feat(web): add Google onboarding completion page

[onerandomdevv]

What does this PR do?

Adds the web page for completing pending Google onboarding sessions created by backend Google OAuth. The page reads the opaque session ID, fetches safe Google prefill data, collects Twizrr-required onboarding fields, and submits completion to the backend without exposing provider tokens or raw Google payloads.

Type of change

• New feature
• Bug fix
• Refactor / cleanup
• Database migration included
• Chore / maintenance
• Documentation

Area affected

• Backend
• Web
• WhatsApp
• Shared package
• Database / Prisma
• GitHub / CI / infrastructure

How to test this

1. Visit /register/google/complete?session=<valid-session-id>.
2. Confirm the page loads Google email/name/avatar prefill from /auth/google/onboarding/:sessionId.
3. Submit first name, last name, date of birth, and phone.

Expected result: under-13 DOB is blocked client-side, valid completion calls /auth/google/onboarding/:sessionId/complete, auth cookies are accepted from the backend response, and the user is redirected to the backend-provided destination.

Pre-commit checklist

• Backend lint/type/build pass when backend is affected
• Web lint/type/build pass when web is affected
• Shared package build passes when shared is affected
• No console.log left in production code
• No secrets or .env files committed
• No new any types added
• No non-MVP legacy features reintroduced
• All money values are BigInt kobo, never float
• Paystack webhook changes verify HMAC before processing
• Database migrations are Prisma migrations, not db push
• Database migrations are backward-compatible or risk is documented

Screenshots

N/A - focused auth form route; no visual redesign.

Notes for reviewer

Route added:

• /register/google/complete

Fields collected:

• firstName
• lastName
• dateOfBirth
• phone

Prefill behavior:

• Fetches providerEmail, providerEmailVerified, first/last/display name prefill, and provider avatar URL from GET /auth/google/onboarding/:sessionId.
• Shows only safe prefill fields; no Google tokens or raw provider payload are exposed.

Age-gate behavior:

• Client-side DOB validation blocks users under 13.
• Backend remains source of truth and still enforces the same rule on completion.

Phone verification copy:

• Copy clearly says Google verifies email only.
• Copy says phone verification happens later before checkout.
• The page collects phone but does not run phone verification.

Redirect behavior:

• On successful completion, redirects to the backend-provided redirectTo, falling back to /explore.

Backend review follow-up:

• Updated auth.service.google.spec.ts so the one-time pending-session test first completes successfully, then retries the same session and verifies GOOGLE_ONBOARDING_SESSION_EXPIRED after redis.getDel returns null.

Validation:

• cd apps/backend && pnpm.cmd test -- auth.service.google.spec.ts --runInBand passed, 13/13
• cd apps/web && pnpm.cmd run lint passed
• cd apps/web && npx.cmd tsc --noEmit passed
• cd apps/web && pnpm.cmd run build passed
• git diff --check passed
• git diff --cached --check passed
• staged secret scan passed
• added-line forbidden visible-term scan passed
• pre-commit hook passed ESLint, security sentinel, and Prettier for staged backend/web files

[codesandbox]

Review or Edit in CodeSandbox

Open the branch in Web Editor • VS Code • Insiders

Open Preview

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
twizrr-web	Ready	Preview, Comment	Jun 8, 2026 4:55pm

[coderabbitai]

Warning

Review limit reached

@onerandomdevv, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 28 minutes and 8 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: a266c922-6e81-49c1-92b1-83d161573340

📥 Commits

Reviewing files that changed from the base of the PR and between 0ce9d4a and 748000c.

📒 Files selected for processing (3)

• apps/backend/src/domains/users/auth/auth.service.google.spec.ts
• apps/web/src/app/(auth)/register/google/complete/page.tsx
• apps/web/src/lib/auth.ts

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/web-google-onboarding-completion

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}