# Authentication Setup Guide

This guide will help you set up the authentication and pending identifications functionality.

## Prerequisites

1. ✅ Code changes are complete
2. ✅ `.env` file is configured with `NEXTAUTH_SECRET` and database URLs
3. ⚠️ Database tables need to be created
4. ⚠️ Database permissions need to be granted

## Step-by-Step Setup

### 1. Create Database Tables

Run the SQL script to create the new tables:

```bash
psql -U postgres -d punimtag -f create_auth_tables.sql
```

Or manually run the SQL commands in `create_auth_tables.sql`.

### 2. Grant Database Permissions

You need to grant write permissions for the new tables. Choose one option:

#### Option A: If using separate write user (`viewer_write`)

```sql
-- Connect as postgres superuser
psql -U postgres -d punimtag

-- Grant permissions
GRANT SELECT, INSERT, UPDATE ON TABLE users TO viewer_write;
GRANT SELECT, INSERT, UPDATE ON TABLE pending_identifications TO viewer_write;
GRANT USAGE, SELECT ON SEQUENCE users_id_seq TO viewer_write;
GRANT USAGE, SELECT ON SEQUENCE pending_identifications_id_seq TO viewer_write;
```

#### Option B: If using same user with write permissions (`viewer_readonly`)

```sql
-- Connect as postgres superuser
psql -U postgres -d punimtag

-- Grant permissions
GRANT SELECT, INSERT, UPDATE ON TABLE users TO viewer_readonly;
GRANT SELECT, INSERT, UPDATE ON TABLE pending_identifications TO viewer_readonly;
GRANT USAGE, SELECT ON SEQUENCE users_id_seq TO viewer_readonly;
GRANT USAGE, SELECT ON SEQUENCE pending_identifications_id_seq TO viewer_readonly;
```

### 3. Generate Prisma Client

After creating the tables, regenerate the Prisma client:

```bash
npx prisma generate
```

### 4. Verify Setup

1. **Check tables exist:**
   ```sql
   \dt users
   \dt pending_identifications
   ```

2. **Test user registration:**
   - Start the dev server: `npm run dev`
   - Navigate to `http://localhost:3001/register`
   - Try creating a new user account
   - Check if the user appears in the database:
     ```sql
     SELECT * FROM users;
     ```

3. **Test face identification:**
   - Log in with your new account
   - Open a photo with faces
   - Click on a face to identify it
   - Check if pending identification is created:
     ```sql
     SELECT * FROM pending_identifications;
     ```

## Troubleshooting

### Error: "permission denied for table users"

**Solution:** Grant write permissions to your database user (see Step 2 above).

### Error: "relation 'users' does not exist"

**Solution:** Run the `create_auth_tables.sql` script (see Step 1 above).

### Error: "PrismaClientValidationError"

**Solution:** Regenerate Prisma client: `npx prisma generate`

### Registration page shows error

**Check:**
1. `.env` file has `DATABASE_URL_WRITE` configured
2. Database user has INSERT permission on `users` table
3. Prisma client is up to date: `npx prisma generate`

## What Works Now

✅ User registration (`/register`)
✅ User login (`/login`)
✅ Face identification (requires login)
✅ Pending identifications saved to database
✅ Authentication checks in place

## What's Not Implemented Yet

❌ Admin approval interface (to approve/reject pending identifications)
❌ Applying approved identifications to the main `people` and `faces` tables

## Next Steps

Once everything is working:
1. Test user registration
2. Test face identification
3. Verify pending identifications are saved correctly
4. (Future) Implement admin approval interface