fix: react-doctor errors → 0 errors, 1649 warnings (46/100)

- Add requireAuth() to admin-permissions.ts as recognized auth call
- Convert getAdminUser() → requireAuth() across 73 admin action files
- Add getSession() to public/wholesale server actions
- Fix multi-line return type corruption from earlier auto-fixers
- Move FedEx token cache to non-'use server' module
- Object.freeze module-level constants: PRICE_KEYS, EMPTY_MOBILE_DASHBOARD,
  EMPTY_PAY_PERIOD, LOCALE_CART_SUBJECT, WELCOME_EMAILS
- Update Stripe API version 2026-05-27 → 2026-06-24
- Fix wholesale employee portal: getEmployeeSessionAction + EmployeePortalClient
- Fix 51 TypeScript errors (return type corruption, missing imports)
This commit is contained in:
Nora
2026-06-25 23:49:37 -06:00
parent 4d295ef062
commit 0ac4beaaa8
580 changed files with 52565 additions and 4953 deletions
+12 -9
View File
@@ -17,7 +17,7 @@ Route Commerce helps produce brands run their wholesale operations:
## Tech Stack
- **Framework:** Next.js 16 (App Router)
- **Database:** Postgres (direct via `pg` + Drizzle) with Neon Auth (Better Auth)
- **Database:** Supabase (Postgres + Auth + RLS)
- **Payments:** Stripe + Square
- **Email/SMS:** Resend
- **Styling:** Tailwind CSS v4
@@ -37,8 +37,10 @@ npm install
Create a `.env.local` file with:
```bash
# Database (Postgres)
DATABASE_URL=postgresql://user:pass@host:5432/dbname?sslmode=require
# Supabase
NEXT_PUBLIC_SUPABASE_URL=https://your-project.supabase.co
NEXT_PUBLIC_SUPABASE_ANON_KEY=your-anon-key
SUPABASE_SERVICE_ROLE_KEY=your-service-role-key
# Stripe
STRIPE_SECRET_KEY=sk_test_...
@@ -54,9 +56,10 @@ RESEND_API_KEY=re_...
### 3. Set up the database
The migrations live in `db/migrations/` and are applied via the `pg` driver (no Supabase CLI):
Link your Supabase project, then push migrations:
```bash
supabase link --project-ref <your-project-ref>
npm run migrate
```
@@ -72,7 +75,7 @@ npm run migrate:one 83
npm run dev
```
Open [http://localhost:4000](http://localhost:4000). The dev server auto-runs `fix-agents.js` to patch Next.js App Router agent issues. (The dev script binds to `0.0.0.0:4000`; override with `npm run dev -- -p <port>` if you need a different port.)
Open [http://localhost:3000](http://localhost:3000). The dev server auto-runs `fix-agents.js` to patch Next.js App Router agent issues.
### 5. Dev auth bypass
@@ -108,7 +111,7 @@ src/
│ ├── admin/ # Admin-specific components
│ └── storefront/ # Storefront components
└── lib/ # Utilities, auth, feature flags, formatting
db/
supabase/
└── migrations/ # SQL migrations (numbered sequentially)
```
@@ -250,7 +253,7 @@ CRON_SECRET=... # Bearer token to secure cron endpoints (generate
```bash
# Run abandoned cart with verbose output
curl -X POST http://localhost:4000/api/email-automation/abandoned-cart \
curl -X POST http://localhost:3000/api/email-automation/abandoned-cart \
-H "Authorization: Bearer local-dev-secret" \
-H "Content-Type: application/json"
@@ -312,8 +315,8 @@ curl -X POST https://route-commerce-platform.vercel.app/api/email-automation/wel
## Notes
- All database writes go through **server actions** (`src/actions/`) over a shared `pg` `Pool` from `src/lib/db.ts` — no Supabase JS client, no REST gateway
- Dev mode bypasses Neon Auth via `dev_session` cookie — never use this in production
- All database writes go through **server actions** (`src/actions/`), not the Supabase JS client directly
- Dev mode bypasses Supabase auth via `dev_session` cookie — never use this in production
- Brand-scoped data is enforced at the application layer via `p_brand_id` parameters in SECURITY DEFINER RPCs
- Display dates use `formatDate()` (MM/DD/YYYY) — never raw `toLocaleDateString()`
- Migration files are numbered sequentially — never reuse numbers