diff --git a/.env.example b/.env.example
new file mode 100644
index 00000000..ebe1be8b
--- /dev/null
+++ b/.env.example
@@ -0,0 +1,5 @@
+# Supabase credentials
+VITE_SUPABASE_URL=your-supabase-url
+VITE_SUPABASE_ANON_KEY=your-supabase-anon-key
+
+# Other environment variables can be added here
diff --git a/.gitignore b/.gitignore
index 74821944..8073edfb 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,6 +4,7 @@ node_modules/
 tests/e2e/reports/
 
 # local env files
+.env
 .env.local
 .env.*.local
 
diff --git a/package.json b/package.json
index 8870c2b7..6fbfbbfd 100644
--- a/package.json
+++ b/package.json
@@ -26,6 +26,7 @@
     "@coreui/vue": "^5.4.1",
     "@coreui/vue-chartjs": "^3.0.0",
     "@popperjs/core": "^2.11.8",
+    "@supabase/supabase-js": "^2.49.4",
     "chart.js": "^4.4.7",
     "pinia": "^3.0.1",
     "simplebar-vue": "^2.4.0",
diff --git a/src/components/AppHeaderDropdownAccnt.vue b/src/components/AppHeaderDropdownAccnt.vue
index d51d1fe0..dcf97504 100644
--- a/src/components/AppHeaderDropdownAccnt.vue
+++ b/src/components/AppHeaderDropdownAccnt.vue
@@ -1,7 +1,24 @@
 <script setup>
 import avatar from '@/assets/images/avatars/8.jpg'
+import { ref, onMounted } from 'vue'
+import { useRouter } from 'vue-router'
+import supabase from '@/lib/supabase'
 
 const itemsCount = 42
+const router = useRouter()
+const userName = ref('Account')
+
+onMounted(async () => {
+  const { data } = await supabase.auth.getUser()
+  if (data.user) {
+    userName.value = data.user.user_metadata?.displayName || data.user.email || 'Account'
+  }
+})
+
+const handleLogout = async () => {
+  await supabase.auth.signOut()
+  router.push('/pages/login')
+}
 </script>
 
 <template>
@@ -14,7 +31,7 @@ const itemsCount = 42
         component="h6"
         class="bg-body-secondary text-body-secondary fw-semibold mb-2 rounded-top"
       >
-        Account
+        {{ userName }}
       </CDropdownHeader>
       <CDropdownItem>
         <CIcon icon="cil-bell" /> Updates
@@ -50,7 +67,9 @@ const itemsCount = 42
       </CDropdownItem>
       <CDropdownDivider />
       <CDropdownItem> <CIcon icon="cil-shield-alt" /> Lock Account </CDropdownItem>
-      <CDropdownItem> <CIcon icon="cil-lock-locked" /> Logout </CDropdownItem>
+      <CDropdownItem @click="handleLogout">
+        <CIcon icon="cil-lock-locked" /> Logout
+      </CDropdownItem>
     </CDropdownMenu>
   </CDropdown>
 </template>
diff --git a/src/lib/supabase.js b/src/lib/supabase.js
new file mode 100644
index 00000000..41cd23ee
--- /dev/null
+++ b/src/lib/supabase.js
@@ -0,0 +1,8 @@
+import { createClient } from "@supabase/supabase-js";
+
+const supabase = createClient(
+  import.meta.env.VITE_SUPABASE_URL,
+  import.meta.env.VITE_SUPABASE_ANON_KEY
+);
+
+export default supabase;
diff --git a/src/router/index.js b/src/router/index.js
index 342b69aa..ce5f9ce7 100644
--- a/src/router/index.js
+++ b/src/router/index.js
@@ -316,4 +316,29 @@ const router = createRouter({
   },
 })
 
+// Navigation guard to protect routes
+router.beforeEach(async (to, from, next) => {
+  // Public pages that do not require authentication
+  const publicPages = [
+    '/pages/login',
+    '/pages/register',
+    '/pages/404',
+    '/pages/500',
+    '/pages/auth-callback',
+  ];
+  const isPublic = publicPages.includes(to.path);
+
+  // Check Supabase session
+  const { data } = await import('@/lib/supabase').then(m => m.default.auth.getSession());
+  const isAuthenticated = !!data.session;
+
+  if (!isAuthenticated && !isPublic) {
+    next('/pages/login');
+  } else if (isAuthenticated && to.path === '/pages/login') {
+    next('/dashboard');
+  } else {
+    next();
+  }
+});
+
 export default router
diff --git a/src/views/pages/Login.vue b/src/views/pages/Login.vue
index 43386210..eb3c9624 100644
--- a/src/views/pages/Login.vue
+++ b/src/views/pages/Login.vue
@@ -6,31 +6,38 @@
           <CCardGroup>
             <CCard class="p-4">
               <CCardBody>
-                <CForm>
+                <form @submit.prevent="handleLogin">
                   <h1>Login</h1>
                   <p class="text-body-secondary">Sign In to your account</p>
-                  <CInputGroup class="mb-3">
-                    <CInputGroupText>
-                      <CIcon icon="cil-user" />
-                    </CInputGroupText>
-                    <CFormInput
-                      placeholder="Username"
-                      autocomplete="username"
-                    />
-                  </CInputGroup>
-                  <CInputGroup class="mb-4">
-                    <CInputGroupText>
-                      <CIcon icon="cil-lock-locked" />
-                    </CInputGroupText>
-                    <CFormInput
-                      type="password"
-                      placeholder="Password"
-                      autocomplete="current-password"
-                    />
-                  </CInputGroup>
+                  <div class="mb-3">
+                    <CInputGroup class="mb-3">
+                      <CInputGroupText>
+                        <CIcon icon="cil-envelope-closed" />
+                      </CInputGroupText>
+                      <CFormInput
+                        v-model="email"
+                        type="email"
+                        placeholder="Email"
+                        autocomplete="email"
+                      />
+                    </CInputGroup>
+                  </div>
+                  <div class="mb-3">
+                    <CInputGroup class="mb-4">
+                      <CInputGroupText>
+                        <CIcon icon="cil-lock-locked" />
+                      </CInputGroupText>
+                      <CFormInput
+                        v-model="password"
+                        type="password"
+                        placeholder="Password"
+                        autocomplete="current-password"
+                      />
+                    </CInputGroup>
+                  </div>
                   <CRow>
                     <CCol :xs="6">
-                      <CButton color="primary" class="px-4"> Login </CButton>
+                      <CButton color="primary" class="px-4" type="submit"> Login </CButton>
                     </CCol>
                     <CCol :xs="6" class="text-right">
                       <CButton color="link" class="px-0">
@@ -38,7 +45,8 @@
                       </CButton>
                     </CCol>
                   </CRow>
-                </CForm>
+                  <div v-if="errorMessage" class="alert alert-danger mt-2">{{ errorMessage }}</div>
+                </form>
               </CCardBody>
             </CCard>
             <CCard class="text-white bg-primary py-5" style="width: 44%">
@@ -62,3 +70,27 @@
     </CContainer>
   </div>
 </template>
+
+<script setup>
+import { ref } from "vue";
+import { useRouter } from "vue-router";
+import supabase from "@/lib/supabase";
+
+const email = ref("");
+const password = ref("");
+const errorMessage = ref("");
+const router = useRouter();
+
+const handleLogin = async () => {
+  errorMessage.value = "";
+  const { data, error } = await supabase.auth.signInWithPassword({
+    email: email.value,
+    password: password.value,
+  });
+  if (error) {
+    errorMessage.value = error.message;
+  } else {
+    router.push("/dashboard");
+  }
+};
+</script>
diff --git a/src/views/pages/Register.vue b/src/views/pages/Register.vue
index 284e3cc1..7483af71 100644
--- a/src/views/pages/Register.vue
+++ b/src/views/pages/Register.vue
@@ -12,17 +12,14 @@
                   <CInputGroupText>
                     <CIcon icon="cil-user" />
                   </CInputGroupText>
-                  <CFormInput placeholder="Username" autocomplete="username" />
-                </CInputGroup>
-                <CInputGroup class="mb-3">
-                  <CInputGroupText>@</CInputGroupText>
-                  <CFormInput placeholder="Email" autocomplete="email" />
+                  <CFormInput v-model="email" placeholder="Email" autocomplete="email" />
                 </CInputGroup>
                 <CInputGroup class="mb-3">
                   <CInputGroupText>
                     <CIcon icon="cil-lock-locked" />
                   </CInputGroupText>
                   <CFormInput
+                    v-model="password"
                     type="password"
                     placeholder="Password"
                     autocomplete="new-password"
@@ -33,15 +30,18 @@
                     <CIcon icon="cil-lock-locked" />
                   </CInputGroupText>
                   <CFormInput
+                    v-model="repeatPassword"
                     type="password"
                     placeholder="Repeat password"
                     autocomplete="new-password"
                   />
                 </CInputGroup>
                 <div class="d-grid">
-                  <CButton color="success">Create Account</CButton>
+                  <CButton color="success" @click="handleRegister">Create Account</CButton>
                 </div>
               </CForm>
+              <div v-if="errorMessage" class="alert alert-danger mt-2">{{ errorMessage }}</div>
+              <div v-if="successMessage" class="alert alert-success mt-2">{{ successMessage }}</div>
             </CCardBody>
           </CCard>
         </CCol>
@@ -49,3 +49,32 @@
     </CContainer>
   </div>
 </template>
+
+<script setup>
+import { ref } from "vue";
+import supabase from "@/lib/supabase";
+
+const email = ref("");
+const password = ref("");
+const repeatPassword = ref("");
+const errorMessage = ref("");
+const successMessage = ref("");
+
+const handleRegister = async () => {
+  errorMessage.value = "";
+  successMessage.value = "";
+  if (password.value !== repeatPassword.value) {
+    errorMessage.value = "Passwords do not match.";
+    return;
+  }
+  const { data, error } = await supabase.auth.signUp({
+    email: email.value,
+    password: password.value,
+  });
+  if (error) {
+    errorMessage.value = error.message;
+  } else {
+    successMessage.value = "Registration successful. Please check your email to confirm your account.";
+  }
+};
+</script>
diff --git a/supabase/.gitignore b/supabase/.gitignore
new file mode 100644
index 00000000..a3ad8805
--- /dev/null
+++ b/supabase/.gitignore
@@ -0,0 +1,4 @@
+# Supabase
+.branches
+.temp
+.env
diff --git a/supabase/config.toml b/supabase/config.toml
new file mode 100644
index 00000000..fd670ac6
--- /dev/null
+++ b/supabase/config.toml
@@ -0,0 +1,203 @@
+# A string used to distinguish different Supabase projects on the same host. Defaults to the
+# working directory name when running `supabase init`.
+project_id = "cabanero"
+
+[api]
+enabled = true
+# Port to use for the API URL.
+port = 54321
+# Schemas to expose in your API. Tables, views and stored procedures in this schema will get API
+# endpoints. `public` is always included.
+schemas = ["public", "graphql_public"]
+# Extra schemas to add to the search_path of every request. `public` is always included.
+extra_search_path = ["public", "extensions"]
+# The maximum number of rows returns from a view, table, or stored procedure. Limits payload size
+# for accidental or malicious requests.
+max_rows = 1000
+
+[api.tls]
+enabled = false
+
+[db]
+# Port to use for the local database URL.
+port = 54322
+# Port used by db diff command to initialize the shadow database.
+shadow_port = 54320
+# The database major version to use. This has to be the same as your remote database's. Run `SHOW
+# server_version;` on the remote database to check.
+major_version = 15
+
+[db.pooler]
+enabled = false
+# Port to use for the local connection pooler.
+port = 54329
+# Specifies when a server connection can be reused by other clients.
+# Configure one of the supported pooler modes: `transaction`, `session`.
+pool_mode = "transaction"
+# How many server connections to allow per user/database pair.
+default_pool_size = 20
+# Maximum number of client connections allowed.
+max_client_conn = 100
+
+[realtime]
+enabled = true
+# Bind realtime via either IPv4 or IPv6. (default: IPv4)
+# ip_version = "IPv6"
+# The maximum length in bytes of HTTP request headers. (default: 4096)
+# max_header_length = 4096
+
+[studio]
+enabled = true
+# Port to use for Supabase Studio.
+port = 54323
+# External URL of the API server that frontend connects to.
+api_url = "http://127.0.0.1"
+# OpenAI API Key to use for Supabase AI in the Supabase Studio.
+openai_api_key = "env(OPENAI_API_KEY)"
+
+# Email testing server. Emails sent with the local dev setup are not actually sent - rather, they
+# are monitored, and you can view the emails that would have been sent from the web interface.
+[inbucket]
+enabled = true
+# Port to use for the email testing server web interface.
+port = 54324
+# Uncomment to expose additional ports for testing user applications that send emails.
+# smtp_port = 54325
+# pop3_port = 54326
+
+[storage]
+enabled = true
+# The maximum file size allowed (e.g. "5MB", "500KB").
+file_size_limit = "50MiB"
+
+[storage.image_transformation]
+enabled = true
+
+# Uncomment to configure local storage buckets
+# [storage.buckets.images]
+# public = false
+# file_size_limit = "50MiB"
+# allowed_mime_types = ["image/png", "image/jpeg"]
+# objects_path = "./images"
+
+[auth]
+enabled = true
+# The base URL of your website. Used as an allow-list for redirects and for constructing URLs used
+# in emails.
+site_url = "http://localhost:3001"
+# A list of *exact* URLs that auth providers are permitted to redirect to post authentication.
+additional_redirect_urls = ["http://localhost:3001", "http://localhost:3001/#/pages/auth-callback"]
+# How long tokens are valid for, in seconds. Defaults to 3600 (1 hour), maximum 604,800 (1 week).
+jwt_expiry = 3600
+# If disabled, the refresh token will never expire.
+enable_refresh_token_rotation = true
+# Allows refresh tokens to be reused after expiry, up to the specified interval in seconds.
+# Requires enable_refresh_token_rotation = true.
+refresh_token_reuse_interval = 10
+# Allow/disallow new user signups to your project.
+enable_signup = true
+# Allow/disallow anonymous sign-ins to your project.
+enable_anonymous_sign_ins = false
+# Allow/disallow testing manual linking of accounts
+enable_manual_linking = false
+
+[auth.email]
+# Allow/disallow new user signups via email to your project.
+enable_signup = true
+# If enabled, a user will be required to confirm any email change on both the old, and new email
+# addresses. If disabled, only the new email is required to confirm.
+double_confirm_changes = true
+# If enabled, users need to confirm their email address before signing in.
+enable_confirmations = false
+# Controls the minimum amount of time that must pass before sending another signup confirmation or password reset email.
+max_frequency = "1s"
+
+# Use a production-ready SMTP server
+# [auth.email.smtp]
+# host = "smtp.sendgrid.net"
+# port = 587
+# user = "apikey"
+# pass = "env(SENDGRID_API_KEY)"
+# admin_email = "admin@email.com"
+# sender_name = "Admin"
+
+# Uncomment to customize email template
+# [auth.email.template.invite]
+# subject = "You have been invited"
+# content_path = "./supabase/templates/invite.html"
+
+[auth.sms]
+# Allow/disallow new user signups via SMS to your project.
+enable_signup = true
+# If enabled, users need to confirm their phone number before signing in.
+enable_confirmations = false
+# Template for sending OTP to users
+template = "Your code is {{ .Code }} ."
+# Controls the minimum amount of time that must pass before sending another sms otp.
+max_frequency = "5s"
+
+# Use pre-defined map of phone number to OTP for testing.
+# [auth.sms.test_otp]
+# 4152127777 = "123456"
+
+# Configure logged in session timeouts.
+# [auth.sessions]
+# Force log out after the specified duration.
+# timebox = "24h"
+# Force log out if the user has been inactive longer than the specified duration.
+# inactivity_timeout = "8h"
+
+# This hook runs before a token is issued and allows you to add additional claims based on the authentication method used.
+# [auth.hook.custom_access_token]
+# enabled = true
+# uri = "pg-functions://<database>/<schema>/<hook_name>"
+
+# Configure one of the supported SMS providers: `twilio`, `twilio_verify`, `messagebird`, `textlocal`, `vonage`.
+[auth.sms.twilio]
+enabled = false
+account_sid = ""
+message_service_sid = ""
+# DO NOT commit your Twilio auth token to git. Use environment variable substitution instead:
+auth_token = "env(SUPABASE_AUTH_SMS_TWILIO_AUTH_TOKEN)"
+
+# Use an external OAuth provider. The full list of providers are: `apple`, `azure`, `bitbucket`,
+# `discord`, `facebook`, `github`, `gitlab`, `google`, `keycloak`, `linkedin_oidc`, `notion`, `twitch`,
+# `twitter`, `slack`, `spotify`, `workos`, `zoom`.
+[auth.external.apple]
+enabled = false
+client_id = ""
+# DO NOT commit your OAuth provider secret to git. Use environment variable substitution instead:
+secret = "env(SUPABASE_AUTH_EXTERNAL_APPLE_SECRET)"
+# Overrides the default auth redirectUrl.
+redirect_uri = ""
+# Overrides the default auth provider URL. Used to support self-hosted gitlab, single-tenant Azure,
+# or any other third-party OIDC providers.
+url = ""
+# If enabled, the nonce check will be skipped. Required for local sign in with Google auth.
+skip_nonce_check = false
+
+[edge_runtime]
+enabled = true
+# Configure one of the supported request policies: `oneshot`, `per_worker`.
+# Use `oneshot` for hot reload, or `per_worker` for load testing.
+policy = "oneshot"
+inspector_port = 8083
+
+[analytics]
+enabled = true
+port = 54327
+# Configure one of the supported backends: `postgres`, `bigquery`.
+backend = "postgres"
+
+# Experimental features may be deprecated any time
+[experimental]
+# Configures Postgres storage engine to use OrioleDB (S3)
+orioledb_version = ""
+# Configures S3 bucket URL, eg. <bucket_name>.s3-<region>.amazonaws.com
+s3_host = "env(S3_HOST)"
+# Configures S3 bucket region, eg. us-east-1
+s3_region = "env(S3_REGION)"
+# Configures AWS_ACCESS_KEY_ID for S3 bucket
+s3_access_key = "env(S3_ACCESS_KEY)"
+# Configures AWS_SECRET_ACCESS_KEY for S3 bucket
+s3_secret_key = "env(S3_SECRET_KEY)"
diff --git a/supabase/seed.sql b/supabase/seed.sql
new file mode 100644
index 00000000..e69de29b