Added identity and access features

[spietras]

No description provided.

[Copilot]

Pull request overview

This PR extends the template with optional identity and access features, adding identity-aware ORPC procedures/middleware, UI helpers for access control, and the Next.js auth interrupts plumbing needed to render forbidden states.

Changes:

• Adds identity ORPC procedure(s) (identity.getUser) plus identity/access middleware (userMiddleware, authenticatedMiddleware) and supporting server helpers (getIdentity, getUser).
• Introduces access-control UI utilities (server <Authenticated> wrapper, client useAuthenticated, forbidden page/widget) and enables Next experimental authInterrupts.
• Refactors layout building blocks by introducing PageLayout/SafePageLayout and adjusting existing MainLayout/SafeMainLayout usage.

Reviewed changes

Copilot reviewed 89 out of 89 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
tests/test_lint.py	Adds identity/access flags to copier test input for linting.
tests/test_docs.py	Adds identity/access flags to copier test input for docs build.
src/src/server/orpc/vars/procedures/vars/test/vars/validate/main.ts.jinja	Conditionally applies authentication middleware to a test procedure.
src/src/server/orpc/vars/procedures/vars/{% if identity %}identity{% endif %}/vars/get-user/main.ts	Adds server ORPC identity.getUser implementation.
src/src/server/orpc/vars/procedures/vars/{% if identity %}identity{% endif %}/vars/get-user/index.ts	Re-exports identity.getUser procedure.
src/src/server/orpc/vars/procedures/vars/{% if identity %}identity{% endif %}/main.ts	Adds server ORPC identity procedure namespace.
src/src/server/orpc/vars/procedures/vars/{% if identity %}identity{% endif %}/index.ts	Re-exports server ORPC identity namespace.
src/src/server/orpc/vars/procedures/main.ts.jinja	Conditionally wires identity procedures into the server router.
src/src/server/orpc/vars/middleware/{% if identity and access %}authenticated{% endif %}/utils.ts	Adds executed-check helper for authenticated middleware.
src/src/server/orpc/vars/middleware/{% if identity and access %}authenticated{% endif %}/types.ts	Defines authenticated middleware output context type.
src/src/server/orpc/vars/middleware/{% if identity and access %}authenticated{% endif %}/main.ts	Implements authenticated middleware (throws FORBIDDEN when unauthenticated).
src/src/server/orpc/vars/middleware/{% if identity and access %}authenticated{% endif %}/index.ts	Exports authenticated middleware (server-only).
src/src/server/orpc/vars/middleware/{% if identity %}user{% endif %}/utils.ts	Adds executed-check helper for user middleware.
src/src/server/orpc/vars/middleware/{% if identity %}user{% endif %}/types.ts	Defines user middleware output context type.
src/src/server/orpc/vars/middleware/{% if identity %}user{% endif %}/main.ts	Implements user resolution middleware (header + debug fallback).
src/src/server/orpc/vars/middleware/{% if identity %}user{% endif %}/index.ts	Exports user middleware (server-only).
src/src/server/config/schemas.ts.jinja	Adds identity config schema (debug user config) when enabled.
src/src/server/{% if identity and access %}access{% endif %}/components/authenticated/types.ts	Defines props type for server <Authenticated> wrapper.
src/src/server/{% if identity and access %}access{% endif %}/components/authenticated/main.tsx	Adds server <Authenticated> component using forbidden() interrupt.
src/src/server/{% if identity and access %}access{% endif %}/components/authenticated/index.ts	Exports <Authenticated> component (server-only).
src/src/server/{% if identity and access %}access{% endif %}/components/authenticated/components/reactive-authenticated/types.ts	Defines props type for client reactive wrapper.
src/src/server/{% if identity and access %}access{% endif %}/components/authenticated/components/reactive-authenticated/main.tsx	Adds client reactive wrapper that enforces auth on the client.
src/src/server/{% if identity and access %}access{% endif %}/components/authenticated/components/reactive-authenticated/index.ts	Exports ReactiveAuthenticated.
src/src/server/{% if identity %}identity{% endif %}/lib/get-user/types.ts	Adds server helper types for resolving a user from headers.
src/src/server/{% if identity %}identity{% endif %}/lib/get-user/schemas.ts	Adds zod schema helpers for header parsing.
src/src/server/{% if identity %}identity{% endif %}/lib/get-user/main.ts	Implements server getUser (reads X-User-ID).
src/src/server/{% if identity %}identity{% endif %}/lib/get-user/index.ts	Exports server getUser helper (server-only).
src/src/server/{% if identity %}identity{% endif %}/lib/get-identity/types.ts	Adds server identity aggregation types.
src/src/server/{% if identity %}identity{% endif %}/lib/get-identity/main.ts	Implements server getIdentity via server-side ORPC query.
src/src/server/{% if identity %}identity{% endif %}/lib/get-identity/index.ts	Exports server getIdentity helper (server-only).
src/src/isomorphic/{% if identity and access %}access{% endif %}/hooks/use-authenticated/types.ts	Defines client auth hook input/output types.
src/src/isomorphic/{% if identity and access %}access{% endif %}/hooks/use-authenticated/main.ts	Adds client useAuthenticated hook using forbidden().
src/src/isomorphic/{% if identity and access %}access{% endif %}/hooks/use-authenticated/index.ts	Exports useAuthenticated (client-only).
src/src/isomorphic/{% if identity and access %}access{% endif %}/components/forbidden-widget/types.ts	Defines forbidden widget props type.
src/src/isomorphic/{% if identity and access %}access{% endif %}/components/forbidden-widget/main.tsx	Adds localized forbidden widget UI.
src/src/isomorphic/{% if identity and access %}access{% endif %}/components/forbidden-widget/index.ts	Exports forbidden widget.
src/src/isomorphic/{% if identity %}identity{% endif %}/hooks/use-identity/types.ts	Defines identity hook types.
src/src/isomorphic/{% if identity %}identity{% endif %}/hooks/use-identity/main.ts	Adds useIdentity hook over a Valtio-based context.
src/src/isomorphic/{% if identity %}identity{% endif %}/hooks/use-identity/index.ts	Exports useIdentity (client-only).
src/src/isomorphic/{% if identity %}identity{% endif %}/contexts/identity/types.ts	Defines identity context shape.
src/src/isomorphic/{% if identity %}identity{% endif %}/contexts/identity/main.ts	Creates identity React context.
src/src/isomorphic/{% if identity %}identity{% endif %}/contexts/identity/index.ts	Exports identity context (client-only).
src/src/isomorphic/{% if identity %}identity{% endif %}/components/identity-widget/types.ts	Defines identity widget props type.
src/src/isomorphic/{% if identity %}identity{% endif %}/components/identity-widget/main.tsx	Adds identity widget UI (shows current user id).
src/src/isomorphic/{% if identity %}identity{% endif %}/components/identity-widget/index.ts	Exports identity widget.
src/src/isomorphic/{% if identity %}identity{% endif %}/components/identity-provider/utils.ts	Adds Valtio proxy initializer for identity context state.
src/src/isomorphic/{% if identity %}identity{% endif %}/components/identity-provider/types.ts	Defines identity provider props type.
src/src/isomorphic/{% if identity %}identity{% endif %}/components/identity-provider/main.tsx	Adds identity provider wiring + synchronizer mount.
src/src/isomorphic/{% if identity %}identity{% endif %}/components/identity-provider/index.ts	Exports identity provider.
src/src/isomorphic/{% if identity %}identity{% endif %}/components/identity-provider/components/user-synchronizer/types.ts	Defines user synchronizer props type.
src/src/isomorphic/{% if identity %}identity{% endif %}/components/identity-provider/components/user-synchronizer/main.tsx	Adds client-side query-based identity synchronization.
src/src/isomorphic/{% if identity %}identity{% endif %}/components/identity-provider/components/user-synchronizer/index.ts	Exports user synchronizer.
src/src/common/orpc/vars/procedures/vars/{% if identity %}identity{% endif %}/vars/get-user/schemas.ts	Adds ORPC contract schema for identity.getUser.
src/src/common/orpc/vars/procedures/vars/{% if identity %}identity{% endif %}/vars/get-user/main.ts	Adds ORPC contract definition for identity.getUser.
src/src/common/orpc/vars/procedures/vars/{% if identity %}identity{% endif %}/vars/get-user/index.ts	Re-exports contract identity.getUser.
src/src/common/orpc/vars/procedures/vars/{% if identity %}identity{% endif %}/main.ts	Adds contract identity procedure namespace.
src/src/common/orpc/vars/procedures/vars/{% if identity %}identity{% endif %}/index.ts	Re-exports contract identity namespace.
src/src/common/orpc/vars/procedures/main.ts.jinja	Conditionally wires identity into contract procedures export.
src/src/common/orpc/vars/bases/root/main.ts.jinja	Adds FORBIDDEN error to ORPC contract root when identity+access enabled.
src/src/common/localization/locales/pl.po.jinja	Adds forbidden/auth strings and adjusts references conditionally.
src/src/common/localization/locales/en.po.jinja	Adds forbidden/auth strings and adjusts references conditionally.
src/src/common/core/components/generic/safe-page-layout/types.ts	Adds SafePageLayout prop types.
src/src/common/core/components/generic/safe-page-layout/styles.module.css	Adds SafePageLayout base sizing styles.
src/src/common/core/components/generic/safe-page-layout/main.tsx	Adds SafePageLayout wrapper component.
src/src/common/core/components/generic/safe-page-layout/index.ts	Exports SafePageLayout.
src/src/common/core/components/generic/safe-main-layout/styles.module.css	Refactors SafeMainLayout styles to single container class.
src/src/common/core/components/generic/safe-main-layout/main.tsx	Refactors SafeMainLayout structure to single wrapper.
src/src/common/core/components/generic/page-layout/types.ts	Adds PageLayout prop types.
src/src/common/core/components/generic/page-layout/styles.module.css	Adds PageLayout background + sizing styles.
src/src/common/core/components/generic/page-layout/main.tsx	Adds PageLayout wrapper and centralizes Notifications.
src/src/common/core/components/generic/page-layout/index.ts	Exports PageLayout.
src/src/common/core/components/generic/main-layout/styles.module.css	Refactors MainLayout styles to single container class.
src/src/common/core/components/generic/main-layout/main.tsx	Refactors MainLayout and removes embedded Notifications.
src/src/common/{% if identity and access %}access{% endif %}/lib/is-authenticated/main.ts	Adds shared isAuthenticated type guard.
src/src/common/{% if identity and access %}access{% endif %}/lib/is-authenticated/index.ts	Exports isAuthenticated.
src/src/common/{% if identity %}identity{% endif %}/types.ts	Adds shared identity User type.
src/src/common/{% if identity %}identity{% endif %}/schemas.ts	Adds shared identity zod schemas.
src/src/app/types.ts	Adds app-level types for forbidden/unauthorized utilities and views.
src/src/app/global-error.view.tsx	Wraps GlobalErrorView in SafePageLayout + SafeMainLayout.
src/src/app/(root)/layout.view.tsx.jinja	Introduces RootLayoutView with PageLayout and optional IdentityWidget.
src/src/app/(root)/layout.view.tsx	Removes old RootLayoutView implementation.
src/src/app/(root)/layout.tsx.jinja	Wires IdentityProvider + getIdentity into the root layout when enabled.
src/src/app/(root)/{% if identity and access %}forbidden.view.tsx{% endif %}	Adds forbidden view for auth interrupts.
src/src/app/(root)/{% if identity and access %}forbidden.tsx{% endif %}.jinja	Adds forbidden route component + metadata when enabled.
src/src/app/(root)/(main)/(home)/page.tsx.jinja	Wraps home page with <Authenticated> when identity+access enabled.
src/next.config.ts	Enables experimental authInterrupts.
src/docker-compose.yaml.jinja	Adds identity debug user env var wiring.
src/{% if docs %}docs{% endif %}/docs/02-Configuration.md.jinja	Documents new identity debug user env var.
copier.yaml	Adds new identity and access copier options.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.