Hikkywannafly/skills/auth-magic-link
skills/auth-magic-link/SKILL.md
--- Working name: auth-magic-link description: > Implement Supabase magic-link email authentication for vibe-kit projects. No password required — user enters email, receives a login link. Includes middleware-based route protection and session management. argument-hint: "[setup | protect-route | check-session]" --- # auth-magic-link — Passwordless Auth ## Purpose Add email magic-link authentication to a vibe-kit project using Supabase Auth. Non-devs' users never need to remember a passwo
development
Updated Apr 25, 2026
$ install --global
skillsauthnpx skillsauth add Hikkywannafly/vibe-kit skills/auth-magic-linkInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 25, 2026, 5:07 PM142.5s1 file scanned
SKILL.md
- name:
- auth-magic-link
- description:
- >
- argument-hint:
- [setup | protect-route | check-session]
auth-magic-link — Passwordless Auth
Purpose
Add email magic-link authentication to a vibe-kit project using Supabase Auth. Non-devs' users never need to remember a password — one click from email logs them in.
Dependencies
npm install @supabase/ssr @supabase/supabase-js
1. Supabase Client Setup
// lib/supabase/client.ts
import { createBrowserClient } from "@supabase/ssr"
export function createClient() {
return createBrowserClient(
process.env.NEXT_PUBLIC_SUPABASE_URL!,
process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!
)
}
// lib/supabase/server.ts
import { createServerClient } from "@supabase/ssr"
import { cookies } from "next/headers"
export function createClient() {
const cookieStore = cookies()
return createServerClient(
process.env.NEXT_PUBLIC_SUPABASE_URL!,
process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,
{ cookies: { getAll: () => cookieStore.getAll(), setAll: (c) => c.forEach(({ name, value, options }) => cookieStore.set(name, value, options)) } }
)
}
2. Login Form Component
// components/login-form.tsx
"use client"
import { useState } from "react"
import { createClient } from "@/lib/supabase/client"
import { Button } from "@/components/ui/button"
import { Input } from "@/components/ui/input"
export function LoginForm() {
const [email, setEmail] = useState("")
const [sent, setSent] = useState(false)
const [loading, setLoading] = useState(false)
async function handleLogin() {
setLoading(true)
const supabase = createClient()
const { error } = await supabase.auth.signInWithOtp({
email,
options: { emailRedirectTo: `${window.location.origin}/auth/callback` },
})
if (!error) setSent(true)
setLoading(false)
}
if (sent) return (
<div className="text-center p-6">
<p className="text-lg font-medium">Kiem tra email cua ban!</p>
<p className="text-slate-500 mt-2">Chung toi da gui link dang nhap den <strong>{email}</strong></p>
</div>
)
return (
<div className="space-y-4 max-w-sm mx-auto p-6">
<h2 className="text-xl font-bold">Dang nhap</h2>
<Input type="email" placeholder="[email protected]" value={email} onChange={e => setEmail(e.target.value)} />
<Button onClick={handleLogin} disabled={loading || !email} className="w-full">
{loading ? "Dang gui..." : "Gui link dang nhap"}
</Button>
</div>
)
}
3. Auth Callback Route
// app/auth/callback/route.ts
import { createClient } from "@/lib/supabase/server"
import { NextRequest, NextResponse } from "next/server"
export async function GET(req: NextRequest) {
const code = req.nextUrl.searchParams.get("code")
if (code) {
const supabase = createClient()
await supabase.auth.exchangeCodeForSession(code)
}
return NextResponse.redirect(new URL("/dashboard", req.url))
}
4. Middleware Route Protection
// middleware.ts
import { createServerClient } from "@supabase/ssr"
import { NextRequest, NextResponse } from "next/server"
export async function middleware(req: NextRequest) {
const res = NextResponse.next()
const supabase = createServerClient(
process.env.NEXT_PUBLIC_SUPABASE_URL!,
process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,
{ cookies: { getAll: () => req.cookies.getAll(), setAll: (c) => c.forEach(({ name, value, options }) => res.cookies.set(name, value, options)) } }
)
const { data: { user } } = await supabase.auth.getUser()
if (!user && req.nextUrl.pathname.startsWith("/dashboard")) {
return NextResponse.redirect(new URL("/login", req.url))
}
return res
}
export const config = { matcher: ["/dashboard/:path*"] }
Sign Out
const supabase = createClient()
await supabase.auth.signOut()
// redirect to /
Supabase Dashboard Settings
Auth → URL Configuration:
- Site URL:
https://tenwebsite.vn - Redirect URLs:
https://tenwebsite.vn/auth/callback
Related Skills
Hikkywannafly/vietnamese-copy
data-ai
VerifiedTrustedCommunity
Generate Vietnamese marketing copy, UI strings, CTAs, error messages, and email templates for vibe-kit projects. Tone: friendly, conversational, Southern Vietnamese style. Activated for any user-visible text generation.
SKILL.mdUpdated Apr 25, 2026
Hikkywannafly/vibe
development
VerifiedTrustedCommunity
One-shot orchestrator. Turns the prose after /vibe into a shipped product by clarifying intent, rendering a plan, gating on approval, then spawning planner+researcher+fullstack-dev+tester+reviewer agents in sequence. User-visible strings match the user's input language (Vietnamese by default for VN users). Two modes: SAFE (default — clarify + show plan + wait for approval, max 1 round-trip) and YOLO (skip clarify+approval, run full auto with smart defaults — for demos and power users). YOLO triggers: prose contains `yolo`, `nhanh nha`, `lam luon`, `khoi hoi`, `auto`, or args start with `yolo`. Trigger phrases (EN + VN): "build me a site", "make me a landing page", "create a shop", "I need an app", "vibe lam website", "tao cho toi mot", "xay dung shop online", "lam landing page", "can mot app".
SKILL.mdUpdated Apr 25, 2026
Hikkywannafly/vibe-security
tools
VerifiedTrustedCommunity
On-demand security audit for vibe-kit projects. Stack-aware checks for Next.js App Router + Supabase + Polar: secrets leak, RLS gaps, service-role key in client bundle, missing webhook signature verification, unprotected API routes, weak headers, dependency vulns. Outputs a Vietnamese P0/P1/P2 report with file:line + fix hints. User-visible strings match the user's input language (Vietnamese by default for VN users). Trigger phrases (EN + VN): "check security", "audit it", "security scan", "is this safe to launch", "kiem tra bao mat", "quet bao mat", "audit du an", "co an toan khong", "scan bao mat truoc khi deploy".
SKILL.mdUpdated Apr 25, 2026
Hikkywannafly/vibe-rn-supabase
tools
VerifiedTrustedCommunity
Wire Supabase JS client into a React Native (Expo) vibe-kit project: session persistence via AsyncStorage, magic-link OAuth callback via expo-linking deep links, Realtime subscriptions on RN, and shared TypeScript types with the Next.js webapp twin (vibe-kit's typical web<->mobile pair pattern). This is the mobile counterpart of `auth-magic-link` (web). User-visible strings match the user's input language (Vietnamese by default for VN users). Trigger phrases (EN + VN): "supabase react native", "supabase mobile", "auth mobile expo", "magic link mobile", "tich hop supabase vao app", "supabase deep link".
SKILL.mdUpdated Apr 25, 2026