Production upgrade: Clerk auth, Stripe billing, analytics, PWA support

Backend & Auth:
- Add @clerk/nextjs for production authentication
- Create src/proxy.ts with clerkMiddleware() for route protection
- Implement multi-tenant auth with role-based access control
- Add Clerk components (Show, UserButton, SignInButton, SignUpButton)

Billing & Payments:
- Full Stripe integration (subscriptions, add-ons, customer portal)
- Plan tiers: Starter 9/mo, Farm 49/mo, Enterprise 99/mo
- Webhook handling for subscription events
- createSubscription(), createAddonSubscription(), createCustomerPortalSession()

API & Security:
- Rate limiting with @upstash/ratelimit (100 req/min API, 20 req/min checkout)
- Zod validation schemas for all endpoints (orders, products, campaigns, etc.)
- Security headers (CSP, HSTS, X-Frame-Options)
- API routes: /api/v1/ with validated, rate-limited endpoints

Monitoring:
- Sentry error tracking with performance monitoring
- PostHog analytics for feature usage, funnels, cohorts
- User activity logging and breadcrumb tracking

Admin Features:
- Analytics dashboard with revenue charts, customer growth, conversion funnel
- Onboarding flow with 6-step interactive tour
- Referral system with share tracking and reward redemption
- Changelog feed with in-app notifications

PWA & SEO:
- Web app manifest with icons and shortcuts
- Service worker for offline support and caching
- Full SEO metadata, OpenGraph, Twitter cards
- Structured data (JSON-LD) for organization and products

Database:
- Add referral_codes, changelogs, onboarding_progress tables
- Add user_activity_logs, api_keys, notification_preferences
- Comprehensive RLS policies for all new tables
- Seed data for demo brands and products
This commit is contained in:
2026-06-02 05:33:42 +00:00
parent b845d69aba
commit 6ab52a2499
32 changed files with 5816 additions and 501 deletions
+43 -26
View File
@@ -1,32 +1,49 @@
import { NextResponse } from "next/server";
import type { NextRequest } from "next/server";
// Clerk Middleware for Next.js App Router
// Must be exported as default from proxy.ts in src/ directory
// Simple route protection — admin pages redirect to login when no rc_auth_uid cookie.
// Dev bypass: dev_session cookie bypasses this check in development only.
export function proxy(request: NextRequest) {
const { pathname } = request.nextUrl;
import { clerkMiddleware } from "@clerk/nextjs/server";
// Skip non-admin routes
if (!pathname.startsWith("/admin")) {
return NextResponse.next();
}
// Define public routes that don't require authentication
const publicRoutes = [
"/",
"/login",
"/login2",
"/register",
"/forgot-password",
"/reset-password",
"/pricing",
"/terms-and-conditions",
"/privacy-policy",
"/contact",
"/api/health",
"/api/webhooks/clerk",
"/api/stripe/webhook",
// Brand storefronts are public
"/tuxedo",
"/tuxedo/*",
"/indian-river-direct",
"/indian-river-direct/*",
// Error pages
"/error",
"/not-found",
];
// Development bypass — dev_session cookie is set client-side by the login form
if (process.env.NODE_ENV === "development") {
const devSession = request.cookies.get("dev_session")?.value;
if (devSession) return NextResponse.next();
}
// Check rc_auth_uid (new) or rc_uid (legacy) cookie
const uid = request.cookies.get("rc_auth_uid")?.value ?? request.cookies.get("rc_uid")?.value;
if (uid) return NextResponse.next();
// Not authenticated — redirect to login
const loginUrl = new URL("/login", request.url);
loginUrl.searchParams.set("redirect", pathname);
return NextResponse.redirect(loginUrl);
}
// Export the clerkMiddleware as the default export
export default clerkMiddleware({
// Public routes configuration
publicRoutes,
// Debug mode in development
debug: process.env.NODE_ENV === "development",
});
export const config = {
matcher: ["/admin/:path*"],
matcher: [
// Skip Next.js internals and all files in the _next directory
"/((?!_next|[^?]*\\.(?:html?|css|js(?!on)|jpe?g|webp|png|gif|svg|ttf|woff2?|ico|csv|docx?|xlsx?|zip|webmanifest)).*)",
// Always run for API routes
"/(api|trpc)(.*)",
// Include Clerk's auto-proxy path for authentication
"/__clerk/(.*)",
],
};