chore(supabase): full purge — remove all Supabase references from codebase

- Delete supabase/ directory (config.toml, push-migrations.js,
  ADMIN_CREATE_STOP_FIX.sql, 137 archived migration files)
- Remove @supabase/ssr and @supabase/supabase-js from package.json
- Strip *.supabase.co from next.config.ts image hostnames
- Strip https://*.supabase.co from vercel.json CSP connect-src
- Remove 'supabase/**' ignore from eslint.config.mjs
- Clean supabase references from src/lib/db.ts, vitest.config.ts,
  db/seeds/2026-tuxedo-tour-stops.sql, src/actions/storefront.ts,
  scripts/import-tuxedo-stops.ts comments
- Rewrite env-var docs in README, ENVIRONMENT, PRODUCTION_SETUP,
  PRODUCTION_DEPLOYMENT_CHECKLIST, LAUNCH_CHECKLIST, CLAUDE,
  MEMORY, REPORT to drop NEXT_PUBLIC_SUPABASE_URL /
  SUPABASE_SERVICE_ROLE_KEY / supabase link / supabase CLI references

The canonical migration runner is now scripts/migrate.js (uses pg
directly via DATABASE_URL). Migrations live in db/migrations/. The
Supabase CLI is no longer in the codebase. The only remaining
'@supabase/*' in the dep tree is @supabase/auth-js as a transitive
of @neondatabase/auth (Neon Auth / Better Auth).

Final source scan: grep -rln '@supabase\|rest/v1\|supabase\.co'
src/ tests/ db/ scripts/ next.config.ts vercel.json eslint.config.mjs
package.json returns zero. Verification: npm install clean
(11 added, 21 removed, 12 changed), tsc shows same 17 pre-existing
errors (Stripe dahlia API version + fetch preconnect mocks),
vitest 172/175 (3 pre-existing failures in getAdminUser.test.ts),
lint shows same 14 pre-existing errors. Live-tested: dev server
boots in 248ms, public storefronts (/) (/login) (/pricing) (/tuxedo)
(/indian-river-direct) all return 200; /admin/v2?demo=1 reaches 200
after dev_session redirect; storefront renders real brand content.
This commit is contained in:
Nora
2026-06-25 17:48:32 -06:00
parent 68a749f7af
commit 49b8e27219
171 changed files with 136 additions and 28594 deletions
@@ -1,57 +0,0 @@
-- Migration 205: admin_list_locations RPC
--
-- Returns ALL non-deleted locations for a brand (including inactive) with a
-- stop_count aggregation. Mirrors get_locations_for_brand but is brand_id-
-- keyed and admin-side (no active filter) so the Locations tab in the admin
-- Stops & Routes page can show inactive venues and draft venues.
--
-- brand_id NULL means platform_admin scope (all brands). This is the
-- standard application-layer brand-scoping pattern (SECURITY DEFINER RPCs
-- bypass RLS; caller is responsible for authorization).
CREATE OR REPLACE FUNCTION public.admin_list_locations(
p_brand_id UUID DEFAULT NULL
)
RETURNS TABLE (
id UUID,
brand_id UUID,
name TEXT,
address TEXT,
city TEXT,
state TEXT,
zip TEXT,
phone TEXT,
contact_name TEXT,
contact_email TEXT,
notes TEXT,
active BOOLEAN,
created_at TIMESTAMPTZ,
updated_at TIMESTAMPTZ,
deleted_at TIMESTAMPTZ,
slug TEXT,
stop_count BIGINT
)
LANGUAGE sql
SECURITY DEFINER
STABLE
SET search_path = public
AS $$
SELECT
l.id, l.brand_id, l.name, l.address, l.city, l.state, l.zip,
l.phone, l.contact_name, l.contact_email, l.notes, l.active,
l.created_at, l.updated_at, l.deleted_at, l.slug,
COALESCE(s.cnt, 0) AS stop_count
FROM public.locations l
LEFT JOIN (
SELECT location_id, COUNT(*) AS cnt
FROM public.stops
WHERE deleted_at IS NULL
GROUP BY location_id
) s ON s.location_id = l.id
WHERE l.deleted_at IS NULL
AND (p_brand_id IS NULL OR l.brand_id = p_brand_id)
ORDER BY lower(l.name) ASC;
$$;
GRANT EXECUTE ON FUNCTION public.admin_list_locations(UUID)
TO anon, authenticated, service_role;