photo reset token save + save photo in logs

KrishP147 · KrishP147 · commit 751f1e934fd3 · 2026-01-23T22:13:25.000-05:00
diff --git a/frontend/src/App.jsx b/frontend/src/App.jsx
@@ -28,7 +28,14 @@ function App() {
   const [isPasswordRecovery, setIsPasswordRecovery] = useState(() => {
     // Check for recovery hash on initial render (before Supabase processes it)
     const hashParams = new URLSearchParams(window.location.hash.substring(1));
-    return hashParams.get('type') === 'recovery';
+    const isRecovery = hashParams.get('type') === 'recovery';
+    // Clear the hash immediately after reading to prevent loops on page reload
+    if (isRecovery) {
+      window.history.replaceState(null, '', window.location.pathname + window.location.search);
+      // Set flag for auth listener to check (since hash is now cleared)
+      sessionStorage.setItem('password_recovery_active', 'true');
+    }
+    return isRecovery;
   });
 
   useEffect(() => {
@@ -49,20 +56,22 @@ function App() {
       // Handle password recovery event - set recovery mode and don't set session
       if (event === 'PASSWORD_RECOVERY') {
         console.log('PASSWORD_RECOVERY event - enabling recovery mode');
+        sessionStorage.setItem('password_recovery_active', 'true');
         setIsPasswordRecovery(true);
         setSession(null);
         return;
       }
 
-      // Check if we should skip setting session due to recovery
-      const hashParams = new URLSearchParams(window.location.hash.substring(1));
-      const isRecoveryHash = hashParams.get('type') === 'recovery';
-      
-      if (isRecoveryHash && event === 'SIGNED_IN') {
-        console.log('Recovery hash present - ignoring SIGNED_IN event');
-        setIsPasswordRecovery(true);
-        setSession(null);
-        return;
+      // Skip setting session if we're already in recovery mode
+      // Note: Hash is cleared on initial load, so we rely on isPasswordRecovery state
+      if (event === 'SIGNED_IN') {
+        // Check current recovery state - use a ref or check localStorage for persistence
+        const recoveryActive = sessionStorage.getItem('password_recovery_active') === 'true';
+        if (recoveryActive) {
+          console.log('Recovery mode active - ignoring SIGNED_IN event');
+          setSession(null);
+          return;
+        }
       }
 
       // IMPORTANT: Don't set session immediately - wait for OAuth checks to complete
diff --git a/frontend/src/components/PhotoMealUpload.jsx b/frontend/src/components/PhotoMealUpload.jsx
@@ -25,6 +25,7 @@ export default function PhotoMealUpload({ onMealAdded }) {
   const [customMealName, setCustomMealName] = useState('');
   const [isNameManuallyEdited, setIsNameManuallyEdited] = useState(false);
   const [dietaryRestrictions, setDietaryRestrictions] = useState([]);
+  const [showPhotoModal, setShowPhotoModal] = useState(false);
 
   // Fetch user dietary restrictions on mount
   useEffect(() => {
@@ -716,7 +717,13 @@ export default function PhotoMealUpload({ onMealAdded }) {
       {preview && !result && (
         <div>
           <div className="relative">
-            <img src={preview} alt="Preview" className="w-full  mb-4 max-h-64 object-cover" />
+            <img
+              src={preview}
+              alt="Preview"
+              className="w-full mb-4 max-h-64 object-cover cursor-pointer hover:opacity-90 transition"
+              onClick={() => setShowPhotoModal(true)}
+              title="Click to view full size"
+            />
             <button
               onClick={() => {
                 setSelectedFile(null);
@@ -790,7 +797,13 @@ export default function PhotoMealUpload({ onMealAdded }) {
       {editableResult && (
         <div className="space-y-4">
           <div className="relative">
-            <img src={preview} alt="Analyzed" className="w-full  max-h-48 object-cover" />
+            <img
+              src={preview}
+              alt="Analyzed"
+              className="w-full max-h-48 object-cover cursor-pointer hover:opacity-90 transition"
+              onClick={() => setShowPhotoModal(true)}
+              title="Click to view full size"
+            />
             <button
               onClick={() => {
                 setResult(null);
@@ -1125,6 +1138,30 @@ export default function PhotoMealUpload({ onMealAdded }) {
           </div>
         </div>
       )}
+
+      {/* Photo Preview Modal */}
+      {showPhotoModal && preview && (
+        <div
+          className="fixed inset-0 z-50 flex items-center justify-center bg-black/90 p-4"
+          onClick={() => setShowPhotoModal(false)}
+        >
+          <div className="relative max-w-4xl max-h-[90vh] w-full">
+            <button
+              onClick={() => setShowPhotoModal(false)}
+              className="absolute -top-10 right-0 text-white/70 hover:text-white transition text-sm flex items-center gap-2"
+            >
+              <span>Close</span>
+              <svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round"><path d="M18 6 6 18"/><path d="m6 6 12 12"/></svg>
+            </button>
+            <img
+              src={preview}
+              alt="Full size preview"
+              className="w-full h-full object-contain max-h-[85vh]"
+              onClick={(e) => e.stopPropagation()}
+            />
+          </div>
+        </div>
+      )}
     </div>
   );
 }
diff --git a/frontend/src/pages/ResetPassword.jsx b/frontend/src/pages/ResetPassword.jsx
@@ -10,25 +10,31 @@ export default function ResetPassword() {
   const [error, setError] = useState(null);
   const [success, setSuccess] = useState(false);
   const [isOAuthAccount, setIsOAuthAccount] = useState(false);
+  const [isRecoverySession, setIsRecoverySession] = useState(false);
   const [showPassword, setShowPassword] = useState(false);
   const [showConfirmPassword, setShowConfirmPassword] = useState(false);
   const navigate = useNavigate();
 
   useEffect(() => {
     // Check if this is an OAuth-only account (no password set yet)
     const checkAuthProvider = async () => {
-      // Parse URL hash for Supabase auth parameters
+      // Check sessionStorage for recovery flag (set by App.jsx when hash was detected)
+      const recoveryActive = sessionStorage.getItem('password_recovery_active') === 'true';
+
+      // Also check URL hash as fallback (in case user navigated directly)
       const hashParams = new URLSearchParams(window.location.hash.substring(1));
       const tokenType = hashParams.get('type');
       const accessToken = hashParams.get('access_token');
 
+      console.log('Recovery active from sessionStorage:', recoveryActive);
       console.log('URL hash type:', tokenType);
       console.log('Has access token:', !!accessToken);
 
-      // If coming from password reset email (has type=recovery in hash)
+      // If coming from password reset email (recovery flag set or hash present)
       // ALWAYS show password reset form, never redirect
-      if (tokenType === 'recovery' || accessToken) {
+      if (recoveryActive || tokenType === 'recovery' || accessToken) {
         console.log('Password reset link detected - showing reset form');
+        setIsRecoverySession(true);
         setIsOAuthAccount(false);
         return;
       }
@@ -79,17 +85,16 @@ export default function ResetPassword() {
         setError(updateError.message);
         setLoading(false);
       } else {
-        // Check again if this was a password reset (recovery) session
-        const hashParams = new URLSearchParams(window.location.hash.substring(1));
-        const wasRecoverySession = hashParams.get('type') === 'recovery';
-
         console.log('Password updated successfully');
-        console.log('Was recovery session:', wasRecoverySession);
+        console.log('Was recovery session:', isRecoverySession);
         console.log('Is OAuth account:', isOAuthAccount);
 
         // If they came from a password reset link, sign them out regardless of OAuth
-        if (wasRecoverySession) {
+        if (isRecoverySession) {
           console.log('Recovery session - signing out user');
+          // Clear the URL hash and recovery flag to prevent recovery loop
+          window.history.replaceState(null, '', window.location.pathname);
+          sessionStorage.removeItem('password_recovery_active');
           await supabase.auth.signOut();
           setSuccess(true);
         } else if (isOAuthAccount) {
