// Landing page with Sign Up / Log In flows // Uses window.supabaseClient (CDN singleton from src/supabase.js) const { useState: useAuthState, useEffect: useAuthEffect, useRef: useAuthRef } = React; const SUPER_ADMIN_EMAIL = 'owner@perdura.capital'; // set to your actual email function toSlug(str) { return str.toLowerCase().replace(/[^a-z0-9]/g, '-').replace(/-+/g, '-').replace(/^-|-$/g, ''); } // ─── Root auth page: landing → signup | login ───────────────────────────────── function AuthPage({ onAuthenticated }) { const [mode, setMode] = useAuthState('landing'); // landing | signup | login | forgot if (mode === 'signup') return setMode('landing')} onAuthenticated={onAuthenticated} />; if (mode === 'login') return setMode('landing')} onAuthenticated={onAuthenticated} onForgot={() => setMode('forgot')} />; if (mode === 'forgot') return setMode('login')} />; return setMode('signup')} onLogin={() => setMode('login')} />; } // ─── Landing hero ───────────────────────────────────────────────────────────── function LandingScreen({ onSignup, onLogin }) { return (
Financial Intelligence Platform
PerduraCFO
Your business,
in plain English.

Real-time CFO intelligence for growing businesses — powered by your accounting data.

    {[ 'Connect QuickBooks, Xero, or NetSuite in minutes', 'Live P&L, cash flow, ratios and KPIs', 'AI insights that drive smarter decisions', ].map(b => (
  • {b}
    • ))}
Powered by Perdura Capital LLC · Enterprise-grade security
); } // ─── Sign Up ────────────────────────────────────────────────────────────────── function SignupForm({ onBack, onAuthenticated }) { const [email, setEmail] = useAuthState(''); const [password, setPassword] = useAuthState(''); const [company, setCompany] = useAuthState(''); const [subdomain, setSubdomain] = useAuthState(''); const [subStatus, setSubStatus] = useAuthState('idle'); // idle | checking | ok | taken const [error, setError] = useAuthState(''); const [loading, setLoading] = useAuthState(false); const [confirmed, setConfirmed] = useAuthState(false); // email confirmation pending const checkTimer = useAuthRef(null); // Auto-suggest subdomain from company name useAuthEffect(() => { if (company) { const slug = toSlug(company); setSubdomain(slug); checkSubdomain(slug); } }, [company]); function handleSubdomainChange(e) { const val = toSlug(e.target.value) || e.target.value.toLowerCase().replace(/\s/g, '-'); setSubdomain(val); clearTimeout(checkTimer.current); setSubStatus('idle'); if (val.length >= 2) { checkTimer.current = setTimeout(() => checkSubdomain(val), 400); } } async function checkSubdomain(slug) { if (!slug || slug.length < 2) return; setSubStatus('checking'); try { const { data } = await window.supabaseClient .from('companies') .select('id') .eq('subdomain', slug) .maybeSingle(); setSubStatus(data ? 'taken' : 'ok'); } catch { setSubStatus('idle'); } } async function handleSubmit(e) { e.preventDefault(); setError(''); if (password.length < 8) { setError('Password must be at least 8 characters.'); return; } if (!subdomain || subdomain.length < 2) { setError('Subdomain must be at least 2 characters.'); return; } if (subStatus === 'taken') { setError('That subdomain is already taken.'); return; } setLoading(true); try { const db = window.supabaseClient; // 1. Create auth user const { data: authData, error: authErr } = await db.auth.signUp({ email, password }); if (authErr) throw authErr; const userId = authData.user?.id; if (!userId) { // Email confirmation is required — show a friendly screen setConfirmed(true); return; } // 2. Insert company const { data: co, error: coErr } = await db .from('companies') .insert({ name: company, subdomain }) .select() .single(); if (coErr) throw coErr; // 3. Insert company_users as Owner / Active const { error: cuErr } = await db .from('company_users') .insert({ user_id: userId, company_id: co.id, role: 'Owner', status: 'Active' }); if (cuErr) throw cuErr; // 4. Redirect to setup wizard on their subdomain window.location.href = `https://${subdomain}.cfodash.app/setup`; } catch (err) { setError(err.message || 'Something went wrong. Please try again.'); } finally { setLoading(false); } } const subHint = () => { if (!subdomain || subdomain.length < 2) return null; if (subStatus === 'checking') return Checking availability…; if (subStatus === 'ok') return ✓ Available; if (subStatus === 'taken') return Already taken; return null; }; if (confirmed) { return (
✉️
Check your email
We sent a confirmation link to {email}. Click it to activate your account, then come back and log in.
); } return (
PerduraCFO
Create your account
Get set up in under 2 minutes.
{error &&
{error}
}
setEmail(e.target.value)} />
setPassword(e.target.value)} />
setCompany(e.target.value)} />
https:// .cfodash.app
{subHint()}
Already have an account?{" "}
); } // ─── Log In ─────────────────────────────────────────────────────────────────── function LoginForm({ onBack, onAuthenticated, onForgot }) { const [email, setEmail] = useAuthState(''); const [password, setPassword] = useAuthState(''); const [error, setError] = useAuthState(''); const [loading, setLoading] = useAuthState(false); async function handleSubmit(e) { e.preventDefault(); setError(''); setLoading(true); try { const db = window.supabaseClient; const { data, error: authErr } = await db.auth.signInWithPassword({ email, password }); if (authErr) throw authErr; const userId = data.user.id; // Super-admin bypass — check app_metadata claim const isSuperAdmin = data.user?.app_metadata?.super_admin === true; if (isSuperAdmin) { const SD = window.PerduraSubdomain || { type: "root" }; // On cfodash.app subdomains: redirect to admin subdomain if not already there if (SD.type === "subdomain" || SD.type === "app") { window.location.replace("https://admin.cfodash.app"); return; } // On root, admin, localhost, or any preview URL: just sign in directly onAuthenticated(data.user); return; } // Look up company membership const { data: membership } = await db .from('company_users') .select('company_id, companies(subdomain)') .eq('user_id', userId) .eq('status', 'Active') .maybeSingle(); if (membership?.companies?.subdomain) { const SD = window.PerduraSubdomain || { type: "root" }; // Already on the correct subdomain — hand off without redirect if (SD.type === "subdomain" && SD.slug === membership.companies.subdomain) { onAuthenticated(data.user); } else { window.location.replace(`https://${membership.companies.subdomain}.cfodash.app`); } } else { // No company yet — hand off to app.jsx to show wizard onAuthenticated(data.user); } } catch (err) { setError(err.message || 'Invalid email or password.'); } finally { setLoading(false); } } return (
PerduraCFO
Welcome back
Sign in to your financial dashboard.
{error &&
{error}
}
setEmail(e.target.value)} />
setPassword(e.target.value)} />
Don't have an account?{" "}
); } // ─── Set New Password (after clicking email reset link) ─────────────────────── function ResetPasswordForm({ onDone }) { const [password, setPassword] = useAuthState(''); const [confirm, setConfirm] = useAuthState(''); const [error, setError] = useAuthState(''); const [loading, setLoading] = useAuthState(false); const [done, setDone] = useAuthState(false); async function handleSubmit(e) { e.preventDefault(); setError(''); if (password.length < 8) { setError('Password must be at least 8 characters.'); return; } if (password !== confirm) { setError('Passwords do not match.'); return; } setLoading(true); try { const { error: updateErr } = await window.supabaseClient.auth.updateUser({ password }); if (updateErr) throw updateErr; setDone(true); setTimeout(() => onDone(), 2000); } catch (err) { setError(err.message || 'Something went wrong. Please try again.'); } finally { setLoading(false); } } return (
{done ? (
Password updated
Taking you to your dashboard…
) : ( <>
Set new password
Choose a strong password for your account.
{error &&
{error}
}
setPassword(e.target.value)} />
setConfirm(e.target.value)} />
)}
); } // ─── Forgot Password ────────────────────────────────────────────────────────── function ForgotPasswordForm({ onBack }) { const [email, setEmail] = useAuthState(''); const [error, setError] = useAuthState(''); const [loading, setLoading] = useAuthState(false); const [sent, setSent] = useAuthState(false); async function handleSubmit(e) { e.preventDefault(); setError(''); setLoading(true); try { const { error: resetErr } = await window.supabaseClient.auth.resetPasswordForEmail(email, { redirectTo: window.location.origin + '/app.html', }); if (resetErr) throw resetErr; setSent(true); } catch (err) { setError(err.message || 'Something went wrong. Please try again.'); } finally { setLoading(false); } } return (
{sent ? (
✉️
Check your inbox
We sent a password reset link to {email}. Check your spam folder if it doesn't arrive within a minute.
) : ( <>
Reset your password
Enter your email and we'll send you a reset link.
{error &&
{error}
}
setEmail(e.target.value)} />
)}
); }