feat: redesign auth page with Google/GitHub/Email buttons and email sub-view

[devin-ai-integration]

Redesign auth page with Google/GitHub/Email buttons and password support

Summary

Redesigns the web auth page (/auth) to reduce confusion around magic-link-only email sign-in. The main view now shows three clear buttons: Google, GitHub, and Email. Clicking Email switches the card to a sub-view with a Password / Magic Link tab toggle.

Backend (apps/web/src/functions/auth.ts):

• Added doPasswordSignUp (uses supabase.auth.signUp) and doPasswordSignIn (uses supabase.auth.signInWithPassword) server functions.

Frontend (apps/web/src/routes/auth.tsx):

• Main view: Google, GitHub, Email buttons + legal text underneath.
• Email sub-view: back button, Password/Magic Link tab switcher, and the respective forms.
• Password form supports sign-in/sign-up toggle with confirm-password field for new accounts.
• Legal text links now point to absolute https://hyprnote.com/legal/... URLs.

Review & Testing Checklist for Human

• Supabase email+password auth is enabled — if only magic link/OTP is configured in the Supabase project, the new password sign-up/sign-in endpoints will fail silently at runtime. Verify this in the Supabase dashboard under Authentication > Providers.
• Desktop flow end-to-end — password sign-in redirects to /callback/auth?flow=desktop&scheme=...&access_token=...&refresh_token=.... Confirm the existing callback page handles this correctly and the deep link back to the desktop app works.
• Sign-up with email confirmation — if Supabase requires email confirmation, the user sees "Check your email to confirm your account before signing in." Verify this message appears and the confirmation flow works.
• Visual review of the new UI — test both views (main buttons and email sub-view) to confirm layout, spacing, and tab switching behavior look correct.
• Type assertions in PasswordForm onSuccess — the handlers use as casts and "key" in result" checks instead of proper discriminated unions. Consider whether this is acceptable or could mask errors.

Notes

• Requested by: @ComputelessComputer
• Link to Devin run

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR that start with 'DevinAI' or '@devin'.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring

[netlify]

✅ Deploy Preview for hyprnote ready!

Name	Link
🔨 Latest commit	4d88ef4
🔍 Latest deploy log	https://app.netlify.com/projects/hyprnote/deploys/69876382ade2990008981e7b
😎 Deploy Preview	https://deploy-preview-3717--hyprnote.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[netlify]

✅ Deploy Preview for hyprnote-storybook canceled.

Name	Link
🔨 Latest commit	4d88ef4
🔍 Latest deploy log	https://app.netlify.com/projects/hyprnote-storybook/deploys/69876382ade2990008981e7f

[graphite-app]

The button's disabled condition doesn't check confirmPassword when in sign-up mode. This allows users to click submit even when the confirm password field is empty (if they somehow bypass the HTML required attribute), which will then fail client-side validation and show an error.

Fix by adding a conditional check:

disabled={isPending || !email || !password || (isSignUp && !confirmPassword)}

Suggested change

	disabled={isPending || !email || !password}
	disabled={isPending || !email || !password || (isSignUp && !confirmPassword)}

Spotted by Graphite Agent



Is this helpful? React 👍 or 👎 to let us know.

[graphite-app]

Using setErrorMessage for a success/informational message about email confirmation. This message is displayed with red error styling (text-red-500 on line 394), which will confuse users who successfully signed up.

Fix by creating a separate info/success message state:

const [infoMessage, setInfoMessage] = useState("");
// Then display it with different styling
if (infoMessage) {
  <p className="text-sm text-blue-600 text-center">{infoMessage}</p>
}

Spotted by Graphite Agent



Is this helpful? React 👍 or 👎 to let us know.