Anushreebasics]

@deo002 @heliocastro please review the changes

[deo002]

Also, do we really need this @heliocastro @amritkv ? We already have a middleware at src/proxy.ts which checks whether the user is authenticated or not. I understand the part where

    useEffect(() => {
        if (status === 'unauthenticated') {
            signOut()
        }
    }, [
        status,
    ])

is being removed as it's redundant, but not the part where we are adding a higher order component to check whether the user is authenticated or not(again).

The only issue in current code is: Our current middleware setup is excellent for protecting page navigations, but what if an authenticated user was already on the page which requires authentication and leaves for 2 hrs. When he comes back, he is already on the page but the session is expired. He clicks a button which triggers an api call which results in 401 Unauthorized. We can handle this centrally in src/utils/api/api.util.ts fetch logic or it won't be a problem once refresh token functionality is implemented. Thoughts?

[Anushreebasics]

@deo002
We can keep middleware for navigation protection and use AuthProvider for client-side session changes.
We should centralize 401 handling in your API utility for fetches after session expiry and remove redundant signOut() calls from components.

[amritkv]

Hey @Anushreebasics !
Can you please resolve the conflicts ?

[Anushreebasics]

@amritkv done

[Anushreebasics]

@amritkv please review