Add GitLab OAuth provider with private instance support

[thuvh]

Description

Adds a new GitLab auth plugin that supports both gitlab.com and self-hosted instances via GITLAB_WEB_URL env var.

Type of Change

• Bug fix
• Documentation update
• Other (please describe):
  • new feature

---

Summary by CodeRabbit

• New Features

  • Added GitLab as a new OAuth sign-in option, including support for configurable GitLab instance URLs.
  • Added GitLab branding and icon in the authentication UI.

• Documentation

  • Updated the environment example and auth configuration comments to include GitLab OAuth variables and provider reference.

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds GitLab OAuth support: environment variables, UI name and icon mappings, a new GitLab auth plugin that configures the provider and remaps profiles, and registration/export of the plugin.

Changes

Cohort / File(s)	Summary
Environment & Config \.env.example, prompts.config.ts	Added GitLab OAuth env entries (GITLAB_CLIENT_ID, GITLAB_CLIENT_SECRET, GITLAB_WEB_URL) and added "gitlab" to the auth providers comment.
UI Components src/components/auth/auth-content.tsx, src/components/auth/oauth-button.tsx	Added provider display name mapping for gitlab and a GitLab SVG icon so the OAuth button can render GitLab.
Auth Plugin src/lib/plugins/auth/gitlab.ts, src/lib/plugins/auth/index.ts	New gitlabPlugin exporting an AuthPlugin that builds a GitLab provider (uses GITLAB_* env vars) and remaps profiles; plugin imported, registered, and exported in the auth plugins index.

Sequence Diagram(s)

sequenceDiagram
    actor User
    participant UI as Client UI
    participant App as App Server
    participant GitLab as GitLab OAuth
    User->>UI: Click "Sign in with GitLab"
    UI->>App: Request OAuth redirect /start
    App->>GitLab: Redirect to GitLab authorize (client_id, redirect_uri)
    GitLab->>User: Prompt auth & consent
    User->>GitLab: Authenticate
    GitLab->>App: Redirect back with code
    App->>GitLab: Exchange code for token
    GitLab->>App: Return token + profile
    App->>App: gitlabPlugin remaps profile (id, name, email, image, username)
    App->>UI: Create session / return auth result

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 I hopped to the code, a GitLab surprise,
Keys in the env and icons for eyes.
Plugins mapped profiles, sign-ins now neat,
I nibble a carrot — another login complete! 🥕

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: adding GitLab OAuth provider support with self-hosted instance configuration via GITLAB_WEB_URL environment variable.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/components/auth/auth-content.tsx (1)

14-21: ⚠️ Potential issue | 🟠 Major

Localize the new “GitLab” label instead of hardcoding it.

The new provider label is user-facing and should come from next-intl to stay consistent with i18n requirements.

✅ Suggested fix

-const providerNames: Record<string, string> = {
-  github: "GitHub",
-  google: "Google",
-  azure: "Microsoft",
-  apple: "Apple",
-  gitlab: "GitLab",
-  credentials: "Email",
-};
+// Move inside component so we can use `t`
+const providerNames = {
+  github: t("providers.github"),
+  google: t("providers.google"),
+  azure: t("providers.azure"),
+  apple: t("providers.apple"),
+  gitlab: t("providers.gitlab"),
+  credentials: t("providers.email"),
+};

Also add the new translation keys in messages/*.json.

As per coding guidelines, do not hardcode user-facing strings; use next-intl and add translations in the appropriate messages files.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/components/auth/auth-content.tsx` around lines 14 - 21, The providerNames
map currently hardcodes "GitLab"; replace that hardcoded user-facing string with
a localized value obtained via next-intl (e.g., call useTranslations and
reference a key such as "auth.providers.gitlab") when building providerNames
(keep the key names like github/google/etc. unchanged), and add the
corresponding "auth.providers.gitlab" entries to the messages/*.json translation
files for all supported locales; ensure the component imports and uses
useTranslations (or t) consistently so the providerNames value is localized at
render time.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/lib/plugins/auth/gitlab.ts`:
- Around line 18-19: The field githubUsername is GitHub-specific but is
populated for GitLab as well; rename githubUsername to a provider-agnostic name
(e.g., oauthUsername) and update its comment in src/lib/plugins/auth/gitlab.ts
so it reads that it stores the OAuth provider username; then update all usages
of githubUsername (for example in src/app/prompts.csv/route.ts and
src/app/about/page.tsx) to oauthUsername, and ensure any persistence/schema
definitions and tests that reference githubUsername are migrated to
oauthUsername to keep the model consistent.
- Around line 8-12: The GitlabProvider call uses the unsupported web_url option;
replace that option with baseUrl so self-hosted GitLab instances are respected.
In the GitlabProvider invocation (GitlabProvider({ clientId, clientSecret, ...
})), change web_url: process.env.GITLAB_WEB_URL || "https://gitlab.com" to
baseUrl: process.env.GITLAB_BASE_URL || "https://gitlab.com" (or reuse the
existing env var name if preferred), keeping the same default, and ensure no
other code expects web_url.

---

Outside diff comments:
In `@src/components/auth/auth-content.tsx`:
- Around line 14-21: The providerNames map currently hardcodes "GitLab"; replace
that hardcoded user-facing string with a localized value obtained via next-intl
(e.g., call useTranslations and reference a key such as "auth.providers.gitlab")
when building providerNames (keep the key names like github/google/etc.
unchanged), and add the corresponding "auth.providers.gitlab" entries to the
messages/*.json translation files for all supported locales; ensure the
component imports and uses useTranslations (or t) consistently so the
providerNames value is localized at render time.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 62b5600 and e00b4b3.

📒 Files selected for processing (6)

• .env.example
• prompts.config.ts
• src/components/auth/auth-content.tsx
• src/components/auth/oauth-button.tsx
• src/lib/plugins/auth/gitlab.ts
• src/lib/plugins/auth/index.ts

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

# Search for githubUsername usage and definition
rg -n "githubUsername" --type=ts --type=tsx --type=prisma -C3

Repository: f/prompts.chat

Length of output: 85

---

🏁 Script executed:

# Find the Prisma schema file
fd -e prisma . | head -20

Repository: f/prompts.chat

Length of output: 78

---

🏁 Script executed:

# Look at other auth provider implementations
find src/lib/plugins/auth -name "*.ts" -type f | head -20

Repository: f/prompts.chat

Length of output: 276

---

🏁 Script executed:

# Search for githubUsername usage (corrected rg command)
rg -n "githubUsername" -C3

Repository: f/prompts.chat

Length of output: 12452

---

🏁 Script executed:

# Read the Prisma schema to see how githubUsername is defined
cat prisma/schema.prisma

Repository: f/prompts.chat

Length of output: 13804

---

🏁 Script executed:

# Read the gitlab.ts file to see the context
cat -n src/lib/plugins/auth/gitlab.ts

Repository: f/prompts.chat

Length of output: 1137

---

🏁 Script executed:

# Read the github.ts file to compare
cat -n src/lib/plugins/auth/github.ts

Repository: f/prompts.chat

Length of output: 922

---

Fix misleading comments and provider-agnostic field naming.

Lines 18-19 incorrectly reference "GitHub username" when storing GitLab data. Additionally, the field name githubUsername is semantically GitHub-specific, but the codebase stores both GitHub and GitLab usernames in it. This creates ambiguity in the data model—the field is used throughout the codebase with assumptions that it contains GitHub usernames only (e.g., in src/app/prompts.csv/route.ts and src/app/about/page.tsx).

Either:

1. Rename githubUsername to a provider-agnostic name like oauthUsername or primaryUsername
2. Create separate fields (githubUsername and gitlabUsername) per provider
3. Update the comments to reflect that the field stores the OAuth provider's username, regardless of provider

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/lib/plugins/auth/gitlab.ts` around lines 18 - 19, The field
githubUsername is GitHub-specific but is populated for GitLab as well; rename
githubUsername to a provider-agnostic name (e.g., oauthUsername) and update its
comment in src/lib/plugins/auth/gitlab.ts so it reads that it stores the OAuth
provider username; then update all usages of githubUsername (for example in
src/app/prompts.csv/route.ts and src/app/about/page.tsx) to oauthUsername, and
ensure any persistence/schema definitions and tests that reference
githubUsername are migrated to oauthUsername to keep the model consistent.

[Copilot]

Pull request overview

This pull request adds GitLab OAuth authentication support to the application, allowing users to sign in with both gitlab.com accounts and self-hosted GitLab instances. The implementation follows the existing pattern used by other OAuth providers (GitHub, Google, Azure, Apple) and includes UI updates to support the new provider.

Changes:

• Added a new GitLab auth plugin with support for custom instance URLs via GITLAB_WEB_URL environment variable
• Registered the GitLab plugin in the auth system and exported it for use
• Added GitLab icon to the OAuth button component and provider name mapping

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
src/lib/plugins/auth/gitlab.ts	New GitLab OAuth provider plugin with profile mapping and self-hosted instance support
src/lib/plugins/auth/index.ts	Imports, registers, and exports the new gitlabPlugin
src/components/auth/oauth-button.tsx	Adds GitLab icon SVG to the provider icons dictionary
src/components/auth/auth-content.tsx	Maps "gitlab" provider ID to "GitLab" display name
prompts.config.ts	Documents "gitlab" as an available auth provider option
.env.example	Adds environment variables for GitLab OAuth configuration

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[thuvh]

GitHub Comment

This feature would require adding a new OAuth provider configuration in the authentication module that handles GitLab's OAuth flow, including support for custom instance URLs via environment variables or config settings. I'd recommend checking out how the existing GitHub OAuth provider is implemented as a template, then extending it with GitLab-specific endpoints and the ability to override the instance URL for self-hosted deployments.

yep, let'me try

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/lib/plugins/auth/index.ts (1)

7-16: ⚠️ Potential issue | 🔴 Critical

GitLab self-hosted support is broken: base_url is not a valid Auth.js option and env var name doesn't match .env.example.

The registration in index.ts is correct, but src/lib/plugins/auth/gitlab.ts has two issues:

1. Invalid provider option: Auth.js GitLab provider doesn't accept base_url. The line base_url: process.env.GITLAB_BASE_URL || "https://gitlab.com" is silently ignored and has no effect.
2. Env var mismatch: .env.example documents GITLAB_WEB_URL, but the plugin reads GITLAB_BASE_URL—users following the example will find self-hosted GitLab won't work.

Fix: To support self-managed GitLab instances, explicitly override the OAuth endpoints:

GitlabProvider({
  clientId: process.env.GITLAB_CLIENT_ID!,
  clientSecret: process.env.GITLAB_CLIENT_SECRET!,
  authorization: `${process.env.GITLAB_WEB_URL || "https://gitlab.com"}/oauth/authorize`,
  token: `${process.env.GITLAB_WEB_URL || "https://gitlab.com"}/oauth/token`,
  userinfo: `${process.env.GITLAB_WEB_URL || "https://gitlab.com"}/api/v4/user`,
  // ... rest of config
})

Also align .env.example and the plugin to use the same env var name (GITLAB_WEB_URL preferred).

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/lib/plugins/auth/index.ts` around lines 7 - 16, The GitLab provider in
src/lib/plugins/auth/gitlab.ts uses an unsupported option (base_url) and the env
var name differs from .env.example; update the GitlabProvider configuration to
remove base_url and instead explicitly set the OAuth endpoints (authorization,
token, userinfo) using process.env.GITLAB_WEB_URL (falling back to
"https://gitlab.com") and ensure clientId/clientSecret are used as before; also
update the env var reference in the plugin to GITLAB_WEB_URL so it matches
.env.example and supports self-hosted GitLab instances.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In `@src/lib/plugins/auth/index.ts`:
- Around line 7-16: The GitLab provider in src/lib/plugins/auth/gitlab.ts uses
an unsupported option (base_url) and the env var name differs from .env.example;
update the GitlabProvider configuration to remove base_url and instead
explicitly set the OAuth endpoints (authorization, token, userinfo) using
process.env.GITLAB_WEB_URL (falling back to "https://gitlab.com") and ensure
clientId/clientSecret are used as before; also update the env var reference in
the plugin to GITLAB_WEB_URL so it matches .env.example and supports self-hosted
GitLab instances.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e00b4b3 and 6aa1765.

📒 Files selected for processing (6)

• .env.example
• prompts.config.ts
• src/components/auth/auth-content.tsx
• src/components/auth/oauth-button.tsx
• src/lib/plugins/auth/gitlab.ts
• src/lib/plugins/auth/index.ts

🚧 Files skipped from review as they are similar to previous changes (4)

• .env.example
• src/lib/plugins/auth/gitlab.ts
• src/components/auth/oauth-button.tsx
• src/components/auth/auth-content.tsx

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/components/auth/auth-content.tsx (1)

14-21: ⚠️ Potential issue | 🟡 Minor

Localize the new GitLab provider label instead of hardcoding it.

gitlab: "GitLab" adds user-facing text outside next-intl. Since this component already has useTranslations, provider labels should come from translation keys (and corresponding messages/*.json entries).

💡 Suggested refactor

-const providerNames: Record<string, string> = {
-  github: "GitHub",
-  google: "Google",
-  azure: "Microsoft",
-  apple: "Apple",
-  gitlab: "GitLab",
-  credentials: "Email",
-};
-
 export function AuthContent({ providers, mode, useCloneBranding = false }: AuthContentProps) {
   const t = useTranslations("auth");
+  const providerNames: Record<string, string> = {
+    github: t("providers.github"),
+    google: t("providers.google"),
+    azure: t("providers.azure"),
+    apple: t("providers.apple"),
+    gitlab: t("providers.gitlab"),
+    credentials: t("providers.email"),
+  };

Also add:

• auth.providers.gitlab
• (and any missing sibling keys) in messages/*.json.

As per coding guidelines: "Use next-intl for all user-facing strings; never hardcode text" and "Add translations for any user-facing text in the appropriate messages/*.json files".

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/components/auth/auth-content.tsx` around lines 14 - 21, The providerNames
object contains hardcoded user-facing labels (e.g., "GitLab"); replace these
with values from next-intl by using the component's useTranslations hook (e.g.,
call t('auth.providers.github'), t('auth.providers.gitlab'), etc.) instead of
literal strings, and update messages/*.json to include auth.providers.gitlab and
any missing sibling keys (auth.providers.github, google, azure, apple,
credentials) so all provider labels come from translations; ensure the
providerNames constant is built from the t(...) results where it is used in the
component.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In `@src/components/auth/auth-content.tsx`:
- Around line 14-21: The providerNames object contains hardcoded user-facing
labels (e.g., "GitLab"); replace these with values from next-intl by using the
component's useTranslations hook (e.g., call t('auth.providers.github'),
t('auth.providers.gitlab'), etc.) instead of literal strings, and update
messages/*.json to include auth.providers.gitlab and any missing sibling keys
(auth.providers.github, google, azure, apple, credentials) so all provider
labels come from translations; ensure the providerNames constant is built from
the t(...) results where it is used in the component.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6aa1765 and 024e15b.

📒 Files selected for processing (6)

• .env.example
• prompts.config.ts
• src/components/auth/auth-content.tsx
• src/components/auth/oauth-button.tsx
• src/lib/plugins/auth/gitlab.ts
• src/lib/plugins/auth/index.ts

🚧 Files skipped from review as they are similar to previous changes (4)

• src/lib/plugins/auth/gitlab.ts
• .env.example
• src/components/auth/oauth-button.tsx
• src/lib/plugins/auth/index.ts