chore(supabase): full purge — remove all Supabase references from codebase
- Delete supabase/ directory (config.toml, push-migrations.js, ADMIN_CREATE_STOP_FIX.sql, 137 archived migration files) - Remove @supabase/ssr and @supabase/supabase-js from package.json - Strip *.supabase.co from next.config.ts image hostnames - Strip https://*.supabase.co from vercel.json CSP connect-src - Remove 'supabase/**' ignore from eslint.config.mjs - Clean supabase references from src/lib/db.ts, vitest.config.ts, db/seeds/2026-tuxedo-tour-stops.sql, src/actions/storefront.ts, scripts/import-tuxedo-stops.ts comments - Rewrite env-var docs in README, ENVIRONMENT, PRODUCTION_SETUP, PRODUCTION_DEPLOYMENT_CHECKLIST, LAUNCH_CHECKLIST, CLAUDE, MEMORY, REPORT to drop NEXT_PUBLIC_SUPABASE_URL / SUPABASE_SERVICE_ROLE_KEY / supabase link / supabase CLI references The canonical migration runner is now scripts/migrate.js (uses pg directly via DATABASE_URL). Migrations live in db/migrations/. The Supabase CLI is no longer in the codebase. The only remaining '@supabase/*' in the dep tree is @supabase/auth-js as a transitive of @neondatabase/auth (Neon Auth / Better Auth). Final source scan: grep -rln '@supabase\|rest/v1\|supabase\.co' src/ tests/ db/ scripts/ next.config.ts vercel.json eslint.config.mjs package.json returns zero. Verification: npm install clean (11 added, 21 removed, 12 changed), tsc shows same 17 pre-existing errors (Stripe dahlia API version + fetch preconnect mocks), vitest 172/175 (3 pre-existing failures in getAdminUser.test.ts), lint shows same 14 pre-existing errors. Live-tested: dev server boots in 248ms, public storefronts (/) (/login) (/pricing) (/tuxedo) (/indian-river-direct) all return 200; /admin/v2?demo=1 reaches 200 after dev_session redirect; storefront renders real brand content.
This commit is contained in:
@@ -1,193 +0,0 @@
|
||||
-- ============================================================
|
||||
-- Admin Read Policies for Orders
|
||||
-- ============================================================
|
||||
-- The checkout hardening removed broad anon SELECT policies.
|
||||
-- Admin pages need to read orders with the anon key (server-side via getAdminUser).
|
||||
-- We use SECURITY DEFINER functions that bypass RLS so admin pages
|
||||
-- can still fetch orders for their brand scope without auth.uid().
|
||||
|
||||
-- No direct public SELECT (already enforced by removal of anon policies)
|
||||
|
||||
-- Policy: platform_admin can SELECT all orders
|
||||
CREATE POLICY "Platform admin can read orders"
|
||||
ON orders FOR SELECT
|
||||
TO authenticated
|
||||
USING (
|
||||
EXISTS (
|
||||
SELECT 1 FROM admin_users
|
||||
WHERE admin_users.user_id = auth.uid()
|
||||
AND admin_users.role = 'platform_admin'
|
||||
)
|
||||
);
|
||||
|
||||
-- Policy: brand_admin can read orders for their brand
|
||||
CREATE POLICY "Brand admin can read their brand orders"
|
||||
ON orders FOR SELECT
|
||||
TO authenticated
|
||||
USING (
|
||||
EXISTS (
|
||||
SELECT 1 FROM admin_users
|
||||
WHERE admin_users.user_id = auth.uid()
|
||||
AND admin_users.role = 'brand_admin'
|
||||
AND admin_users.brand_id = (
|
||||
SELECT brand_id FROM stops WHERE stops.id = orders.stop_id
|
||||
)
|
||||
)
|
||||
);
|
||||
|
||||
-- Policy: stops readable by admin users
|
||||
CREATE POLICY "Admins can read stops"
|
||||
ON stops FOR SELECT
|
||||
TO authenticated
|
||||
USING (
|
||||
EXISTS (
|
||||
SELECT 1 FROM admin_users
|
||||
WHERE admin_users.user_id = auth.uid()
|
||||
)
|
||||
);
|
||||
|
||||
-- ============================================================
|
||||
-- Admin Orders Fetch RPC
|
||||
-- ============================================================
|
||||
-- SECURITY DEFINER runs as postgres — bypasses RLS on orders/stops.
|
||||
|
||||
CREATE OR REPLACE FUNCTION get_admin_orders(p_brand_id UUID)
|
||||
RETURNS JSONB
|
||||
LANGUAGE plpgsql
|
||||
SECURITY DEFINER
|
||||
SET search_path = public
|
||||
AS $$
|
||||
DECLARE
|
||||
v_orders JSONB;
|
||||
v_stops JSONB;
|
||||
BEGIN
|
||||
IF p_brand_id IS NULL THEN
|
||||
SELECT COALESCE(jsonb_agg(t ORDER BY t.created_at DESC), '[]'::JSONB)
|
||||
INTO v_orders
|
||||
FROM (
|
||||
SELECT o.id, o.customer_name, o.customer_email, o.customer_phone,
|
||||
o.stop_id, o.status, o.subtotal, o.pickup_complete,
|
||||
o.pickup_completed_at, o.pickup_completed_by, o.created_at,
|
||||
CASE WHEN o.stop_id IS NOT NULL THEN jsonb_build_object(
|
||||
'id', s.id, 'city', s.city, 'state', s.state,
|
||||
'date', s.date, 'time', s.time, 'location', s.location, 'brand_id', s.brand_id
|
||||
) END as stops
|
||||
FROM orders o LEFT JOIN stops s ON o.stop_id = s.id
|
||||
WHERE o.stop_id IS NOT NULL
|
||||
LIMIT 500
|
||||
) t;
|
||||
|
||||
SELECT COALESCE(jsonb_agg(jsonb_build_object(
|
||||
'id', id, 'city', city, 'state', state,
|
||||
'date', date, 'time', time, 'location', location, 'brand_id', brand_id
|
||||
) ORDER BY date), '[]'::JSONB)
|
||||
INTO v_stops FROM stops WHERE active = true;
|
||||
ELSE
|
||||
SELECT COALESCE(jsonb_agg(t ORDER BY t.created_at DESC), '[]'::JSONB)
|
||||
INTO v_orders
|
||||
FROM (
|
||||
SELECT o.id, o.customer_name, o.customer_email, o.customer_phone,
|
||||
o.stop_id, o.status, o.subtotal, o.pickup_complete,
|
||||
o.pickup_completed_at, o.pickup_completed_by, o.created_at,
|
||||
jsonb_build_object(
|
||||
'id', s.id, 'city', s.city, 'state', s.state,
|
||||
'date', s.date, 'time', s.time, 'location', s.location, 'brand_id', s.brand_id
|
||||
) as stops
|
||||
FROM orders o JOIN stops s ON o.stop_id = s.id
|
||||
WHERE s.brand_id = p_brand_id
|
||||
LIMIT 500
|
||||
) t;
|
||||
|
||||
SELECT COALESCE(jsonb_agg(jsonb_build_object(
|
||||
'id', id, 'city', city, 'state', state,
|
||||
'date', date, 'time', time, 'location', location, 'brand_id', brand_id
|
||||
) ORDER BY date), '[]'::JSONB)
|
||||
INTO v_stops FROM stops WHERE active = true AND brand_id = p_brand_id;
|
||||
END IF;
|
||||
|
||||
RETURN jsonb_build_object('orders', v_orders, 'stops', v_stops);
|
||||
END;
|
||||
$$;
|
||||
|
||||
-- ============================================================
|
||||
-- Admin Order Detail RPC
|
||||
-- ============================================================
|
||||
|
||||
CREATE OR REPLACE FUNCTION get_admin_order_detail(p_order_id UUID)
|
||||
RETURNS JSONB
|
||||
LANGUAGE plpgsql
|
||||
SECURITY DEFINER
|
||||
SET search_path = public
|
||||
AS $$
|
||||
DECLARE
|
||||
v_order JSONB;
|
||||
BEGIN
|
||||
SELECT jsonb_build_object(
|
||||
'id', o.id,
|
||||
'customer_name', o.customer_name,
|
||||
'customer_email', o.customer_email,
|
||||
'customer_phone', o.customer_phone,
|
||||
'stop_id', o.stop_id,
|
||||
'status', o.status,
|
||||
'subtotal', o.subtotal,
|
||||
'discount_amount', o.discount_amount,
|
||||
'tax_amount', o.tax_amount,
|
||||
'tax_rate', o.tax_rate,
|
||||
'tax_location', o.tax_location,
|
||||
'discount_reason', o.discount_reason,
|
||||
'pickup_complete', o.pickup_complete,
|
||||
'pickup_completed_at', o.pickup_completed_at,
|
||||
'pickup_completed_by', o.pickup_completed_by,
|
||||
'internal_notes', o.internal_notes,
|
||||
'payment_processor', o.payment_processor,
|
||||
'payment_status', o.payment_status,
|
||||
'payment_transaction_id', o.payment_transaction_id,
|
||||
'refunded_amount', o.refunded_amount,
|
||||
'refund_reason', o.refund_reason,
|
||||
'created_at', o.created_at,
|
||||
'stops', CASE WHEN o.stop_id IS NOT NULL THEN jsonb_build_object(
|
||||
'id', s.id,
|
||||
'city', s.city,
|
||||
'state', s.state,
|
||||
'date', s.date,
|
||||
'time', s.time,
|
||||
'location', s.location,
|
||||
'brand_id', s.brand_id
|
||||
) END,
|
||||
'order_items', COALESCE((
|
||||
SELECT jsonb_agg(jsonb_build_object(
|
||||
'id', oi.id,
|
||||
'product_id', oi.product_id,
|
||||
'product_name', p.name,
|
||||
'quantity', oi.quantity,
|
||||
'price', oi.price,
|
||||
'fulfillment', oi.fulfillment,
|
||||
'products', jsonb_build_object('name', p.name)
|
||||
))
|
||||
FROM order_items oi
|
||||
JOIN products p ON oi.product_id = p.id
|
||||
WHERE oi.order_id = o.id
|
||||
), '[]'::JSONB),
|
||||
'refunds', COALESCE((
|
||||
SELECT jsonb_agg(jsonb_build_object(
|
||||
'id', r.id,
|
||||
'order_id', r.order_id,
|
||||
'amount', r.amount,
|
||||
'reason', r.reason,
|
||||
'processor', r.processor,
|
||||
'processor_refund_id', r.processor_refund_id,
|
||||
'status', r.status,
|
||||
'created_at', r.created_at
|
||||
))
|
||||
FROM refunds r
|
||||
WHERE r.order_id = o.id
|
||||
), '[]'::JSONB)
|
||||
)
|
||||
INTO v_order
|
||||
FROM orders o
|
||||
LEFT JOIN stops s ON o.stop_id = s.id
|
||||
WHERE o.id = p_order_id;
|
||||
|
||||
RETURN v_order;
|
||||
END;
|
||||
$$;
|
||||
Reference in New Issue
Block a user