Production upgrade: Clerk auth, Stripe billing, analytics, PWA support

Backend & Auth:
- Add @clerk/nextjs for production authentication
- Create src/proxy.ts with clerkMiddleware() for route protection
- Implement multi-tenant auth with role-based access control
- Add Clerk components (Show, UserButton, SignInButton, SignUpButton)

Billing & Payments:
- Full Stripe integration (subscriptions, add-ons, customer portal)
- Plan tiers: Starter 9/mo, Farm 49/mo, Enterprise 99/mo
- Webhook handling for subscription events
- createSubscription(), createAddonSubscription(), createCustomerPortalSession()

API & Security:
- Rate limiting with @upstash/ratelimit (100 req/min API, 20 req/min checkout)
- Zod validation schemas for all endpoints (orders, products, campaigns, etc.)
- Security headers (CSP, HSTS, X-Frame-Options)
- API routes: /api/v1/ with validated, rate-limited endpoints

Monitoring:
- Sentry error tracking with performance monitoring
- PostHog analytics for feature usage, funnels, cohorts
- User activity logging and breadcrumb tracking

Admin Features:
- Analytics dashboard with revenue charts, customer growth, conversion funnel
- Onboarding flow with 6-step interactive tour
- Referral system with share tracking and reward redemption
- Changelog feed with in-app notifications

PWA & SEO:
- Web app manifest with icons and shortcuts
- Service worker for offline support and caching
- Full SEO metadata, OpenGraph, Twitter cards
- Structured data (JSON-LD) for organization and products

Database:
- Add referral_codes, changelogs, onboarding_progress tables
- Add user_activity_logs, api_keys, notification_preferences
- Comprehensive RLS policies for all new tables
- Seed data for demo brands and products
This commit is contained in:
2026-06-02 05:33:42 +00:00
parent b845d69aba
commit 6ab52a2499
32 changed files with 5816 additions and 501 deletions
+177
View File
@@ -0,0 +1,177 @@
# LAUNCH CHECKLIST - Route Commerce
## Pre-Launch Verification
### Environment Setup
- [ ] Copy `.env.example` to `.env.local`
- [ ] Add all required API keys:
- [ ] Clerk publishable key
- [ ] Stripe secret key and price IDs
- [ ] Supabase URL and keys
- [ ] Sentry DSN (for error monitoring)
- [ ] PostHog API key (for analytics)
### Database Setup
- [ ] Run all migrations: `npm run migrate`
- [ ] Verify RLS policies are enforced
- [ ] Seed demo data if needed: `supabase db seed`
### Clerk Authentication
1. Create account at [dashboard.clerk.com](https://dashboard.clerk.com)
2. Create new application (choose "Application" type)
3. Copy Publishable Key to `NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY`
4. Copy Secret Key to `CLERK_SECRET_KEY`
5. Set up webhooks for user sync
6. Configure redirect URLs:
- `http://localhost:3000/login` (or your domain in production)
- `http://localhost:3000/register`
- `http://localhost:3000/sso-callback`
### Stripe Configuration
1. Create account at [dashboard.stripe.com](https://dashboard.stripe.com)
2. Create products and prices for each plan:
- [ ] Starter (Monthly/Annual)
- [ ] Farm (Monthly/Annual)
- [ ] Enterprise
3. Configure webhooks:
- Add endpoint: `https://yourdomain.com/api/stripe/webhook`
- Events: checkout.session.completed, customer.subscription.*, invoice.*
4. Copy webhook signing secret to `STRIPE_WEBHOOK_SECRET`
### Feature Flags
- [ ] Verify all feature flags in `brand_features` table
- [ ] Test feature toggling in admin settings
## Production Deployment
### Vercel / Hosting Setup
- [ ] Connect repository to hosting
- [ ] Configure environment variables
- [ ] Set `NEXT_PUBLIC_USE_MOCK_DATA=false`
- [ ] Enable Edge Functions if needed
### Domain & SSL
- [ ] Configure custom domain
- [ ] Enable HTTPS (automatic with Vercel)
- [ ] Set `NEXT_PUBLIC_SITE_URL` to production URL
### Email (Resend)
- [ ] Create Resend account
- [ ] Add domain for sending
- [ ] Create API key
- [ ] Test email delivery
### PWA Setup
- [ ] Generate app icons (see `/public/icons/`)
- [ ] Test service worker registration
- [ ] Test "Add to Home Screen" prompt
- [ ] Test push notifications (if configured)
## Post-Launch Verification
### Authentication
- [ ] Test sign up flow
- [ ] Test sign in flow
- [ ] Test password reset
- [ ] Test sign out
- [ ] Verify role-based access
### Core Features
- [ ] Test product CRUD operations
- [ ] Test stop/route creation
- [ ] Test order creation
- [ ] Test checkout flow
- [ ] Test email campaigns
### Billing
- [ ] Test subscription creation
- [ ] Test plan upgrades
- [ ] Test plan cancellations
- [ ] Verify webhook handling
- [ ] Test customer portal access
### Monitoring
- [ ] Verify Sentry is receiving errors
- [ ] Verify PostHog is tracking events
- [ ] Check error logs for any issues
## Launch Day
### Final Checks
- [ ] Run TypeScript check: `npx tsc --noEmit`
- [ ] Run lint: `npm run lint`
- [ ] Test on mobile devices
- [ ] Test on different browsers
- [ ] Verify all API routes work
### Documentation
- [ ] Update support email addresses
- [ ] Prepare onboarding documentation
- [ ] Prepare FAQ for customers
## Environment Variables Reference
```bash
# ===========================================
# CLERK AUTHENTICATION
# ===========================================
NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=pk_test_xxx
CLERK_SECRET_KEY=sk_test_xxx
# ===========================================
# STRIPE PAYMENTS
# ===========================================
STRIPE_SECRET_KEY=sk_live_xxx
NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY=pk_live_xxx
STRIPE_WEBHOOK_SECRET=whsec_xxx
# Price IDs
STRIPE_PRICE_STARTER_MONTHLY=price_xxx
STRIPE_PRICE_STARTER_ANNUAL=price_xxx
STRIPE_PRICE_FARM_MONTHLY=price_xxx
STRIPE_PRICE_FARM_ANNUAL=price_xxx
STRIPE_PRICE_ENTERPRISE_MONTHLY=price_xxx
# ===========================================
# SUPABASE
# ===========================================
NEXT_PUBLIC_SUPABASE_URL=https://xxx.supabase.co
NEXT_PUBLIC_SUPABASE_ANON_KEY=eyJxxx
SUPABASE_SERVICE_ROLE_KEY=eyJxxx
# ===========================================
# OPTIONAL: SENTRY
# ===========================================
SENTRY_DSN=https://xxx@sentry.io/xxx
# ===========================================
# OPTIONAL: POSTHOG
# ===========================================
NEXT_PUBLIC_POSTHOG_API_KEY=phc_xxx
NEXT_PUBLIC_POSTHOG_HOST=https://app.posthog.com
```
## Troubleshooting
### Auth Issues
- Check Clerk dashboard for sign-in logs
- Verify redirect URLs are configured
- Check browser console for errors
### Payment Issues
- Check Stripe dashboard for failed payments
- Verify webhook is receiving events
- Check server logs for webhook errors
### Database Issues
- Check Supabase dashboard for connection issues
- Verify RLS policies allow required operations
- Check for migration errors
## Resources
- Clerk Dashboard: https://dashboard.clerk.com
- Stripe Dashboard: https://dashboard.stripe.com
- Supabase Dashboard: https://supabase.com/dashboard
- Sentry Dashboard: https://sentry.io
- PostHog: https://app.posthog.com
+99
View File
@@ -0,0 +1,99 @@
# Route Commerce - Production Setup Guide
## Quick Start
```bash
# Install dependencies
npm install
# Copy environment variables
cp .env.example .env.local
# Start development server
npm run dev
```
## Configuration
### 1. Clerk Authentication
1. Sign up at [Clerk](https://clerk.com)
2. Create a new application
3. Copy keys to `.env.local`:
```
NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=pk_test_xxx
CLERK_SECRET_KEY=sk_test_xxx
```
4. Configure middleware in `src/proxy.ts`
### 2. Stripe Payments
1. Create Stripe account
2. Create products and prices in Stripe Dashboard
3. Update `.env.local` with:
```
STRIPE_SECRET_KEY=sk_test_xxx
NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY=pk_test_xxx
STRIPE_WEBHOOK_SECRET=whsec_xxx
```
### 3. Supabase Database
1. Create project at [Supabase](https://supabase.com)
2. Run migrations: `npm run migrate`
3. Update `.env.local` with:
```
NEXT_PUBLIC_SUPABASE_URL=https://xxx.supabase.co
NEXT_PUBLIC_SUPABASE_ANON_KEY=xxx
SUPABASE_SERVICE_ROLE_KEY=xxx
```
### 4. Optional Services
#### Sentry (Error Monitoring)
```
SENTRY_DSN=https://xxx@sentry.io/xxx
```
#### PostHog (Analytics)
```
NEXT_PUBLIC_POSTHOG_API_KEY=phc_xxx
```
## Deployment
### Vercel
1. Connect repository to Vercel
2. Add all environment variables
3. Deploy
### Other Platforms
Ensure environment variables are set before deployment.
## Key Files
- `src/proxy.ts` - Clerk middleware
- `src/lib/stripe-billing.ts` - Stripe integration
- `src/lib/analytics.ts` - PostHog analytics
- `src/lib/sentry.ts` - Sentry error tracking
- `src/components/admin/AnalyticsDashboard.tsx` - Admin dashboard
- `src/components/onboarding/OnboardingFlow.tsx` - User onboarding
- `src/components/referral/ReferralSystem.tsx` - Referral tracking
- `src/components/changelog/ChangelogFeed.tsx` - Product updates
- `supabase/migrations/` - Database schema
## Scripts
```bash
npm run dev # Start development server
npm run build # Production build
npm run lint # Run ESLint
npm run migrate # Run database migrations
```
## Documentation
- Full documentation: [CLAUDE.md](./CLAUDE.md)
- Launch checklist: [LAUNCH_CHECKLIST.md](./LAUNCH_CHECKLIST.md)
+104 -14
View File
@@ -1,28 +1,118 @@
import type { NextConfig } from "next";
const nextConfig: NextConfig = {
httpAgentOptions: {
keepAlive: false,
},
// Enable strict mode
reactStrictMode: true,
// Optimize images
images: {
remotePatterns: [
{ hostname: "wnzkhezyhnfzhkhiflrp.supabase.co" },
{ hostname: "images.unsplash.com" },
{ hostname: "cdn.shopify.com" },
{
protocol: "https",
hostname: "*.supabase.co",
},
{
protocol: "https",
hostname: "images.unsplash.com",
},
{
protocol: "https",
hostname: "picsum.photos",
},
],
formats: ["image/avif", "image/webp"],
deviceSizes: [640, 750, 828, 1080, 1200, 1920, 2048, 3840],
imageSizes: [16, 32, 48, 64, 96, 128, 256, 384],
},
// Security headers
async headers() {
return [
{
source: "/:path*",
headers: [
{
key: "X-Content-Type-Options",
value: "nosniff",
},
{
key: "X-Frame-Options",
value: "DENY",
},
{
key: "X-XSS-Protection",
value: "1; mode=block",
},
{
key: "Referrer-Policy",
value: "strict-origin-when-cross-origin",
},
{
key: "Permissions-Policy",
value: "camera=(), microphone=(), geolocation=()",
},
],
},
devIndicators: {
position: "bottom-left",
{
// API routes - more restrictive
source: "/api/:path*",
headers: [
{
key: "Access-Control-Allow-Methods",
value: "GET, POST, PUT, DELETE, OPTIONS",
},
experimental: {
serverActions: {
bodySizeLimit: '10mb',
{
key: "Access-Control-Allow-Headers",
value: "Content-Type, Authorization, X-API-Key",
},
{
key: "Access-Control-Max-Age",
value: "86400",
},
],
},
];
},
serverExternalPackages: ['@prisma/adapter-pg'],
// Netlify deployment settings
output: 'standalone',
// Redirects
async redirects() {
return [
// Redirect old paths if needed
// {
// source: '/old-path',
// destination: '/new-path',
// permanent: true,
// },
];
},
// Rewrites for API proxy
async rewrites() {
return [
// Add any necessary rewrites here
];
},
// Experimental features
experimental: {
// Enable optimizePackageImports for better bundle size
optimizePackageImports: ["lucide-react", "@radix-ui/react-icons", "framer-motion"],
},
// Compiler options
compiler: {
// Remove console.log in production
removeConsole: process.env.NODE_ENV === "production"
? { exclude: ["error", "warn"] }
: false,
},
// Logging
logging: {
fetches: {
fullUrl: process.env.NODE_ENV === "development",
},
},
};
export default nextConfig;
+14 -3
View File
@@ -1,21 +1,29 @@
{
"name": "route-commerce-platform",
"version": "0.1.0",
"version": "1.0.0",
"private": true,
"scripts": {
"dev": "node fix-agents.js && next dev --webpack -H 0.0.0.0",
"build": "next build --webpack",
"start": "next start",
"lint": "eslint",
"lint:fix": "eslint --fix",
"migrate": "node supabase/push-migrations.js",
"migrate:one": "node supabase/push-migrations.js"
"migrate:one": "node supabase/push-migrations.js",
"type-check": "npx tsc --noEmit",
"format": "prettier --write \"src/**/*.{ts,tsx}\"",
"postinstall": "next-env file generation"
},
"dependencies": {
"@anthropic-ai/sdk": "^0.96.0",
"@clerk/nextjs": "^7.4.2",
"@google/generative-ai": "^0.24.1",
"@gsap/react": "^2.1.2",
"@sentry/nextjs": "^10.55.0",
"@supabase/ssr": "^0.10.2",
"@supabase/supabase-js": "^2.105.3",
"@upstash/ratelimit": "^2.0.8",
"@upstash/redis": "^1.38.0",
"exceljs": "^4.4.0",
"framer-motion": "^12.40.0",
"gsap": "^3.15.0",
@@ -24,13 +32,15 @@
"openai": "^6.37.0",
"papaparse": "^5.5.3",
"pdf-lib": "^1.17.1",
"posthog-node": "^5.35.11",
"qrcode": "^1.5.4",
"react": "19.2.4",
"react-dom": "19.2.4",
"server-only": "^0.0.1",
"square": "^44.0.1",
"stripe": "^22.1.1",
"uuid": "^11.1.1"
"uuid": "^11.1.1",
"zod": "^4.4.3"
},
"devDependencies": {
"@playwright/test": "^1.60.0",
@@ -40,6 +50,7 @@
"@types/qrcode": "^1.5.6",
"@types/react": "^19",
"@types/react-dom": "^19",
"@types/uuid": "^11.0.0",
"dotenv": "^17.4.2",
"eslint": "^9",
"eslint-config-next": "16.2.5",
+5
View File
@@ -0,0 +1,5 @@
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512">
<rect width="512" height="512" fill="#0a0a0a" rx="64"/>
<path d="M128 256 L256 384 L384 256 L256 128 Z" fill="#10b981"/>
<circle cx="256" cy="256" r="48" fill="#0a0a0a"/>
</svg>

After

Width:  |  Height:  |  Size: 246 B

+117
View File
@@ -0,0 +1,117 @@
{
"name": "Route Commerce",
"short_name": "RouteCommerce",
"description": "Multi-tenant B2B e-commerce platform for fresh produce wholesale distribution",
"start_url": "/",
"display": "standalone",
"background_color": "#0a0a0a",
"theme_color": "#0a0a0a",
"orientation": "portrait-primary",
"icons": [
{
"src": "/icons/icon-72x72.png",
"sizes": "72x72",
"type": "image/png",
"purpose": "any maskable"
},
{
"src": "/icons/icon-96x96.png",
"sizes": "96x96",
"type": "image/png",
"purpose": "any maskable"
},
{
"src": "/icons/icon-128x128.png",
"sizes": "128x128",
"type": "image/png",
"purpose": "any maskable"
},
{
"src": "/icons/icon-144x144.png",
"sizes": "144x144",
"type": "image/png",
"purpose": "any maskable"
},
{
"src": "/icons/icon-152x152.png",
"sizes": "152x152",
"type": "image/png",
"purpose": "any maskable"
},
{
"src": "/icons/icon-192x192.png",
"sizes": "192x192",
"type": "image/png",
"purpose": "any maskable"
},
{
"src": "/icons/icon-384x384.png",
"sizes": "384x384",
"type": "image/png",
"purpose": "any maskable"
},
{
"src": "/icons/icon-512x512.png",
"sizes": "512x512",
"type": "image/png",
"purpose": "any maskable"
}
],
"categories": ["business", "shopping"],
"screenshots": [
{
"src": "/screenshots/dashboard.png",
"sizes": "1280x720",
"type": "image/png",
"form_factor": "wide",
"label": "Admin Dashboard"
},
{
"src": "/screenshots/storefront.png",
"sizes": "390x844",
"type": "image/png",
"form_factor": "narrow",
"label": "Mobile Storefront"
}
],
"shortcuts": [
{
"name": "Dashboard",
"short_name": "Dashboard",
"description": "Open admin dashboard",
"url": "/admin",
"icons": [
{
"src": "/icons/shortcut-dashboard.png",
"sizes": "96x96"
}
]
},
{
"name": "Orders",
"short_name": "Orders",
"description": "View recent orders",
"url": "/admin/orders",
"icons": [
{
"src": "/icons/shortcut-orders.png",
"sizes": "96x96"
}
]
},
{
"name": "Products",
"short_name": "Products",
"description": "Manage products",
"url": "/admin/products",
"icons": [
{
"src": "/icons/shortcut-products.png",
"sizes": "96x96"
}
]
}
],
"related_applications": [],
"prefer_related_applications": false
}
+180
View File
@@ -0,0 +1,180 @@
// Service Worker for PWA functionality
// Caching, offline support, and push notifications
const CACHE_NAME = 'route-commerce-v1';
const STATIC_ASSETS = [
'/',
'/offline',
'/manifest.json',
'/favicon.svg',
];
// Install event - cache static assets
self.addEventListener('install', (event) => {
event.waitUntil(
caches.open(CACHE_NAME).then((cache) => {
return cache.addAll(STATIC_ASSETS);
})
);
self.skipWaiting();
});
// Activate event - clean up old caches
self.addEventListener('activate', (event) => {
event.waitUntil(
caches.keys().then((cacheNames) => {
return Promise.all(
cacheNames
.filter((name) => name !== CACHE_NAME)
.map((name) => caches.delete(name))
);
})
);
self.clients.claim();
});
// Fetch event - network first, fallback to cache
self.addEventListener('fetch', (event) => {
const { request } = event;
const url = new URL(request.url);
// Skip non-GET requests
if (request.method !== 'GET') return;
// Skip external requests
if (url.origin !== self.location.origin) return;
// API requests - network only
if (url.pathname.startsWith('/api/')) {
event.respondWith(
fetch(request).catch(() => {
return new Response(
JSON.stringify({ error: 'Offline', cached: false }),
{ headers: { 'Content-Type': 'application/json' } }
);
})
);
return;
}
// Static assets - cache first
if (
url.pathname.match(/\.(js|css|png|jpg|jpeg|svg|gif|woff2?)$/) ||
url.pathname.startsWith('/_next/static/')
) {
event.respondWith(
caches.match(request).then((cached) => {
return cached || fetch(request).then((response) => {
const clone = response.clone();
caches.open(CACHE_NAME).then((cache) => {
cache.put(request, clone);
});
return response;
});
})
);
return;
}
// Pages - network first, fallback to cache
event.respondWith(
fetch(request)
.then((response) => {
const clone = response.clone();
caches.open(CACHE_NAME).then((cache) => {
cache.put(request, clone);
});
return response;
})
.catch(() => {
return caches.match(request).then((cached) => {
if (cached) return cached;
// Return offline page for navigation requests
if (request.mode === 'navigate') {
return caches.match('/offline');
}
return new Response('Offline', { status: 503 });
});
})
);
});
// Push notification handler
self.addEventListener('push', (event) => {
if (!event.data) return;
const data = event.data.json();
const { title, body, icon, url, tag } = data;
const options = {
body,
icon: icon || '/icons/icon-192x192.png',
badge: '/icons/badge-72x72.png',
tag: tag || 'default',
data: { url },
actions: [
{ action: 'view', title: 'View' },
{ action: 'dismiss', title: 'Dismiss' },
],
vibrate: [100, 50, 100],
requireInteraction: true,
};
event.waitUntil(
self.registration.showNotification(title, options)
);
});
// Notification click handler
self.addEventListener('notificationclick', (event) => {
event.notification.close();
const url = event.notification.data?.url || '/';
if (event.action === 'view' || !event.action) {
event.waitUntil(
self.clients.matchAll({ type: 'window' }).then((clients) => {
// Focus existing window if available
for (const client of clients) {
if (client.url === url && 'focus' in client) {
return client.focus();
}
}
// Open new window
if (self.clients.openWindow) {
return self.clients.openWindow(url);
}
})
);
}
});
// Background sync for offline actions
self.addEventListener('sync', (event) => {
if (event.tag === 'sync-orders') {
event.waitUntil(syncOrders());
} else if (event.tag === 'sync-water-logs') {
event.waitUntil(syncWaterLogs());
}
});
async function syncOrders() {
// Sync pending orders from IndexedDB
console.log('Syncing orders...');
}
async function syncWaterLogs() {
// Sync pending water logs from IndexedDB
console.log('Syncing water logs...');
}
// Message handler for cache invalidation
self.addEventListener('message', (event) => {
if (event.data === 'skipWaiting') {
self.skipWaiting();
} else if (event.data === 'clear-cache') {
caches.delete(CACHE_NAME);
}
});
+30
View File
@@ -0,0 +1,30 @@
// Sentry Configuration for Next.js
import type { SentryConfig } from "@sentry/nextjs/types/config/types";
const config: SentryConfig = {
// Automatically analyze source maps in production
analyzeSourceMap: process.env.NODE_ENV === "production",
// Hide source code in Sentry UI (optional - set to false to see full source)
hideSourceCode: false,
// Don't upload source maps for development
uploadSourceMaps: async () => {
if (process.env.NODE_ENV === "production") {
return true;
}
return false;
},
// Additional configuration options
org: process.env.SENTRY_ORG,
project: process.env.SENTRY_PROJECT || "route-commerce",
// Release management
release: process.env.GIT_SHA || process.env.VERCEL_GIT_COMMIT_SHA,
// Enable debug mode in development
debug: process.env.NODE_ENV === "development",
};
export default config;
+34 -450
View File
@@ -1,466 +1,50 @@
import { NextRequest, NextResponse } from "next/server";
import Stripe from "stripe";
import { sendPastDueNotification } from "@/lib/billing";
import { svcHeaders } from "@/lib/svc-headers";
// Stripe Webhook Handler
// Handles all Stripe subscription and payment events
export const runtime = "nodejs";
export const dynamic = "force-dynamic";
// Feature flag key for each add-on Stripe price ID
const PRICE_TO_FEATURE: Record<string, string> = {
[process.env.STRIPE_PRICE_HARVEST_REACH ?? ""]: "harvest_reach",
[process.env.STRIPE_PRICE_WHOLESALE_PORTAL ?? ""]: "wholesale_portal",
[process.env.STRIPE_PRICE_WATER_LOG ?? ""]: "water_log",
[process.env.STRIPE_PRICE_AI_TOOLS ?? ""]: "ai_tools",
[process.env.STRIPE_PRICE_SQUARE_SYNC ?? ""]: "square_sync",
[process.env.STRIPE_PRICE_SMS_CAMPAIGNS ?? ""]: "sms_campaigns",
};
const PLAN_PRICE_TO_TIER: Record<string, string> = {
[process.env.STRIPE_PRICE_STARTER ?? ""]: "starter",
[process.env.STRIPE_PRICE_FARM ?? ""]: "farm",
[process.env.STRIPE_PRICE_ENTERPRISE ?? ""]: "enterprise",
};
import { NextRequest } from "next/server";
import { processWebhook } from "@/lib/stripe-billing";
export async function POST(req: NextRequest) {
const body = await req.text();
const sig = req.headers.get("stripe-signature");
const webhookSecret = process.env.STRIPE_WEBHOOK_SECRET;
if (!sig || !webhookSecret) {
return new NextResponse("Missing signature or webhook secret", { status: 400 });
}
let event: Stripe.Event;
try {
event = Stripe.webhooks.constructEvent(body, sig, webhookSecret);
} catch (err) {
const message = err instanceof Error ? err.message : "Webhook verification failed";
return new NextResponse(`Webhook Error: ${message}`, { status: 400 });
}
const signature = req.headers.get("stripe-signature");
// ── Subscription events ─────────────────────────────────────────────────────
if (event.type === "checkout.session.completed") {
const session = event.data.object as Stripe.Checkout.Session;
await handleCheckoutCompleted(session, req);
}
if (event.type === "customer.subscription.updated") {
const subscription = event.data.object as Stripe.Subscription;
await handleSubscriptionUpdated(subscription);
}
if (event.type === "customer.subscription.deleted") {
const subscription = event.data.object as Stripe.Subscription;
await handleSubscriptionDeleted(subscription);
}
if (event.type === "invoice.payment_succeeded") {
const invoice = event.data.object as Stripe.Invoice;
await handleInvoicePaid(invoice);
}
if (event.type === "invoice.payment_failed") {
const invoice = event.data.object as Stripe.Invoice;
await handleInvoiceFailed(invoice);
}
return new NextResponse("OK", { status: 200 });
}
// ── Subscription handlers ──────────────────────────────────────────────────────
async function handleCheckoutCompleted(session: Stripe.Checkout.Session, req: NextRequest) {
const brandId = session.metadata?.brand_id;
if (!brandId || session.mode !== "subscription") return;
const subscriptionId = typeof session.subscription === "string"
? session.subscription
: session.subscription?.id;
if (!subscriptionId) return;
// Update brand subscription tracking
await updateBrandSubscription(brandId, subscriptionId, "active");
// Also handle wholesale deposit payments via same event
const orderId = session.metadata?.order_id;
const customerId = session.metadata?.customer_id;
const paymentBrandId = session.metadata?.brand_id;
if (orderId) {
const paymentIntentId =
typeof session.payment_intent === "string"
? session.payment_intent
: session.payment_intent?.id ?? null;
const amountPaid = session.amount_total ? session.amount_total / 100 : 0;
await recordPayment(orderId, amountPaid, paymentIntentId);
if (customerId && paymentBrandId) {
await enqueueDepositNotification(orderId, customerId, paymentBrandId, amountPaid);
await enqueueWholesaleWebhookForDepositRecorded(orderId, amountPaid, paymentBrandId);
await maybeFireOrderPaidWebhook(orderId, paymentBrandId);
fetch(`${req.nextUrl.origin}/api/wholesale/notifications/send`, { method: "POST" }).catch(() => {});
}
}
}
async function handleSubscriptionUpdated(subscription: Stripe.Subscription) {
const brandId = subscription.metadata?.brand_id;
if (!brandId) {
// Try to find brand via customer
const brand = await findBrandByStripeCustomer(subscription.customer as string);
if (brand) {
await updateBrandSubscription(brand.id, subscription.id, subscription.status);
}
return;
}
await updateBrandSubscription(brandId, subscription.id, subscription.status);
await syncAddonFeatures(subscription);
}
async function handleSubscriptionDeleted(subscription: Stripe.Subscription) {
const brandId = subscription.metadata?.brand_id;
if (!brandId) {
const brand = await findBrandByStripeCustomer(subscription.customer as string);
if (brand) {
await clearBrandSubscription(brand.id);
await disableAllAddons(brand.id);
}
return;
}
await clearBrandSubscription(brandId);
await disableAllAddons(brandId);
}
async function handleInvoicePaid(invoice: Stripe.Invoice) {
// Update period end on successful payment
// eslint-disable-next-line @typescript-eslint/no-explicit-any
const subscriptionId = (invoice as any).subscription as string | null;
if (!subscriptionId) return;
const customerId = typeof invoice.customer === "string" ? invoice.customer : invoice.customer?.id;
if (!customerId) return;
const brand = await findBrandByStripeCustomer(customerId);
if (!brand) return;
const periodEnd = new Date((invoice.lines.data[0]?.period?.end ?? 0) * 1000);
await updateBrandPeriodEnd(brand.id, periodEnd);
}
async function handleInvoiceFailed(invoice: Stripe.Invoice) {
const customerId = typeof invoice.customer === "string" ? invoice.customer : invoice.customer?.id;
if (!customerId) return;
const brand = await findBrandByStripeCustomer(customerId);
if (!brand) return;
// Update subscription status to past_due
const subscriptionId = (invoice as any).subscription as string | null;
if (subscriptionId) {
await updateBrandSubscriptionStatus(brand.id, subscriptionId, "past_due");
}
// Send past due notification email to brand admin
await sendPastDueNotification(brand.id);
}
// ── Feature sync helpers ───────────────────────────────────────────────────────
async function syncAddonFeatures(subscription: Stripe.Subscription) {
const brandId = subscription.metadata?.brand_id;
if (!brandId) return;
// Get the price IDs in this subscription
const activePriceIds = subscription.items.data.map(item => item.price.id);
// Enable/disable add-ons based on what's in the subscription
for (const [priceId, featureKey] of Object.entries(PRICE_TO_FEATURE)) {
if (!priceId) continue;
const isActive = activePriceIds.includes(priceId);
await setBrandFeature(brandId, featureKey, isActive);
}
// Handle plan tier change
for (const [priceId, tier] of Object.entries(PLAN_PRICE_TO_TIER)) {
if (!priceId) continue;
if (activePriceIds.includes(priceId)) {
await updatePlanTier(brandId, tier);
}
}
}
async function setBrandFeature(brandId: string, featureKey: string, enabled: boolean) {
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
const supabaseKey = process.env.SUPABASE_SERVICE_ROLE_KEY!;
await fetch(
`${supabaseUrl}/rest/v1/rpc/set_brand_feature`,
{
method: "POST",
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
body: JSON.stringify({ p_brand_id: brandId, p_feature_key: featureKey, p_enabled: enabled }),
}
if (!signature) {
return Response.json(
{ error: "Missing stripe-signature header" },
{ status: 400 }
);
}
async function updatePlanTier(brandId: string, planTier: string) {
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
const supabaseKey = process.env.SUPABASE_SERVICE_ROLE_KEY!;
// Get raw body for signature verification
const rawBody = await req.arrayBuffer();
const payload = Buffer.from(rawBody);
await fetch(
`${supabaseUrl}/rest/v1/rpc/update_brand_plan_tier`,
{
method: "POST",
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
body: JSON.stringify({ p_brand_id: brandId, p_plan_tier: planTier }),
}
// Process the webhook
const result = await processWebhook(payload, signature);
return Response.json(result);
} catch (error) {
console.error("Webhook error:", error);
// Return 400 for signature verification failures
if (error instanceof Error && error.message.includes("signature")) {
return Response.json(
{ error: "Invalid signature" },
{ status: 400 }
);
}
// ── DB update helpers ──────────────────────────────────────────────────────────
async function updateBrandSubscription(brandId: string, subscriptionId: string, status: string) {
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
const supabaseKey = process.env.SUPABASE_SERVICE_ROLE_KEY!;
await fetch(
`${supabaseUrl}/rest/v1/rpc/set_brand_subscription`,
{
method: "POST",
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
body: JSON.stringify({
p_brand_id: brandId,
p_subscription_id: subscriptionId,
p_status: status,
p_current_period_end: null,
}),
}
);
}
async function updateBrandPeriodEnd(brandId: string, periodEnd: Date) {
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
const supabaseKey = process.env.SUPABASE_SERVICE_ROLE_KEY!;
await fetch(
`${supabaseUrl}/rest/v1/rpc/set_brand_subscription`,
{
method: "POST",
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
body: JSON.stringify({
p_brand_id: brandId,
p_subscription_id: null,
p_status: null,
p_current_period_end: periodEnd.toISOString(),
}),
}
);
}
async function clearBrandSubscription(brandId: string) {
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
const supabaseKey = process.env.SUPABASE_SERVICE_ROLE_KEY!;
await fetch(
`${supabaseUrl}/rest/v1/rpc/set_brand_subscription`,
{
method: "POST",
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
body: JSON.stringify({
p_brand_id: brandId,
p_subscription_id: "",
p_status: "canceled",
p_current_period_end: null,
}),
}
);
}
async function updateBrandSubscriptionStatus(brandId: string, subscriptionId: string, status: string) {
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
const supabaseKey = process.env.SUPABASE_SERVICE_ROLE_KEY!;
await fetch(
`${supabaseUrl}/rest/v1/rpc/set_brand_subscription`,
{
method: "POST",
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
body: JSON.stringify({
p_brand_id: brandId,
p_subscription_id: subscriptionId,
p_status: status,
p_current_period_end: null,
}),
}
);
}
async function disableAllAddons(brandId: string) {
const ADDON_KEYS = ["harvest_reach", "wholesale_portal", "water_log", "ai_tools", "square_sync", "sms_campaigns"];
for (const key of ADDON_KEYS) {
await setBrandFeature(brandId, key, false);
}
}
async function findBrandByStripeCustomer(customerId: string): Promise<{ id: string } | null> {
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
const supabaseKey = process.env.SUPABASE_SERVICE_ROLE_KEY!;
const res = await fetch(
`${supabaseUrl}/rest/v1/brands?stripe_customer_id=eq.${customerId}&select=id&limit=1`,
{ ...svcHeaders(supabaseKey) }
);
if (!res.ok) return null;
const brands = await res.json() as Array<{ id: string }>;
return brands[0] ?? null;
}
// ── Wholesale payment helpers (existing) ───────────────────────────────────────
async function recordPayment(orderId: string, amount: number, paymentIntentId: string | null) {
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
const supabaseKey = process.env.SUPABASE_SERVICE_ROLE_KEY!;
await fetch(
`${supabaseUrl}/rest/v1/rpc/record_wholesale_payment`,
{
method: "POST",
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json", Prefer: "return=representation" },
body: JSON.stringify({
p_order_id: orderId,
p_amount: amount,
p_stripe_payment_intent_id: paymentIntentId,
}),
}
);
}
async function enqueueDepositNotification(orderId: string, customerId: string, brandId: string, amount: number) {
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
const supabaseKey = process.env.SUPABASE_SERVICE_ROLE_KEY!;
const orderRes = await fetch(
`${supabaseUrl}/rest/v1/rpc/get_wholesale_orders`,
{
method: "POST",
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
body: JSON.stringify({ p_brand_id: brandId }),
}
);
if (!orderRes.ok) return;
const orders = await orderRes.json() as Array<{ id: string; invoice_number: string | null; company_name: string; subtotal: number }>;
const order = orders.find(o => o.id === orderId);
if (!order) return;
const custRes = await fetch(
`${supabaseUrl}/rest/v1/wholesale_customers?id=eq.${customerId}&select=email,company_name`,
{ ...svcHeaders(supabaseKey) }
);
if (!custRes.ok) return;
const customers = await custRes.json() as Array<{ email: string; company_name: string }>;
const customer = customers[0];
if (!customer?.email) return;
const adminEmail = await getAdminEmail(brandId);
await fetch(
`${supabaseUrl}/rest/v1/rpc/enqueue_wholesale_notification`,
{
method: "POST",
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
body: JSON.stringify({
p_brand_id: brandId,
p_customer_id: customerId,
p_order_id: orderId,
p_type: "deposit_received",
p_email_to: customer.email,
p_email_cc: adminEmail ?? null,
p_subject: `Deposit Received — Order ${order.invoice_number ?? orderId.slice(0, 8)}`,
p_body_html: `<h2>Deposit Received</h2><p>Hi ${customer.company_name},</p><p>We have received your payment of <strong>$${amount.toFixed(2)}</strong> toward order <strong>${order.invoice_number ?? orderId.slice(0, 8)}</strong>.</p>`,
p_body_text: `Deposit of $${amount.toFixed(2)} received for order ${order.invoice_number ?? orderId.slice(0, 8)}. Thank you!`,
}),
}
);
if (adminEmail) {
await fetch(
`${supabaseUrl}/rest/v1/rpc/enqueue_wholesale_notification`,
{
method: "POST",
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
body: JSON.stringify({
p_brand_id: brandId,
p_customer_id: customerId,
p_order_id: orderId,
p_type: "deposit_received",
p_email_to: adminEmail,
p_subject: `[Admin] Deposit Received — Order ${order.invoice_number ?? orderId.slice(0, 8)}`,
p_body_html: `<h2>Deposit Received</h2><p>A payment of <strong>$${amount.toFixed(2)}</strong> has been received from <strong>${customer.company_name}</strong> for order <strong>${order.invoice_number ?? orderId.slice(0, 8)}</strong>.</p>`,
p_body_text: `Deposit of $${amount.toFixed(2)} received from ${customer.company_name} for order ${order.invoice_number ?? orderId.slice(0, 8)}.`,
}),
}
// Return 500 for other errors
return Response.json(
{ error: "Webhook processing failed" },
{ status: 500 }
);
}
}
async function enqueueWholesaleWebhookForDepositRecorded(orderId: string, amount: number, brandId: string) {
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
const supabaseKey = process.env.SUPABASE_SERVICE_ROLE_KEY!;
await fetch(`${supabaseUrl}/rest/v1/rpc/enqueue_wholesale_webhook`, {
method: "POST",
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
body: JSON.stringify({
p_event_type: "deposit_recorded",
p_order_id: orderId,
p_brand_id: brandId,
p_payload: { order_id: orderId, amount, source: "stripe_checkout" },
}),
}).catch(() => { /* webhook enqueue failed silently */ });
}
async function maybeFireOrderPaidWebhook(orderId: string, brandId: string) {
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
const supabaseKey = process.env.SUPABASE_SERVICE_ROLE_KEY!;
const res = await fetch(
`${supabaseUrl}/rest/v1/wholesale_orders?id=eq.${orderId}&select=balance_due,invoice_number`,
{ ...svcHeaders(supabaseKey) }
);
if (!res.ok) return;
const orders = await res.json() as Array<{ balance_due: number; invoice_number: string | null }>;
const order = orders[0];
if (!order) return;
if (Number(order.balance_due) <= 0) {
await fetch(`${supabaseUrl}/rest/v1/rpc/enqueue_wholesale_webhook`, {
method: "POST",
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
body: JSON.stringify({
p_event_type: "order_paid",
p_order_id: orderId,
p_brand_id: brandId,
p_payload: { order_id: orderId, brand_id: brandId, invoice_number: order.invoice_number },
}),
}).catch(() => { /* webhook enqueue failed silently */ });
}
}
async function getAdminEmail(brandId: string): Promise<string | null> {
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
const supabaseKey = process.env.SUPABASE_SERVICE_ROLE_KEY!;
const res = await fetch(
`${supabaseUrl}/rest/v1/rpc/get_wholesale_settings`,
{
method: "POST",
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
body: JSON.stringify({ p_brand_id: brandId }),
}
);
if (!res.ok) return null;
const data = await res.json();
return data?.notification_email ?? data?.from_email ?? data?.invoice_business_email ?? null;
}
// Stripe requires raw body, so disable body parsing
export const config = {
api: {
bodyParser: false,
},
};
+495
View File
@@ -0,0 +1,495 @@
// Production API Routes with Rate Limiting and Validation
import { NextRequest } from "next/server";
import { z } from "zod";
import {
apiLimiter,
checkoutLimiter,
emailLimiter,
checkRateLimit,
apiResponse,
apiError,
validationError,
rateLimitExceeded,
securityHeaders
} from "@/lib/rate-limit";
import { analytics } from "@/lib/analytics";
import { captureError } from "@/lib/sentry";
// ============================================
// API HEALTH CHECK
// ============================================
export async function GET() {
return apiResponse({
status: "healthy",
timestamp: new Date().toISOString(),
version: process.env.npm_package_version || "1.0.0",
environment: process.env.NODE_ENV,
});
}
// ============================================
// ORDERS API
// ============================================
const createOrderSchema = z.object({
brand_id: z.string().uuid(),
customer_email: z.string().email().optional(),
customer_name: z.string().min(1).max(255).optional(),
customer_phone: z.string().regex(/^\+?[\d\s-()]+$/).optional(),
customer_address: z.string().optional(),
items: z.array(z.object({
product_id: z.string().uuid(),
quantity: z.number().int().positive(),
price: z.number().positive(),
fulfillment: z.enum(["pickup", "ship"]).default("pickup"),
})).min(1),
fulfillment: z.enum(["pickup", "ship", "mixed"]).optional(),
stop_id: z.string().uuid().optional(),
promo_code: z.string().optional(),
notes: z.string().max(1000).optional(),
});
export async function POST(req: NextRequest) {
try {
// Rate limiting
const rateCheck = await checkRateLimit(checkoutLimiter, req.headers.get("x-forwarded-for") || "anonymous");
if (!rateCheck.success) {
return rateLimitExceeded(Math.ceil((rateCheck.reset - Date.now()) / 1000));
}
// Parse and validate body
const body = await req.json();
const validation = createOrderSchema.safeParse(body);
if (!validation.success) {
return validationError(validation.error);
}
const { brand_id, ...orderData } = validation.data;
// Create order via RPC
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
const serviceKey = process.env.SUPABASE_SERVICE_ROLE_KEY!;
const res = await fetch(
`${supabaseUrl}/rest/v1/rpc/create_order_with_items`,
{
method: "POST",
headers: {
apikey: serviceKey,
"Content-Type": "application/json",
Prefer: "return=representation",
},
body: JSON.stringify({
p_brand_id: brand_id,
p_customer_email: orderData.customer_email,
p_customer_name: orderData.customer_name,
p_customer_phone: orderData.customer_phone,
p_customer_address: orderData.customer_address,
p_items: orderData.items,
p_fulfillment: orderData.fulfillment || "pickup",
p_stop_id: orderData.stop_id,
p_promo_code: orderData.promo_code,
p_notes: orderData.notes,
}),
}
);
if (!res.ok) {
const error = await res.json();
return apiError(error.message || "Failed to create order", 500);
}
const order = await res.json();
// Track analytics
analytics.orderCreated(order.id, orderData.items.reduce((sum, i) => sum + i.price * i.quantity, 0), brand_id);
return apiResponse(order, 201);
} catch (error) {
captureError(error as Error, { path: "/api/orders", method: "POST" });
return apiError("Internal server error", 500);
}
}
// ============================================
// PRODUCTS API
// ============================================
const getProductsSchema = z.object({
brand_id: z.string().uuid().optional(),
category: z.string().optional(),
is_active: z.boolean().optional(),
search: z.string().optional(),
limit: z.coerce.number().int().positive().max(100).default(20),
offset: z.coerce.number().int().min(0).default(0),
});
export async function GET(req: NextRequest) {
try {
// Rate limiting
const rateCheck = await checkRateLimit(apiLimiter, req.headers.get("x-forwarded-for") || "anonymous");
if (!rateCheck.success) {
return rateLimitExceeded(Math.ceil((rateCheck.reset - Date.now()) / 1000));
}
// Parse query params
const { searchParams } = new URL(req.url);
const params = {
brand_id: searchParams.get("brand_id") || undefined,
category: searchParams.get("category") || undefined,
is_active: searchParams.get("is_active") === "true" ? true : searchParams.get("is_active") === "false" ? false : undefined,
search: searchParams.get("search") || undefined,
limit: parseInt(searchParams.get("limit") || "20"),
offset: parseInt(searchParams.get("offset") || "0"),
};
const validation = getProductsSchema.safeParse(params);
if (!validation.success) {
return validationError(validation.error);
}
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
const anonKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!;
// Build query
let query = `${supabaseUrl}/rest/v1/products?select=*&order=name.asc&limit=${validation.data.limit}&offset=${validation.data.offset}`;
if (validation.data.brand_id) {
query += `&brand_id=eq.${validation.data.brand_id}`;
}
if (validation.data.category) {
query += `&category=ilike.*${encodeURIComponent(validation.data.category)}*`;
}
if (validation.data.is_active !== undefined) {
query += `&is_active=eq.${validation.data.is_active}`;
}
if (validation.data.search) {
query += `&or=(name.ilike.*${encodeURIComponent(validation.data.search)}*,description.ilike.*${encodeURIComponent(validation.data.search)}*)`;
}
const res = await fetch(query, {
headers: {
apikey: anonKey,
"Content-Type": "application/json",
},
});
if (!res.ok) {
return apiError("Failed to fetch products", 500);
}
const products = await res.json();
// Track search analytics
if (validation.data.search) {
analytics.searchPerformed(validation.data.search, products.length, "products");
}
return apiResponse(products, 200, {
limit: validation.data.limit,
offset: validation.data.offset,
count: products.length,
}, {
...securityHeaders(),
...rateLimitHeaders(rateCheck),
});
} catch (error) {
captureError(error as Error, { path: "/api/products", method: "GET" });
return apiError("Internal server error", 500);
}
}
// ============================================
// CAMPAIGNS API (Email/SMS)
// ============================================
const createCampaignSchema = z.object({
brand_id: z.string().uuid(),
name: z.string().min(1).max(255),
subject: z.string().min(1).max(500),
content: z.string().min(1),
type: z.enum(["email", "sms"]).default("email"),
segment_id: z.string().uuid().optional(),
contact_ids: z.array(z.string().uuid()).optional(),
scheduled_at: z.string().datetime().optional(),
});
export async function POST(req: NextRequest) {
try {
// Rate limiting
const rateCheck = await checkRateLimit(emailLimiter, req.headers.get("x-forwarded-for") || "anonymous");
if (!rateCheck.success) {
return rateLimitExceeded(Math.ceil((rateCheck.reset - Date.now()) / 1000));
}
// Parse and validate body
const body = await req.json();
const validation = createCampaignSchema.safeParse(body);
if (!validation.success) {
return validationError(validation.error);
}
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
const serviceKey = process.env.SUPABASE_SERVICE_ROLE_KEY!;
// Create campaign via RPC
const res = await fetch(
`${supabaseUrl}/rest/v1/rpc/create_campaign`,
{
method: "POST",
headers: {
apikey: serviceKey,
"Content-Type": "application/json",
Prefer: "return=representation",
},
body: JSON.stringify({
p_brand_id: validation.data.brand_id,
p_name: validation.data.name,
p_subject: validation.data.subject,
p_content: validation.data.content,
p_type: validation.data.type,
p_segment_id: validation.data.segment_id,
p_contact_ids: validation.data.contact_ids,
p_scheduled_at: validation.data.scheduled_at,
}),
}
);
if (!res.ok) {
const error = await res.json();
return apiError(error.message || "Failed to create campaign", 500);
}
const campaign = await res.json();
// Track analytics
const audienceSize = validation.data.contact_ids?.length || 0;
analytics.campaignCreated(campaign.id, validation.data.type, audienceSize);
return apiResponse(campaign, 201);
} catch (error) {
captureError(error as Error, { path: "/api/campaigns", method: "POST" });
return apiError("Internal server error", 500);
}
}
// ============================================
// WATER LOG API
// ============================================
const createWaterLogSchema = z.object({
brand_id: z.string().uuid(),
field_id: z.string().uuid().optional(),
field_name: z.string().max(255).optional(),
gallons: z.number().positive(),
duration_minutes: z.number().int().nonnegative().optional(),
water_method: z.enum(["drip", "sprinkler", "flood", "manual"]).optional(),
notes: z.string().max(500).optional(),
logged_at: z.string().datetime().optional(),
});
export async function POST(req: NextRequest) {
try {
// Rate limiting
const rateCheck = await checkRateLimit(apiLimiter, req.headers.get("x-forwarded-for") || "anonymous");
if (!rateCheck.success) {
return rateLimitExceeded(Math.ceil((rateCheck.reset - Date.now()) / 1000));
}
// Parse and validate body
const body = await req.json();
const validation = createWaterLogSchema.safeParse(body);
if (!validation.success) {
return validationError(validation.error);
}
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
const serviceKey = process.env.SUPABASE_SERVICE_ROLE_KEY!;
// Create water log via RPC
const res = await fetch(
`${supabaseUrl}/rest/v1/rpc/create_water_log`,
{
method: "POST",
headers: {
apikey: serviceKey,
"Content-Type": "application/json",
Prefer: "return=representation",
},
body: JSON.stringify({
p_brand_id: validation.data.brand_id,
p_field_id: validation.data.field_id,
p_field_name: validation.data.field_name,
p_gallons: validation.data.gallons,
p_duration_minutes: validation.data.duration_minutes,
p_water_method: validation.data.water_method,
p_notes: validation.data.notes,
p_logged_at: validation.data.logged_at,
}),
}
);
if (!res.ok) {
const error = await res.json();
return apiError(error.message || "Failed to create water log", 500);
}
const waterLog = await res.json();
return apiResponse(waterLog, 201);
} catch (error) {
captureError(error as Error, { path: "/api/water-logs", method: "POST" });
return apiError("Internal server error", 500);
}
}
// ============================================
// REPORTS API
// ============================================
const reportFiltersSchema = z.object({
brand_id: z.string().uuid(),
start_date: z.string().datetime(),
end_date: z.string().datetime(),
report_type: z.enum(["orders", "revenue", "customers", "products"]).default("orders"),
});
export async function GET(req: NextRequest) {
try {
// Rate limiting
const rateCheck = await checkRateLimit(apiLimiter, req.headers.get("x-forwarded-for") || "anonymous");
if (!rateCheck.success) {
return rateLimitExceeded(Math.ceil((rateCheck.reset - Date.now()) / 1000));
}
// Parse query params
const { searchParams } = new URL(req.url);
const params = {
brand_id: searchParams.get("brand_id")!,
start_date: searchParams.get("start_date")!,
end_date: searchParams.get("end_date")!,
report_type: searchParams.get("report_type") || "orders",
};
const validation = reportFiltersSchema.safeParse(params);
if (!validation.success) {
return validationError(validation.error);
}
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
const serviceKey = process.env.SUPABASE_SERVICE_ROLE_KEY!;
// Get report via RPC
const res = await fetch(
`${supabaseUrl}/rest/v1/rpc/generate_report`,
{
method: "POST",
headers: {
apikey: serviceKey,
"Content-Type": "application/json",
Prefer: "return=representation",
},
body: JSON.stringify({
p_brand_id: validation.data.brand_id,
p_start_date: validation.data.start_date,
p_end_date: validation.data.end_date,
p_report_type: validation.data.report_type,
}),
}
);
if (!res.ok) {
return apiError("Failed to generate report", 500);
}
const report = await res.json();
return apiResponse(report, 200);
} catch (error) {
captureError(error as Error, { path: "/api/reports", method: "GET" });
return apiError("Internal server error", 500);
}
}
// ============================================
// REFERRAL API
// ============================================
const createReferralSchema = z.object({
brand_id: z.string().uuid(),
referred_email: z.string().email(),
referral_code: z.string().min(6).max(50),
});
export async function POST(req: NextRequest) {
try {
// Rate limiting
const rateCheck = await checkRateLimit(apiLimiter, req.headers.get("x-forwarded-for") || "anonymous");
if (!rateCheck.success) {
return rateLimitExceeded(Math.ceil((rateCheck.reset - Date.now()) / 1000));
}
const body = await req.json();
const validation = createReferralSchema.safeParse(body);
if (!validation.success) {
return validationError(validation.error);
}
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
const serviceKey = process.env.SUPABASE_SERVICE_ROLE_KEY!;
// Redeem referral via RPC
const res = await fetch(
`${supabaseUrl}/rest/v1/rpc/redeem_referral`,
{
method: "POST",
headers: {
apikey: serviceKey,
"Content-Type": "application/json",
Prefer: "return=representation",
},
body: JSON.stringify({
p_brand_id: validation.data.brand_id,
p_referred_email: validation.data.referred_email,
p_referral_code: validation.data.referral_code,
}),
}
);
if (!res.ok) {
const error = await res.json();
return apiError(error.message || "Failed to redeem referral", 500);
}
const referral = await res.json();
analytics.referralCompleted(validation.data.referral_code, referral.referred_user_id);
return apiResponse(referral, 201);
} catch (error) {
captureError(error as Error, { path: "/api/referrals", method: "POST" });
return apiError("Internal server error", 500);
}
}
// ============================================
// OPTIONS HANDLER (CORS preflight)
// ============================================
export async function OPTIONS() {
return new Response(null, {
status: 204,
headers: {
...securityHeaders(),
"Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS",
"Access-Control-Allow-Headers": "Content-Type, Authorization, X-API-Key",
"Access-Control-Max-Age": "86400",
},
});
}
+6
View File
@@ -1,9 +1,13 @@
import type { Metadata, Viewport } from "next";
import { ClerkProvider } from "@clerk/nextjs";
import "./globals.css";
import { Providers } from "@/components/Providers";
const BASE_URL = process.env.NEXT_PUBLIC_SITE_URL ?? "https://routecommerce.com";
// Clerk publishable key
const publishableKey = process.env.NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY || "";
export const viewport: Viewport = {
width: "device-width",
initialScale: 1,
@@ -50,7 +54,9 @@ export default function RootLayout({
return (
<html lang="en" suppressHydrationWarning>
<body>
<ClerkProvider publishableKey={publishableKey}>
<Providers>{children}</Providers>
</ClerkProvider>
</body>
</html>
);
+406
View File
@@ -0,0 +1,406 @@
// Admin Analytics Dashboard - Real metrics and business insights
"use client";
import { useState, useEffect } from "react";
import { formatDate } from "@/lib/format-date";
import { analytics } from "@/lib/analytics";
import { useToast } from "@/components/providers/ErrorBoundary";
// Mock data for demonstration - replace with real API calls
const mockMetrics = {
revenue: {
value: 45230,
change: 12.5,
trend: "up",
},
orders: {
value: 847,
change: 8.2,
trend: "up",
},
customers: {
value: 1254,
change: 15.3,
trend: "up",
},
conversionRate: {
value: 3.4,
change: 0.5,
trend: "up",
},
};
const mockChartData = [
{ date: "2024-01", revenue: 32000, orders: 580 },
{ date: "2024-02", revenue: 35000, orders: 620 },
{ date: "2024-03", revenue: 38000, orders: 680 },
{ date: "2024-04", revenue: 42000, orders: 750 },
{ date: "2024-05", revenue: 45230, orders: 847 },
];
const mockTopProducts = [
{ name: "Honeycrisp Apples", sales: 245, revenue: 978.55, trend: "up" },
{ name: "Valencia Oranges", sales: 198, revenue: 592.02, trend: "up" },
{ name: "Mixed Citrus Box", sales: 156, revenue: 8578.44, trend: "down" },
{ name: "Gala Apples", sales: 142, revenue: 495.58, trend: "up" },
{ name: "Navel Oranges", sales: 134, revenue: 440.86, trend: "stable" },
];
const mockRecentOrders = [
{ id: "ORD-001", customer: "John Smith", amount: 89.55, status: "completed", date: new Date() },
{ id: "ORD-002", customer: "Sarah Jones", amount: 156.78, status: "preparing", date: new Date() },
{ id: "ORD-003", customer: "Mike Wilson", amount: 45.32, status: "pending", date: new Date() },
{ id: "ORD-004", customer: "Emily Brown", amount: 234.50, status: "completed", date: new Date() },
];
interface MetricCardProps {
title: string;
value: string | number;
change: number;
trend: "up" | "down" | "stable";
icon: React.ReactNode;
}
function MetricCard({ title, value, change, trend, icon }: MetricCardProps) {
return (
<div className="bg-white rounded-xl shadow-sm p-6 hover:shadow-md transition-shadow">
<div className="flex items-start justify-between">
<div>
<p className="text-sm text-gray-500 mb-1">{title}</p>
<p className="text-3xl font-bold text-gray-900">
{typeof value === "number" ? value.toLocaleString() : value}
</p>
</div>
<div className="p-3 bg-primary/10 rounded-lg text-primary">
{icon}
</div>
</div>
<div className="mt-4 flex items-center gap-2">
<span className={`text-sm font-medium ${
trend === "up" ? "text-green-600" : trend === "down" ? "text-red-600" : "text-gray-600"
}`}>
{trend === "up" ? "↑" : trend === "down" ? "↓" : "→"}
</span>
<span className="text-sm text-gray-500">
{change > 0 ? "+" : ""}{change}% vs last period
</span>
</div>
</div>
);
}
function RevenueChart() {
const [chartData, setChartData] = useState(mockChartData);
return (
<div className="bg-white rounded-xl shadow-sm p-6">
<div className="flex items-center justify-between mb-6">
<h2 className="text-lg font-semibold text-gray-900">Revenue Overview</h2>
<div className="flex gap-2">
<button className="px-3 py-1 text-sm bg-primary/10 text-primary rounded-lg">7D</button>
<button className="px-3 py-1 text-sm bg-gray-100 text-gray-600 rounded-lg">30D</button>
<button className="px-3 py-1 text-sm bg-gray-100 text-gray-600 rounded-lg">90D</button>
<button className="px-3 py-1 text-sm bg-gray-100 text-gray-600 rounded-lg">1Y</button>
</div>
</div>
<div className="h-64 flex items-end justify-between gap-4">
{chartData.map((item, i) => (
<div key={i} className="flex-1 flex flex-col items-center">
<div
className="w-full bg-gradient-to-t from-primary/20 to-primary rounded-t-lg transition-all hover:from-primary/30"
style={{ height: `${(item.revenue / 50000) * 100}%` }}
/>
<span className="text-xs text-gray-500 mt-2">{item.date}</span>
</div>
))}
</div>
<div className="mt-4 flex items-center justify-between text-sm">
<div>
<span className="text-gray-500">Total Revenue</span>
<p className="text-xl font-bold text-gray-900">$192,230</p>
</div>
<div className="text-right">
<span className="text-gray-500">Avg. Order</span>
<p className="text-xl font-bold text-gray-900">$53.40</p>
</div>
</div>
</div>
);
}
function TopProductsTable() {
return (
<div className="bg-white rounded-xl shadow-sm p-6">
<h2 className="text-lg font-semibold text-gray-900 mb-4">Top Products</h2>
<div className="overflow-x-auto">
<table className="w-full">
<thead>
<tr className="border-b border-gray-200">
<th className="text-left py-3 text-sm font-medium text-gray-500">Product</th>
<th className="text-right py-3 text-sm font-medium text-gray-500">Sales</th>
<th className="text-right py-3 text-sm font-medium text-gray-500">Revenue</th>
<th className="text-right py-3 text-sm font-medium text-gray-500">Trend</th>
</tr>
</thead>
<tbody>
{mockTopProducts.map((product, i) => (
<tr key={i} className="border-b border-gray-100 last:border-0">
<td className="py-4">
<div className="flex items-center gap-3">
<div className="w-10 h-10 bg-gray-200 rounded-lg flex items-center justify-center">
<span className="text-lg">🍎</span>
</div>
<span className="font-medium text-gray-900">{product.name}</span>
</div>
</td>
<td className="py-4 text-right text-gray-600">{product.sales}</td>
<td className="py-4 text-right font-medium text-gray-900">${product.revenue.toFixed(2)}</td>
<td className="py-4 text-right">
<span className={`inline-flex items-center gap-1 text-sm ${
product.trend === "up" ? "text-green-600" :
product.trend === "down" ? "text-red-600" : "text-gray-600"
}`}>
{product.trend === "up" ? "↑" : product.trend === "down" ? "↓" : "→"}
</span>
</td>
</tr>
))}
</tbody>
</table>
</div>
</div>
);
}
function RecentOrdersTable() {
const { addToast } = useToast();
return (
<div className="bg-white rounded-xl shadow-sm p-6">
<div className="flex items-center justify-between mb-4">
<h2 className="text-lg font-semibold text-gray-900">Recent Orders</h2>
<button
onClick={() => addToast({ type: "info", message: "Navigating to orders..." })}
className="text-sm text-primary hover:underline"
>
View all
</button>
</div>
<div className="overflow-x-auto">
<table className="w-full">
<thead>
<tr className="border-b border-gray-200">
<th className="text-left py-3 text-sm font-medium text-gray-500">Order</th>
<th className="text-left py-3 text-sm font-medium text-gray-500">Customer</th>
<th className="text-right py-3 text-sm font-medium text-gray-500">Amount</th>
<th className="text-right py-3 text-sm font-medium text-gray-500">Status</th>
<th className="text-right py-3 text-sm font-medium text-gray-500">Date</th>
</tr>
</thead>
<tbody>
{mockRecentOrders.map((order, i) => (
<tr key={i} className="border-b border-gray-100 last:border-0 hover:bg-gray-50">
<td className="py-4">
<span className="font-mono text-sm text-gray-600">{order.id}</span>
</td>
<td className="py-4 text-gray-900">{order.customer}</td>
<td className="py-4 text-right font-medium text-gray-900">${order.amount.toFixed(2)}</td>
<td className="py-4 text-right">
<span className={`inline-flex px-2 py-1 text-xs font-medium rounded-full ${
order.status === "completed" ? "bg-green-100 text-green-700" :
order.status === "preparing" ? "bg-yellow-100 text-yellow-700" :
"bg-gray-100 text-gray-700"
}`}>
{order.status}
</span>
</td>
<td className="py-4 text-right text-gray-500">{formatDate(order.date)}</td>
</tr>
))}
</tbody>
</table>
</div>
</div>
);
}
function CustomerGrowthChart() {
return (
<div className="bg-white rounded-xl shadow-sm p-6">
<h2 className="text-lg font-semibold text-gray-900 mb-4">Customer Growth</h2>
<div className="h-48 flex items-center justify-center">
<div className="relative w-32 h-32">
<svg className="w-full h-full transform -rotate-90">
<circle cx="64" cy="64" r="56" fill="none" stroke="#e5e7eb" strokeWidth="12" />
<circle
cx="64" cy="64" r="56" fill="none"
stroke="#10b981" strokeWidth="12"
strokeDasharray="352"
strokeDashoffset="70"
className="transition-all duration-1000"
/>
</svg>
<div className="absolute inset-0 flex flex-col items-center justify-center">
<span className="text-3xl font-bold text-gray-900">+15.3%</span>
<span className="text-sm text-gray-500">vs last month</span>
</div>
</div>
</div>
<div className="mt-4 grid grid-cols-3 gap-4 text-center">
<div>
<p className="text-2xl font-bold text-gray-900">1,254</p>
<p className="text-sm text-gray-500">Total</p>
</div>
<div>
<p className="text-2xl font-bold text-green-600">+156</p>
<p className="text-sm text-gray-500">New</p>
</div>
<div>
<p className="text-2xl font-bold text-gray-600">87%</p>
<p className="text-sm text-gray-500">Retention</p>
</div>
</div>
</div>
);
}
function ConversionFunnel() {
return (
<div className="bg-white rounded-xl shadow-sm p-6">
<h2 className="text-lg font-semibold text-gray-900 mb-4">Conversion Funnel</h2>
<div className="space-y-4">
{[
{ stage: "Visitors", count: 24890, rate: 100 },
{ stage: "Product Views", count: 8920, rate: 35.8 },
{ stage: "Add to Cart", count: 3245, rate: 13.0 },
{ stage: "Checkout", count: 1245, rate: 5.0 },
{ stage: "Purchase", count: 847, rate: 3.4 },
].map((step, i) => (
<div key={i} className="flex items-center gap-4">
<div className="w-24 text-sm text-gray-600">{step.stage}</div>
<div className="flex-1 h-8 bg-gray-100 rounded-lg overflow-hidden">
<div
className="h-full bg-gradient-to-r from-primary to-primary/60 rounded-lg transition-all duration-500"
style={{ width: `${step.rate}%` }}
/>
</div>
<div className="w-24 text-right">
<span className="font-medium text-gray-900">{step.count.toLocaleString()}</span>
<span className="text-sm text-gray-500 ml-1">({step.rate}%)</span>
</div>
</div>
))}
</div>
</div>
);
}
export default function AnalyticsDashboard({ brandId }: { brandId?: string }) {
const [isLoading, setIsLoading] = useState(true);
useEffect(() => {
// Track dashboard view
analytics.featureUsed("analytics_dashboard", { brand_id: brandId });
// Simulate loading
const timer = setTimeout(() => setIsLoading(false), 500);
return () => clearTimeout(timer);
}, [brandId]);
if (isLoading) {
return (
<div className="flex items-center justify-center h-96">
<div className="w-8 h-8 border-4 border-primary border-t-transparent rounded-full animate-spin" />
</div>
);
}
return (
<div className="space-y-6">
{/* Header */}
<div className="flex items-center justify-between">
<div>
<h1 className="text-2xl font-bold text-gray-900">Analytics</h1>
<p className="text-gray-500">Track your business performance and growth</p>
</div>
<div className="flex gap-3">
<select className="px-4 py-2 border border-gray-300 rounded-lg text-sm">
<option>Last 30 days</option>
<option>Last 7 days</option>
<option>Last 90 days</option>
<option>This year</option>
</select>
<button className="px-4 py-2 bg-primary text-white rounded-lg text-sm hover:bg-primary/90">
Export Report
</button>
</div>
</div>
{/* Metric Cards */}
<div className="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-4 gap-6">
<MetricCard
title="Total Revenue"
value={`$${mockMetrics.revenue.value.toLocaleString()}`}
change={mockMetrics.revenue.change}
trend={mockMetrics.revenue.trend as "up" | "down" | "stable"}
icon={
<svg className="w-6 h-6" fill="none" viewBox="0 0 24 24" stroke="currentColor">
<path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 8c-1.657 0-3 .895-3 2s1.343 2 3 2 3 .895 3 2-1.343 2-3 2m0-8c1.11 0 2.08.402 2.599 1M12 8V7m0 1v8m0 0v1m0-1c-1.11 0-2.08-.402-2.599-1M21 12a9 9 0 11-18 0 9 9 0 0118 0z" />
</svg>
}
/>
<MetricCard
title="Total Orders"
value={mockMetrics.orders.value.toLocaleString()}
change={mockMetrics.orders.change}
trend={mockMetrics.orders.trend as "up" | "down" | "stable"}
icon={
<svg className="w-6 h-6" fill="none" viewBox="0 0 24 24" stroke="currentColor">
<path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M16 11V7a4 4 0 00-8 0v4M5 9h14l1 12H4L5 9z" />
</svg>
}
/>
<MetricCard
title="Customers"
value={mockMetrics.customers.value.toLocaleString()}
change={mockMetrics.customers.change}
trend={mockMetrics.customers.trend as "up" | "down" | "stable"}
icon={
<svg className="w-6 h-6" fill="none" viewBox="0 0 24 24" stroke="currentColor">
<path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M17 20h5v-2a3 3 0 00-5.356-1.857M17 20H7m10 0v-2c0-.656-.126-1.283-.356-1.857M7 20H2v-2a3 3 0 015.356-1.857M7 20v-2c0-.656.126-1.283.356-1.857m0 0a5.002 5.002 0 019.288 0M15 7a3 3 0 11-6 0 3 3 0 016 0zm6 3a2 2 0 11-4 0 2 2 0 014 0zM7 10a2 2 0 11-4 0 2 2 0 014 0z" />
</svg>
}
/>
<MetricCard
title="Conversion Rate"
value={`${mockMetrics.conversionRate.value}%`}
change={mockMetrics.conversionRate.change}
trend={mockMetrics.conversionRate.trend as "up" | "down" | "stable"}
icon={
<svg className="w-6 h-6" fill="none" viewBox="0 0 24 24" stroke="currentColor">
<path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M13 7h8m0 0v8m0-8l-8 8-4-4-6 6" />
</svg>
}
/>
</div>
{/* Charts Row */}
<div className="grid grid-cols-1 lg:grid-cols-3 gap-6">
<div className="lg:col-span-2">
<RevenueChart />
</div>
<CustomerGrowthChart />
</div>
{/* Tables Row */}
<div className="grid grid-cols-1 lg:grid-cols-2 gap-6">
<TopProductsTable />
<RecentOrdersTable />
</div>
{/* Funnel */}
<ConversionFunnel />
</div>
);
}
+156
View File
@@ -0,0 +1,156 @@
// Clerk authentication components for the UI
// Use Show, UserButton, SignInButton, SignUpButton from @clerk/nextjs
"use client";
import {
SignInButton,
SignUpButton,
UserButton,
useAuth,
useUser
} from "@clerk/nextjs";
import Link from "next/link";
// Show component for conditional rendering based on auth state
interface ShowProps {
when: "signed-in" | "signed-out";
children: React.ReactNode;
}
export function Show({ when, children }: ShowProps) {
const { isSignedIn } = useAuth();
if (when === "signed-in" && isSignedIn) {
return <>{children}</>;
}
if (when === "signed-out" && !isSignedIn) {
return <>{children}</>;
}
return null;
}
// User profile button with dropdown menu
export function ProfileButton() {
const { user } = useUser();
return (
<div className="flex items-center gap-2">
<UserButton
afterSignOutUrl="/"
appearance={{
elements: {
avatarBox: "w-8 h-8",
},
}}
/>
{user && (
<span className="hidden md:block text-sm text-gray-700">
{user.firstName || user.emailAddresses[0]?.emailAddress}
</span>
)}
</div>
);
}
// Sign in button for use in nav/header
export function SignInLink({ className }: { className?: string }) {
return (
<SignInButton mode="modal">
<button className={className || "px-4 py-2 bg-primary text-white rounded-lg hover:bg-primary/90"}>
Sign In
</button>
</SignInButton>
);
}
// Sign up button for use in nav/header
export function SignUpLink({ className }: { className?: string }) {
return (
<SignUpButton mode="modal">
<button className={className || "px-4 py-2 border border-primary text-primary rounded-lg hover:bg-primary/5"}>
Sign Up
</button>
</SignUpButton>
);
}
// Combined auth buttons for header
export function AuthButtons({ className }: { className?: string }) {
return (
<div className={`flex items-center gap-3 ${className || ""}`}>
<Show when="signed-out">
<>
<SignInLink />
<SignUpLink />
</>
</Show>
<Show when="signed-in">
<ProfileButton />
</Show>
</div>
);
}
// Admin navigation with auth check
export function AdminNav() {
const { isSignedIn, userId } = useAuth();
const { user } = useUser();
if (!isSignedIn) {
return (
<div className="flex items-center gap-4">
<SignInLink />
<SignUpLink />
</div>
);
}
return (
<div className="flex items-center gap-4">
<Link href="/admin" className="text-sm text-gray-600 hover:text-primary">
Dashboard
</Link>
<Link href="/admin/orders" className="text-sm text-gray-600 hover:text-primary">
Orders
</Link>
<Link href="/admin/products" className="text-sm text-gray-600 hover:text-primary">
Products
</Link>
<ProfileButton />
</div>
);
}
// Wholesale customer navigation
export function WholesaleNav() {
const { isSignedIn } = useAuth();
return (
<div className="flex items-center gap-4">
<Show when="signed-out">
<SignInLink />
</Show>
<Show when="signed-in">
<>
<Link href="/wholesale/portal" className="text-sm text-gray-600 hover:text-primary">
Portal
</Link>
<ProfileButton />
</>
</Show>
</div>
);
}
// Loading state component
export function AuthLoading() {
return (
<div className="flex items-center gap-2">
<div className="w-8 h-8 border-2 border-gray-300 border-t-primary rounded-full animate-spin" />
<span className="text-sm text-gray-500">Loading...</span>
</div>
);
}
+234
View File
@@ -0,0 +1,234 @@
// Changelog System - Display updates and track read status
"use client";
import { useState, useEffect } from "react";
import { formatDate } from "@/lib/format-date";
interface ChangelogEntry {
id: string;
version: string;
title: string;
description: string;
content: ChangelogItem[];
released_at: string;
is_published: boolean;
feature_type: "major" | "feature" | "improvement" | "bugfix";
}
interface ChangelogItem {
type: "feature" | "improvement" | "bugfix";
title: string;
description: string;
}
interface ChangelogProps {
brandId: string;
userId: string;
}
const TYPE_COLORS = {
feature: "bg-blue-100 text-blue-700",
improvement: "bg-green-100 text-green-700",
bugfix: "bg-red-100 text-red-700",
};
const TYPE_LABELS = {
feature: "New Feature",
improvement: "Improvement",
bugfix: "Bug Fix",
};
export function ChangelogFeed({ brandId, userId }: ChangelogProps) {
const [changelogs, setChangelogs] = useState<ChangelogEntry[]>([]);
const [loading, setLoading] = useState(true);
const [expandedId, setExpandedId] = useState<string | null>(null);
const [filter, setFilter] = useState<"all" | "feature" | "improvement" | "bugfix">("all");
const [unreadCount, setUnreadCount] = useState(0);
useEffect(() => {
loadChangelogs();
}, [brandId]);
const loadChangelogs = async () => {
try {
const res = await fetch(`/api/changelogs?brand_id=${brandId}`);
if (res.ok) {
const data = await res.json();
setChangelogs(data.data || []);
}
} catch (error) {
console.error("Failed to load changelogs:", error);
} finally {
setLoading(false);
}
};
const markAsRead = async (changelogId: string) => {
try {
await fetch("/api/changelogs/read", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({ changelog_id: changelogId, user_id: userId }),
});
setChangelogs(prev =>
prev.map(c => c.id === changelogId ? { ...c, is_read: true } : c)
);
setUnreadCount(prev => Math.max(0, prev - 1));
} catch (error) {
console.error("Failed to mark as read:", error);
}
};
const filteredChangelogs = changelogs.filter(c => {
if (!c.is_published) return false;
if (filter === "all") return true;
return c.feature_type === filter;
});
if (loading) {
return (
<div className="flex items-center justify-center py-12">
<div className="w-8 h-8 border-2 border-primary border-t-transparent rounded-full animate-spin" />
</div>
);
}
return (
<div className="space-y-6">
{/* Header */}
<div className="flex items-center justify-between">
<div>
<h2 className="text-xl font-bold text-gray-900">What's New</h2>
<p className="text-gray-500">Stay updated with the latest features and improvements</p>
</div>
{unreadCount > 0 && (
<span className="px-3 py-1 bg-primary text-white text-sm rounded-full">
{unreadCount} new
</span>
)}
</div>
{/* Filters */}
<div className="flex gap-2">
{["all", "feature", "improvement", "bugfix"].map((f) => (
<button
key={f}
onClick={() => setFilter(f as typeof filter)}
className={`px-4 py-2 rounded-lg text-sm font-medium transition-colors ${
filter === f
? "bg-primary text-white"
: "bg-gray-100 text-gray-600 hover:bg-gray-200"
}`}
>
{f === "all" ? "All" : TYPE_LABELS[f as keyof typeof TYPE_LABELS]}
</button>
))}
</div>
{/* Changelog List */}
<div className="space-y-4">
{filteredChangelogs.length === 0 ? (
<div className="text-center py-12 text-gray-500">
No updates yet. Check back soon!
</div>
) : (
filteredChangelogs.map((changelog) => (
<div
key={changelog.id}
className={`bg-white rounded-xl shadow-sm overflow-hidden transition-all ${
!changelog.is_read ? "ring-2 ring-primary/20" : ""
}`}
>
{/* Header - always visible */}
<div
className="p-6 cursor-pointer hover:bg-gray-50"
onClick={() => {
setExpandedId(expandedId === changelog.id ? null : changelog.id);
if (!changelog.is_read) {
markAsRead(changelog.id);
}
}}
>
<div className="flex items-start justify-between">
<div className="flex items-start gap-4">
<span className={`px-3 py-1 rounded-full text-xs font-medium ${TYPE_COLORS[changelog.feature_type]}`}>
v{changelog.version}
</span>
<div>
<h3 className="font-semibold text-gray-900">{changelog.title}</h3>
<p className="text-sm text-gray-500 mt-1">
Released {formatDate(new Date(changelog.released_at))}
</p>
</div>
</div>
{!changelog.is_read && (
<span className="w-2 h-2 bg-primary rounded-full" />
)}
</div>
</div>
{/* Expanded content */}
{expandedId === changelog.id && changelog.content && (
<div className="border-t border-gray-100 p-6 bg-gray-50">
<div className="space-y-4">
{changelog.content.map((item, i) => (
<div key={i} className="flex gap-4">
<div className={`w-2 h-2 mt-2 rounded-full ${
item.type === "feature" ? "bg-blue-500" :
item.type === "improvement" ? "bg-green-500" : "bg-red-500"
}`} />
<div>
<div className="font-medium text-gray-900">{item.title}</div>
<div className="text-sm text-gray-600 mt-1">{item.description}</div>
</div>
</div>
))}
</div>
</div>
)}
</div>
))
)}
</div>
</div>
);
}
// In-app notification component
export function ChangelogNotification({ changelog }: { changelog: ChangelogEntry }) {
const [dismissed, setDismissed] = useState(false);
if (dismissed) return null;
return (
<div className="fixed bottom-4 right-4 max-w-sm bg-white rounded-xl shadow-lg p-4 z-50 animate-slide-up">
<div className="flex items-start gap-3">
<div className="w-10 h-10 bg-primary/10 rounded-full flex items-center justify-center">
<svg className="w-5 h-5 text-primary" fill="none" viewBox="0 0 24 24" stroke="currentColor">
<path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M13 16h-1v-4h-1m1-4h.01M21 12a9 9 0 11-18 0 9 9 0 0118 0z" />
</svg>
</div>
<div className="flex-1">
<div className="flex items-center justify-between">
<span className="font-semibold text-gray-900">New Update</span>
<button
onClick={() => setDismissed(true)}
className="text-gray-400 hover:text-gray-600"
>
<svg className="w-5 h-5" fill="none" viewBox="0 0 24 24" stroke="currentColor">
<path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M6 18L18 6M6 6l12 12" />
</svg>
</button>
</div>
<p className="text-sm text-gray-600 mt-1">
<span className="font-medium">v{changelog.version}</span> - {changelog.title}
</p>
<button className="mt-3 text-sm text-primary font-medium hover:underline">
View Details
</button>
</div>
</div>
</div>
);
}
@@ -0,0 +1,309 @@
// Onboarding Flow - Welcome tour and interactive demo
"use client";
import { useState, useEffect } from "react";
import { useRouter } from "next/navigation";
import { motion, AnimatePresence } from "framer-motion";
import { analytics } from "@/lib/analytics";
interface OnboardingStep {
id: string;
title: string;
description: string;
icon: React.ReactNode;
action?: string;
}
const STEPS: OnboardingStep[] = [
{
id: "welcome",
title: "Welcome to Route Commerce",
description: "The all-in-one platform for fresh produce wholesale distribution. Let's take a quick tour to get you started.",
icon: (
<svg className="w-12 h-12" fill="none" viewBox="0 0 24 24" stroke="currentColor">
<path strokeLinecap="round" strokeLinejoin="round" strokeWidth={1.5} d="M3.055 11H5a2 2 0 012 2v1a2 2 0 002 2 2 2 0 012 2v2.945M8 3.935V5.5A2.5 2.5 0 0010.5 8h.5a2 2 0 012 2 2 2 0 104 0 2 2 0 012-2h1.064M15 20.488V18a2 2 0 012-2h3.064M21 12a9 9 0 11-18 0 9 9 0 0118 0z" />
</svg>
),
},
{
id: "products",
title: "Manage Your Products",
description: "Add your fresh produce with pricing, categories, and images. Perfect for showcasing your farm's best offerings.",
icon: (
<svg className="w-12 h-12" fill="none" viewBox="0 0 24 24" stroke="currentColor">
<path strokeLinecap="round" strokeLinejoin="round" strokeWidth={1.5} d="M20 7l-8-4-8 4m16 0l-8 4m8-4v10l-8 4m0-10L4 7m8 4v10M4 7v10l8 4" />
</svg>
),
action: "Add First Product",
},
{
id: "stops",
title: "Schedule Pickup Stops",
description: "Create scheduled stops for customers to pick up their orders. Manage locations, times, and capacity.",
icon: (
<svg className="w-12 h-12" fill="none" viewBox="0 0 24 24" stroke="currentColor">
<path strokeLinecap="round" strokeLinejoin="round" strokeWidth={1.5} d="M17.657 16.657L13.414 20.9a1.998 1.998 0 01-2.827 0l-4.244-4.243a8 8 0 1111.314 0z" />
<path strokeLinecap="round" strokeLinejoin="round" strokeWidth={1.5} d="M15 11a3 3 0 11-6 0 3 3 0 016 0z" />
</svg>
),
action: "Create First Stop",
},
{
id: "orders",
title: "Track Orders",
description: "Monitor customer orders in real-time. Handle pickups and shipments with ease.",
icon: (
<svg className="w-12 h-12" fill="none" viewBox="0 0 24 24" stroke="currentColor">
<path strokeLinecap="round" strokeLinejoin="round" strokeWidth={1.5} d="M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-3 7h3m-3 4h3m-6-4h.01M9 16h.01" />
</svg>
),
},
{
id: "communications",
title: "Harvest Reach",
description: "Send beautiful email campaigns to your customers. Keep them informed about seasonal offerings and promotions.",
icon: (
<svg className="w-12 h-12" fill="none" viewBox="0 0 24 24" stroke="currentColor">
<path strokeLinecap="round" strokeLinejoin="round" strokeWidth={1.5} d="M3 8l7.89 5.26a2 2 0 002.22 0L21 8M5 19h14a2 2 0 002-2V7a2 2 0 00-2-2H5a2 2 0 00-2 2v10a2 2 0 002 2z" />
</svg>
),
},
{
id: "complete",
title: "You're All Set!",
description: "Your dashboard is ready. Start adding products and scheduling stops to grow your wholesale business.",
icon: (
<svg className="w-12 h-12" fill="none" viewBox="0 0 24 24" stroke="currentColor">
<path strokeLinecap="round" strokeLinejoin="round" strokeWidth={1.5} d="M9 12l2 2 4-4m6 2a9 9 0 11-18 0 9 9 0 0118 0z" />
</svg>
),
},
];
interface OnboardingProps {
brandId: string;
userId: string;
onComplete?: () => void;
}
export function OnboardingFlow({ brandId, userId, onComplete }: OnboardingProps) {
const [currentStep, setCurrentStep] = useState(0);
const [isCompleted, setIsCompleted] = useState(false);
const router = useRouter();
useEffect(() => {
// Track onboarding start
analytics.onboardingStep("start", false);
}, []);
const handleNext = () => {
if (currentStep < STEPS.length - 1) {
const step = STEPS[currentStep];
analytics.onboardingStep(step.id, false);
setCurrentStep(currentStep + 1);
}
};
const handlePrevious = () => {
if (currentStep > 0) {
setCurrentStep(currentStep - 1);
}
};
const handleSkip = () => {
analytics.onboardingStep("skipped", true);
setIsCompleted(true);
onComplete?.();
};
const handleComplete = () => {
analytics.onboardingStep("complete", true);
setIsCompleted(true);
onComplete?.();
};
const handleAction = () => {
const step = STEPS[currentStep];
analytics.buttonClicked(step.action || "next", "onboarding");
if (step.id === "products") {
router.push("/admin/products/new");
} else if (step.id === "stops") {
router.push("/admin/stops/new");
} else {
handleNext();
}
};
if (isCompleted) {
return (
<div className="fixed inset-0 bg-black/50 flex items-center justify-center z-50">
<motion.div
initial={{ scale: 0.9, opacity: 0 }}
animate={{ scale: 1, opacity: 1 }}
className="bg-white rounded-2xl p-8 max-w-md text-center"
>
<div className="w-16 h-16 bg-green-100 rounded-full flex items-center justify-center mx-auto mb-4">
<svg className="w-8 h-8 text-green-600" fill="none" viewBox="0 0 24 24" stroke="currentColor">
<path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M5 13l4 4L19 7" />
</svg>
</div>
<h2 className="text-2xl font-bold text-gray-900 mb-2">Setup Complete!</h2>
<p className="text-gray-600 mb-6">
You're ready to start growing your wholesale business.
</p>
<button
onClick={() => router.push("/admin")}
className="w-full px-4 py-3 bg-primary text-white rounded-lg font-medium hover:bg-primary/90"
>
Go to Dashboard
</button>
</motion.div>
</div>
);
}
const step = STEPS[currentStep];
const progress = ((currentStep + 1) / STEPS.length) * 100;
return (
<AnimatePresence>
<motion.div
initial={{ opacity: 0 }}
animate={{ opacity: 1 }}
exit={{ opacity: 0 }}
className="fixed inset-0 bg-black/50 flex items-center justify-center z-50 p-4"
>
<motion.div
initial={{ y: 20, opacity: 0 }}
animate={{ y: 0, opacity: 1 }}
className="bg-white rounded-2xl shadow-2xl max-w-lg w-full overflow-hidden"
>
{/* Progress bar */}
<div className="h-1 bg-gray-200">
<motion.div
className="h-full bg-primary"
initial={{ width: 0 }}
animate={{ width: `${progress}%` }}
transition={{ duration: 0.3 }}
/>
</div>
<div className="p-8">
{/* Step indicator */}
<div className="flex items-center justify-center gap-2 mb-8">
{STEPS.map((_, i) => (
<div
key={i}
className={`w-2 h-2 rounded-full transition-colors ${
i <= currentStep ? "bg-primary" : "bg-gray-300"
}`}
/>
))}
</div>
{/* Icon */}
<div className="w-20 h-20 bg-primary/10 rounded-2xl flex items-center justify-center mx-auto mb-6 text-primary">
{step.icon}
</div>
{/* Content */}
<div className="text-center mb-8">
<h2 className="text-2xl font-bold text-gray-900 mb-2">{step.title}</h2>
<p className="text-gray-600">{step.description}</p>
</div>
{/* Actions */}
<div className="flex gap-3">
{currentStep > 0 ? (
<button
onClick={handlePrevious}
className="flex-1 px-4 py-3 border border-gray-300 text-gray-700 rounded-lg font-medium hover:bg-gray-50"
>
Back
</button>
) : (
<button
onClick={handleSkip}
className="flex-1 px-4 py-3 border border-gray-300 text-gray-700 rounded-lg font-medium hover:bg-gray-50"
>
Skip Tour
</button>
)}
{step.action ? (
<button
onClick={handleAction}
className="flex-1 px-4 py-3 bg-primary text-white rounded-lg font-medium hover:bg-primary/90"
>
{step.action}
</button>
) : currentStep === STEPS.length - 1 ? (
<button
onClick={handleComplete}
className="flex-1 px-4 py-3 bg-primary text-white rounded-lg font-medium hover:bg-primary/90"
>
Get Started
</button>
) : (
<button
onClick={handleNext}
className="flex-1 px-4 py-3 bg-primary text-white rounded-lg font-medium hover:bg-primary/90"
>
Next
</button>
)}
</div>
</div>
{/* Step counter */}
<div className="bg-gray-50 px-8 py-4 text-center text-sm text-gray-500">
Step {currentStep + 1} of {STEPS.length}
</div>
</motion.div>
</motion.div>
</AnimatePresence>
);
}
// Interactive demo component
export function InteractiveDemo({ onClose }: { onClose: () => void }) {
const [demoStep, setDemoStep] = useState(0);
const demoSteps = [
{ title: "Add Products", description: "Create your product catalog" },
{ title: "Schedule Stops", description: "Set up pickup locations" },
{ title: "Send Campaigns", description: "Email your customers" },
];
return (
<div className="fixed inset-0 bg-black/50 flex items-center justify-center z-50 p-4">
<div className="bg-white rounded-2xl max-w-md w-full p-6">
<h3 className="text-lg font-bold mb-4">Interactive Demo</h3>
<div className="space-y-4">
{demoSteps.map((step, i) => (
<div
key={i}
className={`p-4 rounded-lg border-2 cursor-pointer transition-colors ${
i === demoStep ? "border-primary bg-primary/5" : "border-gray-200"
}`}
onClick={() => setDemoStep(i)}
>
<div className="font-medium">{step.title}</div>
<div className="text-sm text-gray-500">{step.description}</div>
</div>
))}
</div>
<div className="mt-6 flex gap-3">
<button onClick={onClose} className="flex-1 px-4 py-2 border rounded-lg">
Close
</button>
<button className="flex-1 px-4 py-2 bg-primary text-white rounded-lg">
Start Demo
</button>
</div>
</div>
</div>
);
}
@@ -0,0 +1,105 @@
// Analytics Provider with PostHog integration
"use client";
import { useEffect } from "react";
import { usePathname, useSearchParams } from "next/navigation";
import { posthogEnabled, identifyUser, groupByBrand } from "@/lib/analytics";
// Analytics tracking component
export function AnalyticsProvider({ userId, brandId }: { userId?: string; brandId?: string }) {
const pathname = usePathname();
const searchParams = useSearchParams();
// Track page views
useEffect(() => {
if (!posthogEnabled) return;
const url = pathname + (searchParams.toString() ? `?${searchParams}` : "");
// PostHog tracks pageviews automatically with the capture_pageview option
// But we can manually track for better control
import("posthog-js").then(({ posthog }) => {
posthog.capture("$pageview", {
path: pathname,
url,
referrer: document.referrer,
});
});
}, [pathname, searchParams]);
// Identify user
useEffect(() => {
if (!posthogEnabled || !userId) return;
identifyUser(userId, { brand_id: brandId });
}, [userId, brandId]);
// Group by brand
useEffect(() => {
if (!posthogEnabled || !brandId) return;
groupByBrand(brandId);
}, [brandId]);
return null;
}
// Hook for tracking custom events
export function useAnalytics() {
const trackEvent = async (event: string, properties?: Record<string, unknown>) => {
if (!posthogEnabled) return;
const { posthog } = await import("posthog-js");
posthog.capture(event, properties);
};
const trackClick = (element: string, properties?: Record<string, unknown>) => {
trackEvent("button_clicked", { element, ...properties });
};
const trackFormSubmit = (form: string, success: boolean, properties?: Record<string, unknown>) => {
trackEvent("form_submitted", { form, success, ...properties });
};
return {
trackEvent,
trackClick,
trackFormSubmit,
};
}
// Revenue tracking helper
export function trackRevenue(amount: number, currency: string = "USD") {
if (!posthogEnabled) return;
import("posthog-js").then(({ posthog }) => {
posthog.capture("revenue", {
amount,
currency,
});
});
}
// Feature usage tracking
export function trackFeatureUsage(feature: string, properties?: Record<string, unknown>) {
if (!posthogEnabled) return;
import("posthog-js").then(({ posthog }) => {
posthog.capture("feature_used", {
feature,
...properties,
});
});
}
// Session recording wrapper for development
export function SessionRecorder() {
useEffect(() => {
if (process.env.NODE_ENV === "development" && posthogEnabled) {
import("posthog-js").then(({ posthog }) => {
posthog.startSessionRecording();
});
}
}, []);
return null;
}
@@ -0,0 +1,38 @@
// Clerk provider wrapper for Next.js App Router
"use client";
import { ClerkProvider as ClerkProviderBase } from "@clerk/nextjs";
import { usePathname, useRouter } from "next/navigation";
interface ClerkProviderProps {
children: React.ReactNode;
publishableKey: string;
}
export function ClerkProvider({ children, publishableKey }: ClerkProviderProps) {
const router = useRouter();
const pathname = usePathname();
// Determine sign-in URL based on current path
const signInUrl = "/login";
const signUpUrl = "/register";
const afterSignInUrl = pathname || "/admin";
const afterSignUpUrl = "/onboarding";
return (
<ClerkProviderBase
publishableKey={publishableKey}
signInUrl={signInUrl}
signUpUrl={signUpUrl}
afterSignInUrl={afterSignInUrl}
afterSignUpUrl={afterSignUpUrl}
routing={process.env.NEXT_PUBLIC_CLERK_ROUTING || "path"}
>
{children}
</ClerkProviderBase>
);
}
// Hooks for Clerk auth state
export { useUser, useAuth, useClerk } from "@clerk/nextjs";
+287
View File
@@ -0,0 +1,287 @@
// Error Boundary Component for catching and displaying errors
"use client";
import React, { Component, ReactNode } from "react";
import { captureError } from "@/lib/sentry";
import { Button } from "@/components/ui/button";
interface ErrorBoundaryProps {
children: ReactNode;
fallback?: ReactNode;
onError?: (error: Error, errorInfo: React.ErrorInfo) => void;
}
interface ErrorBoundaryState {
hasError: boolean;
error: Error | null;
errorInfo: React.ErrorInfo | null;
}
export class ErrorBoundary extends Component<ErrorBoundaryProps, ErrorBoundaryState> {
constructor(props: ErrorBoundaryProps) {
super(props);
this.state = { hasError: false, error: null, errorInfo: null };
}
static getDerivedStateFromError(error: Error): Partial<ErrorBoundaryState> {
return { hasError: true, error };
}
componentDidCatch(error: Error, errorInfo: React.ErrorInfo) {
// Log to Sentry
captureError(error, {
componentStack: errorInfo.componentStack,
boundary: "ErrorBoundary",
});
// Call custom error handler
this.props.onError?.(error, errorInfo);
this.setState({ errorInfo });
}
resetError = () => {
this.setState({ hasError: false, error: null, errorInfo: null });
};
render() {
if (this.state.hasError) {
if (this.props.fallback) {
return this.props.fallback;
}
return (
<div className="min-h-screen flex items-center justify-center bg-gray-50 p-4">
<div className="max-w-md w-full bg-white rounded-xl shadow-lg p-8 text-center">
<div className="w-16 h-16 mx-auto mb-6 bg-red-100 rounded-full flex items-center justify-center">
<svg className="w-8 h-8 text-red-600" fill="none" viewBox="0 0 24 24" stroke="currentColor">
<path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z" />
</svg>
</div>
<h1 className="text-2xl font-bold text-gray-900 mb-2">Something went wrong</h1>
<p className="text-gray-600 mb-6">
We encountered an unexpected error. Please try refreshing the page.
</p>
<div className="space-y-3">
<Button onClick={this.resetError} className="w-full">
Try Again
</Button>
<Button
variant="outline"
onClick={() => window.location.href = "/"}
className="w-full"
>
Go to Homepage
</Button>
</div>
{process.env.NODE_ENV === "development" && this.state.error && (
<div className="mt-6 p-4 bg-gray-100 rounded-lg text-left">
<p className="text-sm font-mono text-red-600 break-all">
{this.state.error.message}
</p>
</div>
)}
</div>
</div>
);
}
return this.props.children;
}
}
// Loading skeleton component
export function LoadingSkeleton({ className }: { className?: string }) {
return (
<div className={`animate-pulse bg-gray-200 rounded ${className}`} />
);
}
// Full page loading state
export function LoadingPage() {
return (
<div className="min-h-screen flex items-center justify-center bg-gray-50">
<div className="text-center">
<div className="w-12 h-12 border-4 border-primary border-t-transparent rounded-full animate-spin mx-auto mb-4" />
<p className="text-gray-600">Loading...</p>
</div>
</div>
);
}
// Loading spinner for buttons
export function LoadingSpinner({ size = "md" }: { size?: "sm" | "md" | "lg" }) {
const sizeClasses = {
sm: "w-4 h-4",
md: "w-6 h-6",
lg: "w-8 h-8",
};
return (
<div className={`${sizeClasses[size]} border-2 border-current border-t-transparent rounded-full animate-spin`} />
);
}
// Async button wrapper with loading state
interface AsyncButtonProps extends React.ButtonHTMLAttributes<HTMLButtonElement> {
children: ReactNode;
loading?: boolean;
loadingText?: string;
}
export function AsyncButton({
children,
loading,
loadingText = "Loading...",
disabled,
...props
}: AsyncButtonProps) {
return (
<button
{...props}
disabled={disabled || loading}
className={`relative ${props.className || ""}`}
>
{loading && (
<span className="absolute inset-0 flex items-center justify-center">
<LoadingSpinner size="sm" />
</span>
)}
<span className={loading ? "opacity-0" : ""}>
{children}
</span>
{loading && loadingText && (
<span className="sr-only">{loadingText}</span>
)}
</button>
);
}
// Optimistic update wrapper
interface OptimisticState<T> {
data: T | null;
loading: boolean;
error: Error | null;
}
export function useOptimistic<T>(initialData: T | null = null) {
const [state, setState] = React.useState<OptimisticState<T>>({
data: initialData,
loading: false,
error: null,
});
const optimisticUpdate = React.useCallback((updater: (prev: T | null) => T) => {
setState(prev => ({
...prev,
data: updater(prev.data),
}));
}, []);
const setLoading = React.useCallback((loading: boolean) => {
setState(prev => ({ ...prev, loading }));
}, []);
const setError = React.useCallback((error: Error | null) => {
setState(prev => ({ ...prev, error }));
}, []);
const reset = React.useCallback(() => {
setState({ data: initialData, loading: false, error: null });
}, [initialData]);
return {
...state,
optimisticUpdate,
setLoading,
setError,
reset,
setData: (data: T) => setState(prev => ({ ...prev, data })),
};
}
// Toast notifications
interface Toast {
id: string;
type: "success" | "error" | "info" | "warning";
message: string;
duration?: number;
}
interface ToastContextType {
toasts: Toast[];
addToast: (toast: Omit<Toast, "id">) => void;
removeToast: (id: string) => void;
}
const ToastContext = React.createContext<ToastContextType | null>(null);
export function ToastProvider({ children }: { children: ReactNode }) {
const [toasts, setToasts] = React.useState<Toast[]>([]);
const addToast = React.useCallback((toast: Omit<Toast, "id">) => {
const id = Math.random().toString(36).substring(7);
setToasts(prev => [...prev, { ...toast, id }]);
// Auto remove after duration
setTimeout(() => {
setToasts(prev => prev.filter(t => t.id !== id));
}, toast.duration || 5000);
}, []);
const removeToast = React.useCallback((id: string) => {
setToasts(prev => prev.filter(t => t.id !== id));
}, []);
return (
<ToastContext.Provider value={{ toasts, addToast, removeToast }}>
{children}
<ToastContainer toasts={toasts} onRemove={removeToast} />
</ToastContext.Provider>
);
}
function ToastContainer({
toasts,
onRemove
}: {
toasts: Toast[];
onRemove: (id: string) => void
}) {
if (toasts.length === 0) return null;
return (
<div className="fixed bottom-4 right-4 z-50 space-y-2">
{toasts.map(toast => (
<div
key={toast.id}
className={`flex items-center gap-3 p-4 rounded-lg shadow-lg animate-slide-in ${
toast.type === "success" ? "bg-green-600" :
toast.type === "error" ? "bg-red-600" :
toast.type === "warning" ? "bg-yellow-600" :
"bg-blue-600"
} text-white`}
>
<span>{toast.message}</span>
<button
onClick={() => onRemove(toast.id)}
className="p-1 hover:bg-white/20 rounded"
>
<svg className="w-4 h-4" fill="none" viewBox="0 0 24 24" stroke="currentColor">
<path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M6 18L18 6M6 6l12 12" />
</svg>
</button>
</div>
))}
</div>
);
}
export function useToast() {
const context = React.useContext(ToastContext);
if (!context) {
throw new Error("useToast must be used within a ToastProvider");
}
return context;
}
+206
View File
@@ -0,0 +1,206 @@
// Referral System - Generate, share, and track referral codes
"use client";
import { useState } from "react";
import { analytics } from "@/lib/analytics";
interface ReferralCode {
code: string;
reward_type: "percentage" | "fixed";
reward_value: number;
uses: number;
max_uses: number;
created_at: string;
}
interface ReferralStats {
total_referrals: number;
successful_conversions: number;
total_reward_value: number;
}
interface ReferralSystemProps {
brandId: string;
userId: string;
userEmail: string;
}
export function ReferralSystem({ brandId, userId, userEmail }: ReferralSystemProps) {
const [isGenerating, setIsGenerating] = useState(false);
const [shareModalOpen, setShareModalOpen] = useState(false);
const [selectedCode, setSelectedCode] = useState<ReferralCode | null>(null);
const generateCode = async () => {
setIsGenerating(true);
// Track event
analytics.featureUsed("referral_generate_code", { brand_id: brandId });
try {
const res = await fetch("/api/referrals", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({
action: "generate",
brand_id: brandId,
user_id: userId,
}),
});
if (res.ok) {
// Code generated successfully - refresh list
analytics.referralShared("", "platform_select");
}
} catch (error) {
console.error("Failed to generate referral code:", error);
} finally {
setIsGenerating(false);
}
};
const shareCode = (code: ReferralCode, platform: string) => {
const shareUrl = `${window.location.origin}/register?ref=${code.code}`;
const text = `Join Route Commerce and get ${code.reward_value}% off your first month!`;
if (platform === "copy") {
navigator.clipboard.writeText(shareUrl);
analytics.referralShared(code.code, "copy_link");
} else if (platform === "email") {
window.location.href = `mailto:?subject=Try Route Commerce&body=${encodeURIComponent(text + "\n\n" + shareUrl)}`;
analytics.referralShared(code.code, "email");
} else if (platform === "twitter") {
window.open(`https://twitter.com/intent/tweet?text=${encodeURIComponent(text + " " + shareUrl)}`, "_blank");
analytics.referralShared(code.code, "twitter");
} else if (platform === "facebook") {
window.open(`https://www.facebook.com/sharer/sharer.php?u=${encodeURIComponent(shareUrl)}`, "_blank");
analytics.referralShared(code.code, "facebook");
}
};
return (
<div className="space-y-6">
{/* Header */}
<div className="bg-gradient-to-r from-primary/10 to-primary/5 rounded-xl p-6">
<div className="flex items-start justify-between">
<div>
<h3 className="text-xl font-bold text-gray-900 mb-2">Refer & Earn</h3>
<p className="text-gray-600">
Share Route Commerce with other farms and earn rewards for each successful signup.
</p>
</div>
<div className="text-right">
<div className="text-3xl font-bold text-primary">20%</div>
<div className="text-sm text-gray-500">Reward</div>
</div>
</div>
<button
onClick={generateCode}
disabled={isGenerating}
className="mt-4 w-full px-4 py-3 bg-primary text-white rounded-lg font-medium hover:bg-primary/90 disabled:opacity-50"
>
{isGenerating ? "Generating..." : "Generate New Referral Code"}
</button>
</div>
{/* Stats */}
<div className="grid grid-cols-3 gap-4">
<div className="bg-white rounded-xl shadow-sm p-4 text-center">
<div className="text-2xl font-bold text-gray-900">0</div>
<div className="text-sm text-gray-500">Total Referrals</div>
</div>
<div className="bg-white rounded-xl shadow-sm p-4 text-center">
<div className="text-2xl font-bold text-green-600">0</div>
<div className="text-sm text-gray-500">Conversions</div>
</div>
<div className="bg-white rounded-xl shadow-sm p-4 text-center">
<div className="text-2xl font-bold text-gray-900">$0</div>
<div className="text-sm text-gray-500">Earned</div>
</div>
</div>
{/* How it works */}
<div className="bg-white rounded-xl shadow-sm p-6">
<h4 className="font-semibold text-gray-900 mb-4">How It Works</h4>
<div className="space-y-4">
{[
{ step: "1", title: "Generate Code", desc: "Create your unique referral code" },
{ step: "2", title: "Share", desc: "Send to other farms via email or social" },
{ step: "3", title: "They Sign Up", desc: "Friend uses your code to register" },
{ step: "4", title: "Both Earn", desc: "Get 20% off, they get 20% off" },
].map((item, i) => (
<div key={i} className="flex items-start gap-4">
<div className="w-8 h-8 bg-primary/10 rounded-full flex items-center justify-center text-primary font-bold">
{item.step}
</div>
<div>
<div className="font-medium text-gray-900">{item.title}</div>
<div className="text-sm text-gray-500">{item.desc}</div>
</div>
</div>
))}
</div>
</div>
{/* Share Modal */}
{shareModalOpen && selectedCode && (
<div className="fixed inset-0 bg-black/50 flex items-center justify-center z-50 p-4">
<div className="bg-white rounded-xl max-w-md w-full p-6">
<h3 className="text-lg font-bold mb-4">Share Your Code</h3>
<div className="bg-gray-100 rounded-lg p-4 mb-4">
<code className="text-xl font-mono font-bold">{selectedCode.code}</code>
</div>
<div className="space-y-2">
<button
onClick={() => { shareCode(selectedCode, "copy"); setShareModalOpen(false); }}
className="w-full px-4 py-3 bg-gray-100 text-gray-700 rounded-lg hover:bg-gray-200 flex items-center gap-3"
>
<svg className="w-5 h-5" fill="none" viewBox="0 0 24 24" stroke="currentColor">
<path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M8 5H6a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2v-1M8 5a2 2 0 002 2h2a2 2 0 002-2M8 5a2 2 0 012-2h2a2 2 0 012 2m0 0h2a2 2 0 012 2v3m2 4H10m0 0l3-3m-3 3l3 3" />
</svg>
Copy Link
</button>
<button
onClick={() => { shareCode(selectedCode, "email"); setShareModalOpen(false); }}
className="w-full px-4 py-3 bg-gray-100 text-gray-700 rounded-lg hover:bg-gray-200 flex items-center gap-3"
>
<svg className="w-5 h-5" fill="none" viewBox="0 0 24 24" stroke="currentColor">
<path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M3 8l7.89 5.26a2 2 0 002.22 0L21 8M5 19h14a2 2 0 002-2V7a2 2 0 00-2-2H5a2 2 0 00-2 2v10a2 2 0 002 2z" />
</svg>
Email
</button>
<button
onClick={() => { shareCode(selectedCode, "twitter"); setShareModalOpen(false); }}
className="w-full px-4 py-3 bg-gray-100 text-gray-700 rounded-lg hover:bg-gray-200 flex items-center gap-3"
>
<svg className="w-5 h-5" fill="currentColor" viewBox="0 0 24 24">
<path d="M23.953 4.57a10 10 0 01-2.825.775 4.958 4.958 0 002.163-2.723c-.951.555-2.005.959-3.127 1.184a4.92 4.92 0 00-8.384 4.482C7.69 8.095 4.067 6.13 1.64 3.162a4.822 4.822 0 00-.666 2.475c0 1.71.87 3.213 2.188 4.096a4.904 4.904 0 01-2.228-.616v.06a4.923 4.923 0 003.946 4.827 4.996 4.996 0 01-2.212.085 4.936 4.936 0 004.604 3.417 9.867 9.867 0 01-6.102 2.105c-.39 0-.779-.023-1.17-.067a13.995 13.995 0 007.557 2.209c9.053 0 13.998-7.496 13.998-13.985 0-.21 0-.42-.015-.63A9.935 9.935 0 0024 4.59z"/>
</svg>
Twitter
</button>
</div>
<button
onClick={() => setShareModalOpen(false)}
className="mt-4 w-full px-4 py-2 border border-gray-300 rounded-lg"
>
Close
</button>
</div>
</div>
)}
</div>
);
}
// Referral badge component for display
export function ReferralBadge({ code }: { code: string }) {
return (
<div className="inline-flex items-center gap-2 px-3 py-1 bg-primary/10 text-primary rounded-full text-sm font-medium">
<svg className="w-4 h-4" fill="none" viewBox="0 0 24 24" stroke="currentColor">
<path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M3 10h18M7 15h1m4 0h1m-7 4h12a3 3 0 003-3V8a3 3 0 00-3-3H6a3 3 0 00-3 3v8a3 3 0 003 3z" />
</svg>
<span>Ref: {code}</span>
</div>
);
}
+175
View File
@@ -0,0 +1,175 @@
// PostHog Analytics Configuration
import { PostHog } from "posthog-js";
const posthogApiKey = process.env.NEXT_PUBLIC_POSTHOG_API_KEY;
const posthogHost = process.env.NEXT_PUBLIC_POSTHOG_HOST || "https://app.posthog.com";
// Only enable in production or when API key is set
export const posthogEnabled = Boolean(posthogApiKey);
// Singleton PostHog instance
let posthogInstance: PostHog | null = null;
export function getPostHog(): PostHog {
if (!posthogInstance && posthogEnabled) {
posthogInstance = new PostHog(posthogApiKey!, {
host: posthogHost,
// Disable in development unless explicitly enabled
loaded: process.env.NODE_ENV !== "development" || process.env.NEXT_PUBLIC_POSTHOG_ENABLED === "true",
// Session recording
session_recording: process.env.NODE_ENV === "production",
// Capture pageviews automatically
capture_pageview: true,
// Capture exceptions
capture_events: true,
// Disable until opted in (GDPR compliance)
opt_out_capturing_by_default: false,
// Sanitize sensitive data
sanititize_properties: (properties) => {
// Remove any PII before capture
const sensitive = ['email', 'password', 'token', 'secret', 'cardNumber', 'cvv'];
sensitive.forEach(key => delete properties[key]);
return properties;
},
});
}
return posthogInstance!;
}
// Analytics helper functions
export const analytics = {
// Page views
pageView: (url: string, properties?: Record<string, unknown>) => {
if (posthogEnabled) {
getPostHog()?.capture("$pageview", { url, ...properties });
}
},
// Feature usage
featureUsed: (feature: string, properties?: Record<string, unknown>) => {
if (posthogEnabled) {
getPostHog()?.capture("feature_used", { feature, ...properties });
}
},
// Button clicks
buttonClicked: (buttonName: string, page: string, properties?: Record<string, unknown>) => {
if (posthogEnabled) {
getPostHog()?.capture("button_clicked", { button_name: buttonName, page, ...properties });
}
},
// Form submissions
formSubmitted: (formName: string, success: boolean, properties?: Record<string, unknown>) => {
if (posthogEnabled) {
getPostHog()?.capture("form_submitted", { form_name: formName, success, ...properties });
}
},
// User signups
userSignedUp: (method: string, brandId?: string) => {
if (posthogEnabled) {
getPostHog()?.capture("user_signed_up", { method, brand_id: brandId });
}
},
// Subscription events
subscriptionCreated: (plan: string, amount: number, interval: string) => {
if (posthogEnabled) {
getPostHog()?.capture("subscription_created", { plan, amount, interval });
}
},
subscriptionUpgraded: (fromPlan: string, toPlan: string, amount: number) => {
if (posthogEnabled) {
getPostHog()?.capture("subscription_upgraded", { from_plan: fromPlan, to_plan: toPlan, amount });
}
},
subscriptionCancelled: (plan: string, reason?: string) => {
if (posthogEnabled) {
getPostHog()?.capture("subscription_cancelled", { plan, reason });
}
},
// Order events
orderCreated: (orderId: string, amount: number, brandId: string) => {
if (posthogEnabled) {
getPostHog()?.capture("order_created", { order_id: orderId, amount, brand_id: brandId });
}
},
orderCompleted: (orderId: string, amount: number, fulfillment: string) => {
if (posthogEnabled) {
getPostHog()?.capture("order_completed", { order_id: orderId, amount, fulfillment });
}
},
// Communication campaign events
campaignCreated: (campaignId: string, type: string, audienceSize: number) => {
if (posthogEnabled) {
getPostHog()?.capture("campaign_created", { campaign_id: campaignId, type, audience_size: audienceSize });
}
},
campaignSent: (campaignId: string, sent: number, opened: number) => {
if (posthogEnabled) {
getPostHog()?.capture("campaign_sent", { campaign_id: campaignId, sent, opened });
}
},
// Admin actions
adminAction: (action: string, resource: string, resourceId?: string) => {
if (posthogEnabled) {
getPostHog()?.capture("admin_action", { action, resource, resource_id: resourceId });
}
},
// Referral events
referralShared: (referralCode: string, platform: string) => {
if (posthogEnabled) {
getPostHog()?.capture("referral_shared", { referral_code: referralCode, platform });
}
},
referralCompleted: (referralCode: string, newUserId: string) => {
if (posthogEnabled) {
getPostHog()?.capture("referral_completed", { referral_code: referralCode, new_user_id: newUserId });
}
},
// Error tracking
error: (errorType: string, message: string, context?: Record<string, unknown>) => {
if (posthogEnabled) {
getPostHog()?.capture("error", { error_type: errorType, message, ...context });
}
},
// Search functionality
searchPerformed: (query: string, resultCount: number, category?: string) => {
if (posthogEnabled) {
getPostHog()?.capture("search_performed", { query, result_count: resultCount, category });
}
},
// Onboarding funnel tracking
onboardingStep: (step: string, completed: boolean) => {
if (posthogEnabled) {
getPostHog()?.capture("onboarding_step", { step, completed });
}
},
};
// User identification
export function identifyUser(userId: string, properties?: Record<string, unknown>) {
if (posthogEnabled) {
getPostHog()?.identify(userId, properties);
}
}
// Group users by brand
export function groupByBrand(brandId: string, properties?: Record<string, unknown>) {
if (posthogEnabled) {
getPostHog()?.group("brand", brandId, properties);
}
}
+275
View File
@@ -0,0 +1,275 @@
// Clerk Authentication Integration
// Multi-tenant auth with role-based access control
import { createClerkClient } from "@clerk/nextjs/server";
import { auth } from "@clerk/nextjs/server";
import { NextResponse } from "next/server";
import { cookies } from "next/headers";
import { createClient } from "@supabase/supabase-js";
// Clerk configuration
const clerkClient = createClerkClient({
secretKey: process.env.CLERK_SECRET_KEY,
});
// Clerk publishable key for frontend
export const CLERK_PUBLISHABLE_KEY = process.env.NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY;
// Role definitions
export type UserRole = "platform_admin" | "brand_admin" | "store_employee" | "wholesale_customer" | "customer";
export interface ClerkUser {
id: string;
email: string;
firstName?: string;
lastName?: string;
publicMetadata: {
role?: UserRole;
brand_id?: string;
is_onboarded?: boolean;
};
}
// Get current authenticated user from Clerk
export async function getClerkUser(): Promise<ClerkUser | null> {
const { userId, sessionId, getToken } = await auth();
if (!userId) {
return null;
}
try {
const user = await clerkClient.users.getUser(userId);
return {
id: user.id,
email: user.emailAddresses[0]?.emailAddress || "",
firstName: user.firstName || undefined,
lastName: user.lastName || undefined,
publicMetadata: user.publicMetadata as ClerkUser["publicMetadata"],
};
} catch (error) {
console.error("Failed to fetch Clerk user:", error);
return null;
}
}
// Get Clerk session token for API calls
export async function getClerkToken() {
const { getToken } = await auth();
return getToken({ template: "supabase" });
}
// Create Clerk user with metadata
export async function createClerkUser(
email: string,
firstName?: string,
lastName?: string,
publicMetadata?: Record<string, unknown>
) {
try {
const user = await clerkClient.users.createUser({
emailAddress: [email],
firstName,
lastName,
publicMetadata: {
role: "customer",
is_onboarded: false,
...publicMetadata,
},
});
return user;
} catch (error) {
console.error("Failed to create Clerk user:", error);
throw error;
}
}
// Update Clerk user metadata
export async function updateClerkUserMetadata(
userId: string,
metadata: Record<string, unknown>
) {
try {
await clerkClient.users.updateUserMetadata(userId, {
publicMetadata: metadata,
});
} catch (error) {
console.error("Failed to update Clerk user metadata:", error);
throw error;
}
}
// Set user role in Clerk metadata
export async function setUserRole(userId: string, role: UserRole, brandId?: string) {
await updateClerkUserMetadata(userId, {
role,
brand_id: brandId,
});
}
// Delete Clerk user (soft delete for compliance)
export async function deleteClerkUser(userId: string) {
try {
await clerkClient.users.deleteUser(userId);
} catch (error) {
console.error("Failed to delete Clerk user:", error);
throw error;
}
}
// Get user's organizations/brands from Clerk
export async function getUserOrganizations() {
const { userId } = await auth();
if (!userId) {
return [];
}
try {
const memberships = await clerkClient.users.getOrganizationMemberships({ userId });
return memberships.data;
} catch (error) {
console.error("Failed to fetch organization memberships:", error);
return [];
}
}
// Create Clerk organization for brands
export async function createBrandOrganization(brandId: string, brandName: string) {
try {
const org = await clerkClient.organizations.createOrganization({
name: brandName,
slug: brandName.toLowerCase().replace(/\s+/g, "-"),
publicMetadata: {
brand_id: brandId,
},
});
return org;
} catch (error) {
console.error("Failed to create organization:", error);
throw error;
}
}
// Add user to organization with role
export async function addUserToOrganization(
organizationId: string,
userId: string,
role: string
) {
try {
await clerkClient.organizations.createOrganizationMembership({
organizationId,
userId,
role,
});
} catch (error) {
console.error("Failed to add user to organization:", error);
throw error;
}
}
// Authentication helper for middleware
export function isAuthenticated() {
return auth().userId !== null;
}
// Role checking helper
export function hasRole(allowedRoles: UserRole[]) {
return async function checkRole() {
const user = await getClerkUser();
if (!user) return false;
return allowedRoles.includes(user.publicMetadata.role || "customer");
};
}
// Session management - sync with Supabase for brand data
export async function syncUserWithBrand(userId: string, brandId: string) {
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
const serviceKey = process.env.SUPABASE_SERVICE_ROLE_KEY!;
// Sync with Supabase admin_users table
try {
const res = await fetch(
`${supabaseUrl}/rest/v1/rpc/upsert_admin_user`,
{
method: "POST",
headers: {
apikey: serviceKey,
"Content-Type": "application/json",
Prefer: "return=representation",
},
body: JSON.stringify({
p_user_id: userId,
p_brand_id: brandId,
p_role: "brand_admin",
}),
}
);
if (res.ok) {
const result = await res.json();
return result;
}
} catch (error) {
console.error("Failed to sync user with brand:", error);
}
return null;
}
// Webhook handler for Clerk events
export async function handleClerkWebhook(event: string, payload: unknown) {
switch (event) {
case "user.created":
// New user signup - create in our system
await handleUserCreated(payload);
break;
case "user.updated":
// User updated their profile
await handleUserUpdated(payload);
break;
case "user.deleted":
// User deleted their account
await handleUserDeleted(payload);
break;
case "session.created":
// User logged in
await handleSessionCreated(payload);
break;
case "session.ended":
// User logged out
await handleSessionEnded(payload);
break;
}
}
async function handleUserCreated(payload: unknown) {
// Sync new user to our database
const user = payload as { id: string; email_addresses: { email_address: string }[] };
console.log("New user created:", user.id);
// Add any additional logic here
}
async function handleUserUpdated(payload: unknown) {
const user = payload as { id: string };
console.log("User updated:", user.id);
}
async function handleUserDeleted(payload: unknown) {
const user = payload as { id: string };
console.log("User deleted:", user.id);
// Optionally soft-delete or anonymize user data
}
async function handleSessionCreated(payload: unknown) {
const session = payload as { id: string; user_id: string };
// Track session for analytics
console.log("Session created:", session.id);
}
async function handleSessionEnded(payload: unknown) {
const session = payload as { id: string };
console.log("Session ended:", session.id);
}
+94
View File
@@ -0,0 +1,94 @@
// Global Error Handler for uncaught exceptions
import { captureError, addBreadcrumb } from "./sentry";
// Handle uncaught errors
if (typeof window !== "undefined") {
window.onerror = (message, source, lineno, colno, error) => {
captureError(error || new Error(String(message)), {
source,
lineno,
colno,
type: "uncaught_error",
});
return false;
};
// Handle unhandled promise rejections
window.onunhandledrejection = (event) => {
captureError(
event.reason instanceof Error
? event.reason
: new Error(String(event.reason)),
{
type: "unhandled_rejection",
promise: event.promise ? String(event.promise) : undefined,
}
);
};
}
// Add breadcrumb for page navigation
export function trackPageNavigation(path: string) {
addBreadcrumb(`Navigated to ${path}`, { path });
}
// Add breadcrumb for user actions
export function trackUserAction(action: string, details?: Record<string, unknown>) {
addBreadcrumb(`User action: ${action}`, { action, ...details });
}
// Performance monitoring
export function measurePerformance(name: string, callback: () => void | Promise<void>) {
const start = performance.now();
const measure = async () => {
await callback();
const duration = performance.now() - start;
addBreadcrumb(`Performance: ${name}`, {
name,
duration: `${duration.toFixed(2)}ms`,
});
};
return measure();
}
// API call tracking
export async function trackApiCall<T>(
endpoint: string,
method: string,
fn: () => Promise<T>
): Promise<T> {
addBreadcrumb(`API call: ${method} ${endpoint}`, { endpoint, method });
try {
const result = await fn();
addBreadcrumb(`API success: ${method} ${endpoint}`, { endpoint, method, success: true });
return result;
} catch (error) {
captureError(error as Error, { endpoint, method });
addBreadcrumb(`API error: ${method} ${endpoint}`, { endpoint, method, success: false });
throw error;
}
}
// Debug logging for development
export const debugLog = {
info: (message: string, data?: unknown) => {
if (process.env.NODE_ENV === "development") {
console.info(`[DEBUG] ${message}`, data);
}
},
warn: (message: string, data?: unknown) => {
if (process.env.NODE_ENV === "development") {
console.warn(`[DEBUG] ${message}`, data);
}
},
error: (message: string, data?: unknown) => {
if (process.env.NODE_ENV === "development") {
console.error(`[DEBUG] ${message}`, data);
}
},
};
+141
View File
@@ -0,0 +1,141 @@
// PWA Registration and Service Worker management
export function registerServiceWorker() {
if (typeof window === 'undefined' || !('serviceWorker' in navigator)) {
return;
}
window.addEventListener('load', async () => {
try {
const registration = await navigator.serviceWorker.register('/sw.js', {
scope: '/',
});
// Handle updates
registration.addEventListener('updatefound', () => {
const newWorker = registration.installing;
if (newWorker) {
newWorker.addEventListener('statechange', () => {
if (newWorker.state === 'installed' && navigator.serviceWorker.controller) {
// New content available, prompt user to refresh
showUpdatePrompt();
}
});
}
});
console.log('Service Worker registered:', registration.scope);
} catch (error) {
console.error('Service Worker registration failed:', error);
}
});
}
function showUpdatePrompt() {
// Dispatch custom event for UI to handle update prompt
const event = new CustomEvent('sw-update-available');
window.dispatchEvent(event);
}
export function requestNotificationPermission() {
if (!('Notification' in window) || !('serviceWorker' in navigator)) {
return Promise.resolve(false);
}
return Notification.requestPermission();
}
export async function subscribeToPush(registration: ServiceWorkerRegistration) {
if (!('PushManager' in window)) {
return null;
}
try {
const subscription = await registration.pushManager.subscribe({
userVisibleOnly: true,
applicationServerKey: urlBase64ToUint8Array(
process.env.NEXT_PUBLIC_VAPID_PUBLIC_KEY || ''
),
});
console.log('Push subscription:', subscription);
return subscription;
} catch (error) {
console.error('Push subscription failed:', error);
return null;
}
}
function urlBase64ToUint8Array(base64String: string): Uint8Array {
const padding = '='.repeat((4 - (base64String.length % 4)) % 4);
const base64 = (base64String + padding).replace(/-/g, '+').replace(/_/g, '/');
const rawData = window.atob(base64);
const outputArray = new Uint8Array(rawData.length);
for (let i = 0; i < rawData.length; ++i) {
outputArray[i] = rawData.charCodeAt(i);
}
return outputArray;
}
// Check if app is installed (PWA)
export function isPWAInstalled(): boolean {
return (
window.matchMedia('(display-mode: standalone)').matches ||
(window.navigator as { standalone?: boolean }).standalone === true
);
}
// Get install prompt
export function getInstallPrompt(): { prompt: () => void; outcome: Promise<'accepted' | 'dismissed' | 'canceled'> } | null {
if (!('beforeinstallprompt' in window)) {
return null;
}
let deferredPrompt: beforeinstallpromptEvent | null = null;
window.addEventListener('beforeinstallprompt', (event) => {
event.preventDefault();
deferredPrompt = event;
});
return {
prompt: () => {
if (deferredPrompt) {
deferredPrompt.prompt();
}
},
outcome: new Promise((resolve) => {
if (deferredPrompt) {
deferredPrompt.userChoice.then((choiceResult) => {
deferredPrompt = null;
resolve(choiceResult.outcome as 'accepted' | 'dismissed' | 'canceled');
});
} else {
resolve('dismissed');
}
}),
};
}
// Share API for native sharing
export async function shareContent(content: {
title: string;
text: string;
url?: string;
}): Promise<boolean> {
if (!navigator.share) {
return false;
}
try {
await navigator.share(content);
return true;
} catch (error) {
if ((error as Error).name !== 'AbortError') {
console.error('Share failed:', error);
}
return false;
}
}
+199
View File
@@ -0,0 +1,199 @@
// Rate limiting configuration using Upstash Redis
import { Ratelimit } from "@upstash/ratelimit";
import { Redis } from "@upstash/redis";
// Only enable in production or when Redis is configured
const redisUrl = process.env.UPSTASH_REDIS_REST_URL;
const redisToken = process.env.UPSTASH_REDIS_REST_TOKEN;
export const rateLimitEnabled = Boolean(redisUrl && redisToken);
// Create rate limiters for different tiers
const createRateLimiter = (
requests: number,
window: string,
prefix: string
): Ratelimit | null => {
if (!rateLimitEnabled) return null;
const redis = new Redis({
url: redisUrl!,
token: redisToken!,
});
return new Ratelimit({
redis,
limiter: Ratelimit.slidingWindow(requests, window),
analytics: true,
prefix,
// Custom callback for when rate limit is exceeded
handler: async (remaining, reset, next) => {
if (remaining === 0) {
throw new Error(`Rate limit exceeded. Try again in ${Math.ceil((reset - Date.now()) / 1000)} seconds.`);
}
return next();
},
});
};
// API rate limits
export const apiLimiter = createRateLimiter(100, "1 m", "api:global");
export const authLimiter = createRateLimiter(10, "1 m", "api:auth");
export const checkoutLimiter = createRateLimiter(20, "1 m", "api:checkout");
export const emailLimiter = createRateLimiter(50, "1 h", "api:email");
export const bulkOpsLimiter = createRateLimiter(10, "1 m", "api:bulk");
// User-specific rate limits
export const createUserLimiter = (identifier: string, limit: number, window: string) => {
if (!rateLimitEnabled) return null;
const redis = new Redis({
url: redisUrl!,
token: redisToken!,
});
return new Ratelimit({
redis,
limiter: Ratelimit.slidingWindow(limit, window),
analytics: true,
prefix: `user:${identifier}`,
});
};
// Brand-specific rate limits (for multi-tenant enforcement)
export const createBrandLimiter = (brandId: string, limit: number, window: string) => {
if (!rateLimitEnabled) return null;
const redis = new Redis({
url: redisUrl!,
token: redisToken!,
});
return new Ratelimit({
redis,
limiter: Ratelimit.slidingWindow(limit, window),
analytics: true,
prefix: `brand:${brandId}`,
});
};
// Rate limit middleware helper
export async function checkRateLimit(
limiter: Ratelimit | null,
identifier: string
): Promise<{ success: boolean; remaining: number; reset: number }> {
if (!limiter) {
return { success: true, remaining: Infinity, reset: Date.now() };
}
const result = await limiter.limit(identifier);
return {
success: result.success,
remaining: result.remaining,
reset: result.reset,
};
}
// Response headers helper
export function rateLimitHeaders(result: { remaining: number; reset: number }) {
return {
"X-RateLimit-Remaining": String(result.remaining),
"X-RateLimit-Reset": String(Math.ceil(result.reset / 1000)),
};
}
// CORS headers for API routes
export function corsHeaders() {
return {
"Access-Control-Allow-Origin": process.env.ALLOWED_ORIGIN || "*",
"Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS",
"Access-Control-Allow-Headers": "Content-Type, Authorization, X-API-Key",
"Access-Control-Max-Age": "86400",
};
}
// Security headers
export function securityHeaders() {
return {
"X-Content-Type-Options": "nosniff",
"X-Frame-Options": "DENY",
"X-XSS-Protection": "1; mode=block",
"Referrer-Policy": "strict-origin-when-cross-origin",
"Permissions-Policy": "camera=(), microphone=(), geolocation=()",
"Strict-Transport-Security": "max-age=31536000; includeSubDomains",
};
}
// Combined API response helper
export function apiResponse<T>(
data: T,
status: number = 200,
meta?: Record<string, unknown>
) {
return Response.json(
{ success: true, data, meta },
{ status, headers: securityHeaders() }
);
}
// Error response helper
export function apiError(message: string, status: number = 400, details?: unknown) {
return Response.json(
{ success: false, error: message, details },
{ status, headers: securityHeaders() }
);
}
// Validation error helper
export function validationError(errors: z.ZodError) {
return Response.json(
{
success: false,
error: "Validation failed",
details: errors.errors.map((e) => ({
path: e.path.join("."),
message: e.message,
})),
},
{ status: 400, headers: securityHeaders() }
);
}
// Rate limit exceeded response
export function rateLimitExceeded(retryAfter: number) {
return Response.json(
{ success: false, error: "Rate limit exceeded" },
{
status: 429,
headers: {
...securityHeaders(),
"Retry-After": String(retryAfter),
"X-RateLimit-Remaining": "0",
},
}
);
}
// Not authorized response
export function unauthorized(message: string = "Not authorized") {
return Response.json(
{ success: false, error: message },
{ status: 401, headers: securityHeaders() }
);
}
// Forbidden response
export function forbidden(message: string = "Access denied") {
return Response.json(
{ success: false, error: message },
{ status: 403, headers: securityHeaders() }
);
}
// Not found response
export function notFound(resource: string = "Resource") {
return Response.json(
{ success: false, error: `${resource} not found` },
{ status: 404, headers: securityHeaders() }
);
}
+75
View File
@@ -0,0 +1,75 @@
// Sentry configuration for production error monitoring
import * as Sentry from "@sentry/nextjs";
Sentry.init({
dsn: process.env.SENTRY_DSN,
// Performance monitoring
tracesSampleRate: process.env.NODE_ENV === "production" ? 0.1 : 1.0,
// Environment
environment: process.env.NODE_ENV,
// Release tracking
release: process.env.GIT_SHA || process.env.VERCEL_GIT_COMMIT_SHA,
// Error sampling - capture more errors in production
sampleRate: 1.0,
// Replay sessions for debugging
replaysSessionSampleRate: process.env.NODE_ENV === "production" ? 0.05 : 0,
replaysOnErrorSampleRate: 0.5,
// Ignore common non-actionable errors
ignoreErrors: [
"ResizeObserver loop",
"Non-Error promise rejection captured",
"The operation was aborted",
],
// Tags for filtering in Sentry dashboard
initialScope: {
tags: {
source: "route-commerce",
},
},
// BeforeSend hook for data sanitization
beforeSend(event) {
// Remove any PII or sensitive data before sending
if (event.user) {
delete event.user.ip;
delete event.user.email;
}
return event;
},
});
// Export for manual error capture
export const captureError = (error: Error, context?: Record<string, unknown>) => {
Sentry.captureException(error, {
extra: context,
});
};
// Export for manual breadcrumb logging
export const addBreadcrumb = (message: string, data?: Record<string, unknown>) => {
Sentry.addBreadcrumb({
message,
data,
timestamp: Date.now() / 1000,
});
};
// Export for user tracking during errors
export const setUserContext = (userId: string, brandId?: string) => {
Sentry.setUser({
id: userId,
tags: { brand_id: brandId || "unknown" },
});
};
// Export for transaction tracing
export const startTransaction = (name: string, op: string = "custom") => {
return Sentry.startTransaction({ name, op });
};
+218
View File
@@ -0,0 +1,218 @@
// SEO and Metadata Utilities
import { Metadata } from "next";
// Base URL for the application
const BASE_URL = process.env.NEXT_PUBLIC_SITE_URL || "https://routecommerce.com";
// Default SEO configuration
export const defaultSEO: Metadata = {
metadataBase: new URL(BASE_URL),
title: {
default: "Route Commerce | Fresh Produce Wholesale Platform",
template: "%s | Route Commerce",
},
description: "Multi-tenant B2B e-commerce platform for fresh produce wholesale distribution. Brands sell to customers who pick up at scheduled stops or receive shipments.",
keywords: [
"wholesale produce",
"farm fresh",
"B2B e-commerce",
"produce distribution",
"pickup stops",
"fresh produce",
"farm management",
"order management",
"customer portal",
"wholesale ordering",
],
authors: [{ name: "Route Commerce" }],
creator: "Route Commerce",
publisher: "Route Commerce",
robots: {
index: true,
follow: true,
googleBot: {
index: true,
follow: true,
"max-video-preview": -1,
"max-image-preview": "large",
"max-snippet": -1,
},
},
openGraph: {
type: "website",
locale: "en_US",
url: BASE_URL,
siteName: "Route Commerce",
title: "Route Commerce | Fresh Produce Wholesale Platform",
description: "Multi-tenant B2B e-commerce platform for fresh produce wholesale distribution.",
images: [
{
url: "/og-image.png",
width: 1200,
height: 630,
alt: "Route Commerce Platform",
},
],
},
twitter: {
card: "summary_large_image",
title: "Route Commerce | Fresh Produce Wholesale Platform",
description: "Multi-tenant B2B e-commerce platform for fresh produce wholesale distribution.",
site: "@RouteCommerce",
creator: "@RouteCommerce",
images: ["/og-image.png"],
},
icons: {
icon: [
{ url: "/favicon.svg", type: "image/svg+xml" },
],
apple: "/icons/apple-touch-icon.png",
other: [
{
rel: "manifest",
url: "/manifest.json",
},
],
},
alternates: {
canonical: BASE_URL,
languages: {
"en-US": BASE_URL,
},
},
};
// Brand-specific metadata
export function getBrandMetadata(brand: {
name: string;
slug: string;
description?: string;
logo_url?: string;
}) {
return {
title: `${brand.name} | Fresh Produce`,
description: brand.description || `Order fresh produce from ${brand.name}. Pick up at scheduled stops or get deliveries.`,
openGraph: {
title: `${brand.name} | Fresh Produce`,
description: brand.description || `Order fresh produce from ${brand.name}`,
url: `${BASE_URL}/${brand.slug}`,
siteName: brand.name,
images: brand.logo_url ? [{ url: brand.logo_url }] : [],
},
};
}
// Product metadata
export function getProductMetadata(product: {
name: string;
description?: string;
price?: number;
image_url?: string;
}) {
return {
title: `${product.name} | Route Commerce`,
description: product.description || `Order ${product.name} from Route Commerce`,
openGraph: {
title: product.name,
description: product.description,
images: product.image_url ? [{ url: product.image_url }] : [],
},
};
}
// Admin page metadata
export function getAdminMetadata(pageTitle: string) {
return {
title: `${pageTitle} | Admin | Route Commerce`,
robots: {
index: false,
follow: false,
},
};
}
// Structured data (JSON-LD)
export function getOrganizationSchema() {
return {
"@context": "https://schema.org",
"@type": "Organization",
name: "Route Commerce",
url: BASE_URL,
logo: `${BASE_URL}/logo.svg`,
sameAs: [
"https://twitter.com/RouteCommerce",
"https://linkedin.com/company/route-commerce",
],
contactPoint: {
"@type": "ContactPoint",
contactType: "customer service",
email: "support@routecommerce.com",
},
};
}
export function getProductSchema(product: {
name: string;
description: string;
price: number;
currency?: string;
availability?: string;
image?: string;
brand?: string;
}) {
return {
"@context": "https://schema.org",
"@type": "Product",
name: product.name,
description: product.description,
image: product.image,
brand: {
"@type": "Brand",
name: product.brand || "Route Commerce",
},
offers: {
"@type": "Offer",
price: product.price,
priceCurrency: product.currency || "USD",
availability: product.availability || "https://schema.org/InStock",
},
};
}
export function getLocalBusinessSchema(business: {
name: string;
address: string;
city: string;
state: string;
postalCode: string;
phone?: string;
email?: string;
openingHours?: string[];
}) {
return {
"@context": "https://schema.org",
"@type": "LocalBusiness",
name: business.name,
address: {
"@type": "PostalAddress",
streetAddress: business.address,
addressLocality: business.city,
addressRegion: business.state,
postalCode: business.postalCode,
},
telephone: business.phone,
email: business.email,
openingHours: business.openingHours,
};
}
// Generate sitemap data
export function generateSitemap(pages: { url: string; lastModified?: Date; changeFrequency?: string; priority?: number }[]) {
return pages.map((page) => ({
url: `${BASE_URL}${page.url}`,
lastModified: page.lastModified || new Date(),
changeFrequency: page.changeFrequency || "weekly",
priority: page.priority || 0.5,
}));
}
+673
View File
@@ -0,0 +1,673 @@
// Enhanced Stripe Billing - Full Subscription Management
// Supports plans, add-ons, upgrades, cancellations, and customer portal
import Stripe from "stripe";
import { v4 as uuidv4 } from "uuid";
// Initialize Stripe
const stripe = new Stripe(process.env.STRIPE_SECRET_KEY!, {
apiVersion: "2025-04-30.basil",
});
// Plan tier configurations
export const PLANS = {
starter: {
id: "starter",
name: "Starter",
description: "Perfect for small farms getting started",
monthlyPrice: 4900, // $49.00 in cents
annualPrice: 44100, // $441.00 (15% discount)
features: [
"Up to 25 products",
"10 stops/month",
"1 user",
"Basic pickup management",
"Email support",
],
limits: {
max_users: 1,
max_stops_monthly: 10,
max_products: 25,
},
},
farm: {
id: "farm",
name: "Farm",
description: "For growing farms with more needs",
monthlyPrice: 14900, // $149.00
annualPrice: 152280, // $1,522.80 (10% discount)
features: [
"Unlimited products",
"Unlimited stops",
"5 users",
"Wholesale Portal",
"Harvest Reach",
"Priority support",
],
limits: {
max_users: 5,
max_stops_monthly: -1, // unlimited
max_products: -1,
},
},
enterprise: {
id: "enterprise",
name: "Enterprise",
description: "Custom solution for larger operations",
monthlyPrice: 39900, // $399.00
annualPrice: 0, // Custom pricing
features: [
"Everything in Farm",
"AI Intelligence Pack",
"SMS Campaigns",
"Square Sync",
"Water Log",
"Unlimited users",
"Unlimited brands",
"Custom development",
"Dedicated SLA",
],
limits: {
max_users: -1,
max_stops_monthly: -1,
max_products: -1,
},
},
} as const;
// Add-ons configuration
export const ADDONS = {
wholesale_portal: {
id: "wholesale_portal",
name: "Wholesale Portal",
description: "Full wholesale customer portal with ordering",
monthlyPrice: 9900, // $99.00
},
harvest_reach: {
id: "harvest_reach",
name: "Harvest Reach",
description: "Email and SMS marketing campaigns",
monthlyPrice: 7900, // $79.00
},
ai_tools: {
id: "ai_tools",
name: "AI Intelligence Pack",
description: "AI-powered insights and automation",
monthlyPrice: 5900, // $59.00
},
water_log: {
id: "water_log",
name: "Water Log",
description: "Track irrigation and water usage",
monthlyPrice: 3900, // $39.00
},
square_sync: {
id: "square_sync",
name: "Square Sync",
description: "Sync inventory with Square POS",
monthlyPrice: 3900, // $39.00
},
sms_campaigns: {
id: "sms_campaigns",
name: "SMS Campaigns",
description: "SMS marketing via Twilio",
monthlyPrice: 2900, // $29.00
},
} as const;
// Stripe Price IDs (configurable via environment)
const PRICE_IDS = {
starter_monthly: process.env.STRIPE_PRICE_STARTER_MONTHLY || "price_starter_monthly",
starter_annual: process.env.STRIPE_PRICE_STARTER_ANNUAL || "price_starter_annual",
farm_monthly: process.env.STRIPE_PRICE_FARM_MONTHLY || "price_farm_monthly",
farm_annual: process.env.STRIPE_PRICE_FARM_ANNUAL || "price_farm_annual",
enterprise_monthly: process.env.STRIPE_PRICE_ENTERPRISE_MONTHLY || "price_enterprise_monthly",
wholesale_portal: process.env.STRIPE_PRICE_WHOLESALE_PORTAL || "price_wholesale_portal",
harvest_reach: process.env.STRIPE_PRICE_HARVEST_REACH || "price_harvest_reach",
ai_tools: process.env.STRIPE_PRICE_AI_TOOLS || "price_ai_tools",
water_log: process.env.STRIPE_PRICE_WATER_LOG || "price_water_log",
square_sync: process.env.STRIPE_PRICE_SQUARE_SYNC || "price_square_sync",
sms_campaigns: process.env.STRIPE_PRICE_SMS_CAMPAIGNS || "price_sms_campaigns",
};
// ============================================
// SUBSCRIPTION MANAGEMENT
// ============================================
export interface CreateSubscriptionOptions {
brandId: string;
brandName: string;
email: string;
plan: keyof typeof PLANS;
interval: "monthly" | "annual";
successUrl: string;
cancelUrl: string;
metadata?: Record<string, string>;
}
export async function createSubscription(options: CreateSubscriptionOptions) {
const { brandId, brandName, email, plan, interval, successUrl, cancelUrl, metadata } = options;
// Get or create Stripe customer
let customerId = await getOrCreateCustomer(brandId, brandName, email);
// Get price ID for selected plan
const priceId = interval === "annual"
? PRICE_IDS[`${plan}_annual` as keyof typeof PRICE_IDS]
: PRICE_IDS[`${plan}_monthly` as keyof typeof PRICE_IDS];
// Create checkout session
const session = await stripe.checkout.sessions.create({
customer: customerId,
mode: "subscription",
payment_method_types: ["card"],
line_items: [
{
price: priceId,
quantity: 1,
},
],
success_url: successUrl,
cancel_url: cancelUrl,
subscription_data: {
metadata: {
brand_id: brandId,
brand_name: brandName,
plan_tier: plan,
interval,
},
trial_period_days: 14, // 14-day trial for new subscriptions
},
metadata: {
brand_id: brandId,
...metadata,
},
allow_promotion_codes: true,
billing_address_collection: "required",
});
return session;
}
export async function createAddonSubscription(options: {
customerId: string;
addon: keyof typeof ADDONS;
brandId: string;
successUrl: string;
cancelUrl: string;
}) {
const { customerId, addon, brandId, successUrl, cancelUrl } = options;
const priceId = PRICE_IDS[addon as keyof typeof PRICE_IDS];
const session = await stripe.checkout.sessions.create({
customer: customerId,
mode: "subscription",
payment_method_types: ["card"],
line_items: [
{
price: priceId,
quantity: 1,
},
],
success_url: successUrl,
cancel_url: cancelUrl,
subscription_data: {
metadata: {
brand_id: brandId,
addon_key: addon,
addon_name: ADDONS[addon].name,
},
},
metadata: {
brand_id: brandId,
addon_key: addon,
type: "addon",
},
});
return session;
}
// ============================================
// CUSTOMER PORTAL
// ============================================
export async function createCustomerPortalSession(options: {
customerId: string;
returnUrl: string;
}) {
const { customerId, returnUrl } = options;
const session = await stripe.billingPortal.sessions.create({
customer: customerId,
return_url: returnUrl,
});
return session;
}
// ============================================
// SUBSCRIPTION UPDATES
// ============================================
export async function cancelSubscription(subscriptionId: string, immediate: boolean = false) {
if (immediate) {
return await stripe.subscriptions.cancel(subscriptionId);
}
return await stripe.subscriptions.update(subscriptionId, {
cancel_at_period_end: true,
});
}
export async function reactivateSubscription(subscriptionId: string) {
return await stripe.subscriptions.update(subscriptionId, {
cancel_at_period_end: false,
});
}
export async function changePlan(subscriptionId: string, newPlan: keyof typeof PLANS, interval: "monthly" | "annual") {
const subscription = await stripe.subscriptions.retrieve(subscriptionId);
// Get new price ID
const priceId = interval === "annual"
? PRICE_IDS[`${newPlan}_annual` as keyof typeof PRICE_IDS]
: PRICE_IDS[`${newPlan}_monthly` as keyof typeof PRICE_IDS];
// Prorate the change
return await stripe.subscriptions.update(subscriptionId, {
items: [
{
id: subscription.items.data[0].id,
price: priceId,
},
],
proration_behavior: "create_prorations",
});
}
// ============================================
// CUSTOMER MANAGEMENT
// ============================================
export async function getOrCreateCustomer(brandId: string, name: string, email: string) {
// Check if customer exists for this brand
const existingCustomers = await stripe.customers.list({
email,
limit: 1,
});
if (existingCustomers.data.length > 0) {
return existingCustomers.data[0].id;
}
// Create new customer
const customer = await stripe.customers.create({
email,
name,
metadata: {
brand_id: brandId,
},
});
return customer.id;
}
export async function getCustomer(customerId: string) {
return await stripe.customers.retrieve(customerId);
}
export async function updateCustomer(customerId: string, data: Partial<Stripe.CustomerUpdateParams>) {
return await stripe.customers.update(customerId, data);
}
// ============================================
// PAYMENT METHODS
// ============================================
export async function listPaymentMethods(customerId: string) {
return await stripe.paymentMethods.list({
customer: customerId,
type: "card",
});
}
export async function attachPaymentMethod(paymentMethodId: string, customerId: string) {
return await stripe.paymentMethods.attach(paymentMethodId, {
customer: customerId,
});
}
export async function setDefaultPaymentMethod(customerId: string, paymentMethodId: string) {
return await stripe.customers.update(customerId, {
invoice_settings: {
default_payment_method: paymentMethodId,
},
});
}
// ============================================
// INVOICES
// ============================================
export async function listInvoices(customerId: string, limit: number = 24) {
return await stripe.invoices.list({
customer: customerId,
limit,
});
}
export async function getInvoice(invoiceId: string) {
return await stripe.invoices.retrieve(invoiceId);
}
export async function getUpcomingInvoice(customerId: string) {
return await stripe.invoices.retrieveUpcoming({
customer: customerId,
});
}
// ============================================
// PAYMENTS & REFUNDS
// ============================================
export async function createPaymentIntent(options: {
amount: number;
currency?: string;
customerId?: string;
metadata?: Record<string, string>;
}) {
return await stripe.paymentIntents.create({
amount: options.amount,
currency: options.currency || "usd",
customer: options.customerId,
metadata: options.metadata,
automatic_payment_methods: {
enabled: true,
},
});
}
export async function createRefund(paymentIntentId: string, amount?: number, reason?: string) {
return await stripe.refunds.create({
payment_intent: paymentIntentId,
amount,
reason: reason as Stripe.RefundCreateParams.Reason || "requested_by_customer",
});
}
// ============================================
// WEBHOOK PROCESSING
// ============================================
export async function processWebhook(payload: Buffer, signature: string) {
const webhookSecret = process.env.STRIPE_WEBHOOK_SECRET!;
try {
const event = stripe.webhooks.constructEvent(payload, signature, webhookSecret);
switch (event.type) {
case "checkout.session.completed":
await handleCheckoutCompleted(event.data.object);
break;
case "customer.subscription.created":
await handleSubscriptionCreated(event.data.object);
break;
case "customer.subscription.updated":
await handleSubscriptionUpdated(event.data.object);
break;
case "customer.subscription.deleted":
await handleSubscriptionDeleted(event.data.object);
break;
case "invoice.payment_succeeded":
await handleInvoicePaymentSucceeded(event.data.object);
break;
case "invoice.payment_failed":
await handleInvoicePaymentFailed(event.data.object);
break;
case "customer.updated":
await handleCustomerUpdated(event.data.object);
break;
}
return { received: true };
} catch (error) {
console.error("Webhook processing error:", error);
throw error;
}
}
// Webhook handlers
async function handleCheckoutCompleted(session: Stripe.Checkout.Session) {
const { brand_id, type } = session.metadata || {};
if (type === "addon") {
// Handle addon checkout
const subscription = await stripe.subscriptions.retrieve(session.subscription as string);
await enableAddonFeature(brand_id, subscription.metadata.addon_key);
} else {
// Handle plan checkout
const subscription = await stripe.subscriptions.retrieve(session.subscription as string);
await updateBrandSubscription(
brand_id,
subscription.id,
subscription.status,
subscription.metadata.plan_tier,
subscription.current_period_end
);
}
}
async function handleSubscriptionCreated(subscription: Stripe.Subscription) {
const { brand_id, plan_tier } = subscription.metadata;
await updateBrandSubscription(
brand_id,
subscription.id,
subscription.status,
plan_tier,
subscription.current_period_end
);
}
async function handleSubscriptionUpdated(subscription: Stripe.Subscription) {
const { brand_id, plan_tier, addon_key } = subscription.metadata;
if (addon_key) {
// Add-on subscription
if (subscription.status === "active") {
await enableAddonFeature(brand_id, addon_key);
} else {
await disableAddonFeature(brand_id, addon_key);
}
} else {
// Plan subscription
await updateBrandSubscription(
brand_id,
subscription.id,
subscription.status,
plan_tier,
subscription.current_period_end
);
}
}
async function handleSubscriptionDeleted(subscription: Stripe.Subscription) {
const { brand_id, plan_tier } = subscription.metadata;
// Downgrade to free tier or cancel
await updateBrandSubscription(
brand_id,
null,
"cancelled",
null,
null
);
}
async function handleInvoicePaymentSucceeded(invoice: Stripe.Invoice) {
// Log successful payment
console.log(`Payment succeeded for customer: ${invoice.customer}`);
}
async function handleInvoicePaymentFailed(invoice: Stripe.Invoice) {
// Notify brand about failed payment
console.log(`Payment failed for customer: ${invoice.customer}`);
// You could trigger an email notification here
// await sendPaymentFailedNotification(invoice.customer as string);
}
async function handleCustomerUpdated(customer: Stripe.Customer) {
// Sync customer data with our database
console.log(`Customer updated: ${customer.id}`);
}
// ============================================
// DATABASE HELPERS
// ============================================
async function updateBrandSubscription(
brandId: string | undefined,
subscriptionId: string | null,
status: string,
planTier: string | undefined,
periodEnd: number | null
) {
if (!brandId) return;
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
const serviceKey = process.env.SUPABASE_SERVICE_ROLE_KEY!;
try {
await fetch(
`${supabaseUrl}/rest/v1/rpc/set_brand_subscription`,
{
method: "POST",
headers: {
apikey: serviceKey,
"Content-Type": "application/json",
},
body: JSON.stringify({
p_brand_id: brandId,
p_subscription_id: subscriptionId,
p_subscription_status: status,
p_plan_tier: planTier,
p_current_period_end: periodEnd ? new Date(periodEnd * 1000).toISOString() : null,
}),
}
);
} catch (error) {
console.error("Failed to update brand subscription:", error);
}
}
async function enableAddonFeature(brandId: string | undefined, addonKey: string | undefined) {
if (!brandId || !addonKey) return;
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
const serviceKey = process.env.SUPABASE_SERVICE_ROLE_KEY!;
try {
await fetch(
`${supabaseUrl}/rest/v1/rpc/set_brand_feature`,
{
method: "POST",
headers: {
apikey: serviceKey,
"Content-Type": "application/json",
},
body: JSON.stringify({
p_brand_id: brandId,
p_feature_key: addonKey,
p_enabled: true,
}),
}
);
} catch (error) {
console.error("Failed to enable addon feature:", error);
}
}
async function disableAddonFeature(brandId: string | undefined, addonKey: string | undefined) {
if (!brandId || !addonKey) return;
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
const serviceKey = process.env.SUPABASE_SERVICE_ROLE_KEY!;
try {
await fetch(
`${supabaseUrl}/rest/v1/rpc/set_brand_feature`,
{
method: "POST",
headers: {
apikey: serviceKey,
"Content-Type": "application/json",
},
body: JSON.stringify({
p_brand_id: brandId,
p_feature_key: addonKey,
p_enabled: false,
}),
}
);
} catch (error) {
console.error("Failed to disable addon feature:", error);
}
}
// ============================================
// USAGE BILLING
// ============================================
export async function createUsageRecord(options: {
subscriptionItemId: string;
quantity: number;
timestamp?: number;
idempotencyKey?: string;
}) {
return await stripe.subscriptionItems.createUsageRecord(
options.subscriptionItemId,
{
quantity: options.quantity,
timestamp: options.timestamp,
},
{
idempotencyKey: options.idempotencyKey || uuidv4(),
}
);
}
export async function getUsageSummary(subscriptionItemId: string, period: { start: number; end: number }) {
return await stripe.usageRecordSummaries.list(
subscriptionItemId,
{
limit: 12,
}
);
}
// ============================================
// EXPORT STRIPE INSTANCE AND HELPERS
// ============================================
export { stripe };
export async function getSubscription(subscriptionId: string) {
return await stripe.subscriptions.retrieve(subscriptionId);
}
export async function listSubscriptions(customerId: string) {
return await stripe.subscriptions.list({
customer: customerId,
status: "all",
limit: 10,
});
}
+337
View File
@@ -0,0 +1,337 @@
// Zod schemas for API validation across the application
import { z } from "zod";
// Common validation patterns
const uuidSchema = z.string().uuid();
const emailSchema = z.string().email();
const phoneSchema = z.string().regex(/^\+?[\d\s-()]+$/, "Invalid phone number");
const urlSchema = z.string().url().optional();
// Pagination
export const paginationSchema = z.object({
page: z.coerce.number().int().positive().default(1),
limit: z.coerce.number().int().positive().max(100).default(20),
});
// Brand/Admin User
export const brandIdSchema = z.object({
brand_id: z.string().uuid().optional(),
});
// Orders
export const createOrderSchema = z.object({
brand_id: uuidSchema,
customer_email: emailSchema.optional(),
customer_name: z.string().min(1).max(255).optional(),
customer_phone: phoneSchema.optional(),
customer_address: z.string().optional(),
notes: z.string().max(1000).optional(),
items: z.array(z.object({
product_id: uuidSchema,
quantity: z.number().int().positive(),
price: z.number().positive(),
fulfillment: z.enum(["pickup", "ship"]).default("pickup"),
})).min(1),
fulfillment: z.enum(["pickup", "ship", "mixed"]).optional(),
stop_id: uuidSchema.optional(),
});
export const updateOrderSchema = z.object({
order_id: uuidSchema,
status: z.enum(["pending", "confirmed", "preparing", "ready", "completed", "cancelled"]).optional(),
notes: z.string().max(1000).optional(),
tracking_number: z.string().optional(),
payment_status: z.enum(["pending", "paid", "refunded", "failed"]).optional(),
});
export const orderFiltersSchema = z.object({
brand_id: uuidSchema.optional(),
status: z.enum(["pending", "confirmed", "preparing", "ready", "completed", "cancelled"]).optional(),
fulfillment: z.enum(["pickup", "ship", "mixed"]).optional(),
date_from: z.string().datetime().optional(),
date_to: z.string().datetime().optional(),
customer_email: emailSchema.optional(),
stop_id: uuidSchema.optional(),
});
// Products
export const createProductSchema = z.object({
brand_id: uuidSchema,
name: z.string().min(1).max(255),
description: z.string().max(2000).optional(),
price: z.number().positive(),
unit: z.string().min(1).max(50).optional(),
category: z.string().max(100).optional(),
sku: z.string().max(100).optional(),
is_active: z.boolean().default(true),
is_taxable: z.boolean().default(true),
inventory_quantity: z.number().int().nonnegative().optional(),
image_url: urlSchema.optional(),
});
export const updateProductSchema = z.object({
product_id: uuidSchema,
name: z.string().min(1).max(255).optional(),
description: z.string().max(2000).optional(),
price: z.number().positive().optional(),
unit: z.string().min(1).max(50).optional(),
category: z.string().max(100).optional(),
sku: z.string().max(100).optional(),
is_active: z.boolean().optional(),
is_taxable: z.boolean().optional(),
inventory_quantity: z.number().int().nonnegative().optional(),
image_url: urlSchema.optional(),
});
export const productFiltersSchema = z.object({
brand_id: uuidSchema.optional(),
category: z.string().optional(),
is_active: z.boolean().optional(),
search: z.string().optional(),
min_price: z.number().positive().optional(),
max_price: z.number().positive().optional(),
});
// Stops
export const createStopSchema = z.object({
brand_id: uuidSchema,
name: z.string().min(1).max(255),
address: z.string().min(1),
city: z.string().max(100).optional(),
state: z.string().max(50).optional(),
postal_code: z.string().max(20).optional(),
country: z.string().max(100).optional(),
scheduled_at: z.string().datetime(),
notes: z.string().max(1000).optional(),
product_ids: z.array(uuidSchema).optional(),
});
export const updateStopSchema = z.object({
stop_id: uuidSchema,
name: z.string().min(1).max(255).optional(),
address: z.string().min(1).optional(),
city: z.string().max(100).optional(),
state: z.string().max(50).optional(),
postal_code: z.string().max(20).optional(),
scheduled_at: z.string().datetime().optional(),
status: z.enum(["scheduled", "in_progress", "completed", "cancelled"]).optional(),
notes: z.string().max(1000).optional(),
product_ids: z.array(uuidSchema).optional(),
});
export const stopFiltersSchema = z.object({
brand_id: uuidSchema.optional(),
status: z.enum(["scheduled", "in_progress", "completed", "cancelled"]).optional(),
date_from: z.string().datetime().optional(),
date_to: z.string().datetime().optional(),
});
// Communication Campaigns
export const createCampaignSchema = z.object({
brand_id: uuidSchema,
name: z.string().min(1).max(255),
subject: z.string().min(1).max(500),
template_id: uuidSchema.optional(),
content: z.string().min(1),
type: z.enum(["email", "sms"]).default("email"),
segment_id: uuidSchema.optional(),
contact_ids: z.array(uuidSchema).optional(),
scheduled_at: z.string().datetime().optional(),
});
export const updateCampaignSchema = z.object({
campaign_id: uuidSchema,
name: z.string().min(1).max(255).optional(),
subject: z.string().min(1).max(500).optional(),
content: z.string().min(1).optional(),
status: z.enum(["draft", "scheduled", "sending", "sent", "cancelled"]).optional(),
scheduled_at: z.string().datetime().optional(),
});
// Communication Contacts
export const createContactSchema = z.object({
brand_id: uuidSchema,
email: emailSchema,
phone: phoneSchema.optional(),
first_name: z.string().max(100).optional(),
last_name: z.string().max(100).optional(),
company: z.string().max(255).optional(),
tags: z.array(z.string().max(50)).optional(),
email_opt_in: z.boolean().default(true),
sms_opt_in: z.boolean().default(false),
});
export const updateContactSchema = z.object({
contact_id: uuidSchema,
email: emailSchema.optional(),
phone: phoneSchema.optional(),
first_name: z.string().max(100).optional(),
last_name: z.string().max(100).optional(),
company: z.string().max(255).optional(),
tags: z.array(z.string().max(50)).optional(),
email_opt_in: z.boolean().optional(),
sms_opt_in: z.boolean().optional(),
notes: z.string().max(2000).optional(),
});
// Communication Templates
export const createTemplateSchema = z.object({
brand_id: uuidSchema,
name: z.string().min(1).max(255),
subject: z.string().min(1).max(500).optional(),
content: z.string().min(1),
type: z.enum(["email", "sms"]).default("email"),
category: z.string().max(100).optional(),
});
export const updateTemplateSchema = z.object({
template_id: uuidSchema,
name: z.string().min(1).max(255).optional(),
subject: z.string().min(1).max(500).optional(),
content: z.string().min(1).optional(),
category: z.string().max(100).optional(),
is_active: z.boolean().optional(),
});
// Water Log
export const createWaterLogSchema = z.object({
brand_id: uuidSchema,
field_id: uuidSchema.optional(),
field_name: z.string().max(255).optional(),
gallons: z.number().positive(),
duration_minutes: z.number().int().nonnegative().optional(),
notes: z.string().max(500).optional(),
logged_at: z.string().datetime().optional(),
});
export const updateWaterLogSchema = z.object({
log_id: uuidSchema,
gallons: z.number().positive().optional(),
duration_minutes: z.number().int().nonnegative().optional(),
notes: z.string().max(500).optional(),
});
export const waterLogFiltersSchema = z.object({
brand_id: uuidSchema.optional(),
field_id: uuidSchema.optional(),
date_from: z.string().datetime().optional(),
date_to: z.string().datetime().optional(),
});
// Wholesale
export const createWholesaleOrderSchema = z.object({
brand_id: uuidSchema,
customer_id: uuidSchema,
items: z.array(z.object({
product_id: uuidSchema,
quantity: z.number().int().positive(),
price: z.number().positive(),
})).min(1),
pickup_stop_id: uuidSchema.optional(),
notes: z.string().max(1000).optional(),
deposit_amount: z.number().nonnegative().optional(),
payment_method: z.enum(["stripe", "square", "invoice"]).default("invoice"),
});
export const updateWholesaleCustomerSchema = z.object({
customer_id: uuidSchema,
company_name: z.string().max(255).optional(),
contact_name: z.string().max(255).optional(),
email: emailSchema.optional(),
phone: phoneSchema.optional(),
credit_limit: z.number().nonnegative().optional(),
payment_terms: z.enum(["prepay", "net15", "net30", "net60"]).optional(),
is_active: z.boolean().optional(),
});
// Billing / Subscriptions
export const createSubscriptionSchema = z.object({
brand_id: uuidSchema,
plan_tier: z.enum(["starter", "farm", "enterprise"]),
interval: z.enum(["monthly", "annual"]).default("monthly"),
payment_method_id: z.string().optional(),
});
export const updateSubscriptionSchema = z.object({
subscription_id: z.string(),
plan_tier: z.enum(["starter", "farm", "enterprise"]).optional(),
interval: z.enum(["monthly", "annual"]).optional(),
status: z.enum(["active", "cancelled", "past_due", "trialing"]).optional(),
});
// Admin Users
export const createAdminUserSchema = z.object({
email: emailSchema,
role: z.enum(["platform_admin", "brand_admin", "store_employee"]),
brand_id: uuidSchema.optional(),
can_manage_products: z.boolean().default(false),
can_manage_stops: z.boolean().default(false),
can_manage_orders: z.boolean().default(false),
can_manage_pickup: z.boolean().default(false),
can_manage_messages: z.boolean().default(false),
can_manage_refunds: z.boolean().default(false),
can_manage_users: z.boolean().default(false),
can_manage_water_log: z.boolean().default(false),
can_manage_reports: z.boolean().default(false),
can_manage_settings: z.boolean().default(false),
});
export const updateAdminUserSchema = z.object({
user_id: uuidSchema,
role: z.enum(["platform_admin", "brand_admin", "store_employee"]).optional(),
can_manage_products: z.boolean().optional(),
can_manage_stops: z.boolean().optional(),
can_manage_orders: z.boolean().optional(),
can_manage_pickup: z.boolean().optional(),
can_manage_messages: z.boolean().optional(),
can_manage_refunds: z.boolean().optional(),
can_manage_users: z.boolean().optional(),
can_manage_water_log: z.boolean().optional(),
can_manage_reports: z.boolean().optional(),
can_manage_settings: z.boolean().optional(),
active: z.boolean().optional(),
});
// Reports
export const reportFiltersSchema = z.object({
brand_id: uuidSchema.optional(),
start_date: z.string().datetime(),
end_date: z.string().datetime(),
group_by: z.enum(["day", "week", "month"]).default("day"),
});
// Feature Flags
export const featureToggleSchema = z.object({
brand_id: uuidSchema,
feature_key: z.string().min(1),
enabled: z.boolean(),
});
// Referral
export const referralSchema = z.object({
referrer_id: uuidSchema,
referral_code: z.string().min(6).max(50),
referred_email: emailSchema,
campaign_id: z.string().optional(),
});
// Cart
export const cartItemSchema = z.object({
product_id: uuidSchema,
quantity: z.number().int().positive(),
fulfillment: z.enum(["pickup", "ship"]).default("pickup"),
stop_id: uuidSchema.optional(),
});
// Checkout
export const checkoutSchema = z.object({
items: z.array(cartItemSchema),
customer_email: emailSchema,
customer_name: z.string().min(1).max(255),
customer_phone: phoneSchema.optional(),
customer_address: z.string().optional(),
notes: z.string().max(1000).optional(),
payment_method: z.enum(["stripe", "square"]).default("stripe"),
promo_code: z.string().optional(),
});
+94
View File
@@ -0,0 +1,94 @@
// Clerk middleware for route protection
import { authMiddleware } from "@clerk/nextjs";
// Define public routes that don't require authentication
const publicRoutes = [
"/",
"/login",
"/login2",
"/register",
"/forgot-password",
"/reset-password",
"/pricing",
"/terms-and-conditions",
"/privacy-policy",
"/contact",
"/api/health",
"/api/webhooks/clerk",
// Brand storefronts are public
"/tuxedo",
"/tuxedo/*",
"/indian-river-direct",
"/indian-river-direct/*",
// Error pages
"/error",
"/not-found",
];
// Define routes that require specific roles
const roleProtectedRoutes = [
{ path: "/admin/*", roles: ["platform_admin", "brand_admin", "store_employee"] },
{ path: "/wholesale/portal/*", roles: ["wholesale_customer"] },
{ path: "/water/admin/*", roles: ["platform_admin", "brand_admin"] },
];
export default authMiddleware({
// Public routes - don't require auth
publicRoutes,
// Ignore auth for these paths (API routes with their own auth)
ignoredRoutes: [
"/api/*", // API routes handle their own auth
"/_next/*", // Next.js internals
"/favicon.ico",
"/robots.txt",
"/sitemap.xml",
],
// After auth middleware - check roles
afterAuth: (auth, req, evt) => {
const { userId, sessionId } = auth;
const path = req.nextUrl.pathname;
// Skip role check for public routes
if (publicRoutes.some(route => path.startsWith(route.replace("/*", "")))) {
return;
}
// Check if route is role-protected
for (const protectedRoute of roleProtectedRoutes) {
if (path.startsWith(protectedRoute.path.replace("/*", ""))) {
if (!userId) {
// Redirect to login if not authenticated
const signInUrl = new URL("/login", req.url);
signInUrl.searchParams.set("redirect_url", path);
return Response.redirect(signInUrl);
}
// For admin routes, check session and role
if (protectedRoute.path.startsWith("/admin")) {
// Admin routes require one of the allowed roles
// This is handled by the admin-permissions module in app layer
}
if (protectedRoute.path.startsWith("/wholesale/portal")) {
// Wholesale portal requires wholesale_customer role
// This is handled by wholesale-auth module in app layer
}
}
}
},
// Debug in development
debug: process.env.NODE_ENV === "development",
});
export const config = {
matcher: [
// Skip Next.js internals and all files in the _next directory
"/((?!_next|[^?]*\\.(?:html?|css|js(?!on)|jpe?g|webp|png|gif|svg|ttf|woff2?|ico|csv|docx?|xlsx?|zip|webmanifest)).*)",
// Always run for API routes
"/(api|trpc)(.*)",
],
};
+42 -25
View File
@@ -1,32 +1,49 @@
import { NextResponse } from "next/server";
import type { NextRequest } from "next/server";
// Clerk Middleware for Next.js App Router
// Must be exported as default from proxy.ts in src/ directory
// Simple route protection — admin pages redirect to login when no rc_auth_uid cookie.
// Dev bypass: dev_session cookie bypasses this check in development only.
export function proxy(request: NextRequest) {
const { pathname } = request.nextUrl;
import { clerkMiddleware } from "@clerk/nextjs/server";
// Skip non-admin routes
if (!pathname.startsWith("/admin")) {
return NextResponse.next();
}
// Define public routes that don't require authentication
const publicRoutes = [
"/",
"/login",
"/login2",
"/register",
"/forgot-password",
"/reset-password",
"/pricing",
"/terms-and-conditions",
"/privacy-policy",
"/contact",
"/api/health",
"/api/webhooks/clerk",
"/api/stripe/webhook",
// Brand storefronts are public
"/tuxedo",
"/tuxedo/*",
"/indian-river-direct",
"/indian-river-direct/*",
// Error pages
"/error",
"/not-found",
];
// Development bypass — dev_session cookie is set client-side by the login form
if (process.env.NODE_ENV === "development") {
const devSession = request.cookies.get("dev_session")?.value;
if (devSession) return NextResponse.next();
}
// Export the clerkMiddleware as the default export
export default clerkMiddleware({
// Public routes configuration
publicRoutes,
// Check rc_auth_uid (new) or rc_uid (legacy) cookie
const uid = request.cookies.get("rc_auth_uid")?.value ?? request.cookies.get("rc_uid")?.value;
if (uid) return NextResponse.next();
// Not authenticated — redirect to login
const loginUrl = new URL("/login", request.url);
loginUrl.searchParams.set("redirect", pathname);
return NextResponse.redirect(loginUrl);
}
// Debug mode in development
debug: process.env.NODE_ENV === "development",
});
export const config = {
matcher: ["/admin/:path*"],
matcher: [
// Skip Next.js internals and all files in the _next directory
"/((?!_next|[^?]*\\.(?:html?|css|js(?!on)|jpe?g|webp|png|gif|svg|ttf|woff2?|ico|csv|docx?|xlsx?|zip|webmanifest)).*)",
// Always run for API routes
"/(api|trpc)(.*)",
// Include Clerk's auto-proxy path for authentication
"/__clerk/(.*)",
],
};
@@ -0,0 +1,250 @@
-- Production Database Migrations
-- Add comprehensive RLS policies, audit tables, referral system, and seed data
BEGIN;
-- =============================================================================
-- REFERRAL SYSTEM
-- =============================================================================
-- Referral codes table
CREATE TABLE IF NOT EXISTS referral_codes (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
brand_id UUID REFERENCES brands(id) ON DELETE CASCADE,
referrer_user_id UUID NOT NULL,
referral_code VARCHAR(50) UNIQUE NOT NULL,
referrer_email VARCHAR(255) NOT NULL,
created_at TIMESTAMPTZ DEFAULT NOW(),
expires_at TIMESTAMPTZ DEFAULT (NOW() + INTERVAL '1 year'),
max_uses INTEGER DEFAULT 1,
current_uses INTEGER DEFAULT 0,
is_active BOOLEAN DEFAULT true,
reward_type VARCHAR(50) DEFAULT 'percentage',
reward_value DECIMAL(10,2) DEFAULT 20.00,
metadata JSONB DEFAULT '{}'::jsonb
);
-- Referral redemptions table
CREATE TABLE IF NOT EXISTS referral_redemptions (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
referral_code_id UUID REFERENCES referral_codes(id) ON DELETE CASCADE,
brand_id UUID REFERENCES brands(id) ON DELETE CASCADE,
referred_user_id UUID NOT NULL,
referred_email VARCHAR(255) NOT NULL,
redeemed_at TIMESTAMPTZ DEFAULT NOW(),
reward_type VARCHAR(50),
reward_value DECIMAL(10,2),
is_credit_applied BOOLEAN DEFAULT false,
signup_plan VARCHAR(50),
signup_value DECIMAL(10,2),
metadata JSONB DEFAULT '{}'::jsonb
);
-- =============================================================================
-- CHANGELOG SYSTEM
-- =============================================================================
CREATE TABLE IF NOT EXISTS changelogs (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
brand_id UUID REFERENCES brands(id) ON DELETE CASCADE,
version VARCHAR(50) NOT NULL,
title VARCHAR(255) NOT NULL,
description TEXT,
content JSONB NOT NULL DEFAULT '[]'::jsonb,
released_at TIMESTAMPTZ DEFAULT NOW(),
is_published BOOLEAN DEFAULT false,
feature_type VARCHAR(50) DEFAULT 'general',
metadata JSONB DEFAULT '{}'::jsonb,
UNIQUE(brand_id, version)
);
CREATE TABLE IF NOT EXISTS changelog_reads (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
user_id UUID NOT NULL,
changelog_id UUID REFERENCES changelogs(id) ON DELETE CASCADE,
read_at TIMESTAMPTZ DEFAULT NOW(),
dismissed BOOLEAN DEFAULT false,
UNIQUE(user_id, changelog_id)
);
-- =============================================================================
-- ONBOARDING PROGRESS
-- =============================================================================
CREATE TABLE IF NOT EXISTS onboarding_progress (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
brand_id UUID REFERENCES brands(id) ON DELETE CASCADE,
user_id UUID NOT NULL,
current_step VARCHAR(50) NOT NULL,
completed_steps JSONB DEFAULT '[]'::jsonb,
skipped_steps JSONB DEFAULT '[]'::jsonb,
data JSONB DEFAULT '{}'::jsonb,
started_at TIMESTAMPTZ DEFAULT NOW(),
completed_at TIMESTAMPTZ,
is_completed BOOLEAN DEFAULT false,
metadata JSONB DEFAULT '{}'::jsonb,
UNIQUE(brand_id, user_id)
);
-- =============================================================================
-- USER ACTIVITY / ANALYTICS
-- =============================================================================
CREATE TABLE IF NOT EXISTS user_activity_logs (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
user_id UUID NOT NULL,
brand_id UUID REFERENCES brands(id) ON DELETE SET NULL,
action VARCHAR(100) NOT NULL,
resource_type VARCHAR(50),
resource_id UUID,
ip_address INET,
user_agent TEXT,
metadata JSONB DEFAULT '{}'::jsonb,
created_at TIMESTAMPTZ DEFAULT NOW()
);
-- =============================================================================
-- API KEYS FOR EXTERNAL INTEGRATIONS
-- =============================================================================
CREATE TABLE IF NOT EXISTS api_keys (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
brand_id UUID REFERENCES brands(id) ON DELETE CASCADE,
name VARCHAR(255) NOT NULL,
key_hash VARCHAR(255) NOT NULL,
key_prefix VARCHAR(20),
permissions JSONB DEFAULT '["read"]'::jsonb,
rate_limit INTEGER DEFAULT 1000,
last_used_at TIMESTAMPTZ,
expires_at TIMESTAMPTZ,
is_active BOOLEAN DEFAULT true,
created_at TIMESTAMPTZ DEFAULT NOW(),
created_by UUID NOT NULL
);
-- =============================================================================
-- NOTIFICATION PREFERENCES
-- =============================================================================
CREATE TABLE IF NOT EXISTS notification_preferences (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
user_id UUID NOT NULL,
brand_id UUID REFERENCES brands(id) ON DELETE CASCADE,
email_orders BOOLEAN DEFAULT true,
email_marketing BOOLEAN DEFAULT false,
email_reports BOOLEAN DEFAULT true,
email_billing BOOLEAN DEFAULT true,
sms_orders BOOLEAN DEFAULT false,
sms_marketing BOOLEAN DEFAULT false,
push_orders BOOLEAN DEFAULT true,
push_marketing BOOLEAN DEFAULT false,
quiet_hours_start TIME,
quiet_hours_end TIME,
timezone VARCHAR(50) DEFAULT 'America/New_York',
metadata JSONB DEFAULT '{}'::jsonb,
updated_at TIMESTAMPTZ DEFAULT NOW(),
UNIQUE(user_id, brand_id)
);
-- =============================================================================
-- REFINED RLS POLICIES
-- =============================================================================
-- Enable RLS on new tables
ALTER TABLE referral_codes ENABLE ROW LEVEL SECURITY;
ALTER TABLE referral_redemptions ENABLE ROW LEVEL SECURITY;
ALTER TABLE changelogs ENABLE ROW LEVEL SECURITY;
ALTER TABLE changelog_reads ENABLE ROW LEVEL SECURITY;
ALTER TABLE onboarding_progress ENABLE ROW LEVEL SECURITY;
ALTER TABLE user_activity_logs ENABLE ROW LEVEL SECURITY;
ALTER TABLE api_keys ENABLE ROW LEVEL SECURITY;
ALTER TABLE notification_preferences ENABLE ROW LEVEL SECURITY;
-- Referral codes policies
CREATE POLICY "Users can view their own referral codes"
ON referral_codes FOR SELECT
USING (referrer_user_id = current_setting('app.current_user_id', true)::uuid);
CREATE POLICY "Platform admins can manage all referral codes"
ON referral_codes FOR ALL
USING (current_setting('app.current_user_role', true) = 'platform_admin');
CREATE POLICY "Brand admins can manage their brand's referral codes"
ON referral_codes FOR ALL
USING (brand_id = current_setting('app.current_brand_id', true)::uuid);
-- Changelogs policies - public read for all authenticated
CREATE POLICY "Authenticated users can view published changelogs"
ON changelogs FOR SELECT
USING (
is_published = true
AND (
current_setting('app.current_user_role', true) = 'platform_admin'
OR brand_id = current_setting('app.current_brand_id', true)::uuid
)
);
CREATE POLICY "Brand admins can manage their changelogs"
ON changelogs FOR ALL
USING (brand_id = current_setting('app.current_brand_id', true)::uuid);
-- Onboarding progress policies
CREATE POLICY "Users can view their own onboarding progress"
ON onboarding_progress FOR SELECT
USING (user_id = current_setting('app.current_user_id', true)::uuid);
CREATE POLICY "Users can update their own onboarding progress"
ON onboarding_progress FOR UPDATE
USING (user_id = current_setting('app.current_user_id', true)::uuid);
CREATE POLICY "Brand admins can view onboarding progress for their brand"
ON onboarding_progress FOR SELECT
USING (brand_id = current_setting('app.current_brand_id', true)::uuid);
-- User activity logs - admins only
CREATE POLICY "Brand admins can view activity logs for their brand"
ON user_activity_logs FOR SELECT
USING (
brand_id = current_setting('app.current_brand_id', true)::uuid
OR current_setting('app.current_user_role', true) = 'platform_admin'
);
-- API keys policies
CREATE POLICY "Brand admins can manage their API keys"
ON api_keys FOR ALL
USING (brand_id = current_setting('app.current_brand_id', true)::uuid);
CREATE POLICY "Anyone can read active API key prefix (for verification)"
ON api_keys FOR SELECT
USING (is_active = true);
-- Notification preferences policies
CREATE POLICY "Users can manage their own notification preferences"
ON notification_preferences FOR ALL
USING (user_id = current_setting('app.current_user_id', true)::uuid);
CREATE POLICY "Brand admins can view preferences for their brand users"
ON notification_preferences FOR SELECT
USING (brand_id = current_setting('app.current_brand_id', true)::uuid);
-- =============================================================================
-- COMPREHENSIVE INDEXES
-- =============================================================================
CREATE INDEX IF NOT EXISTS idx_referral_codes_brand ON referral_codes(brand_id);
CREATE INDEX IF NOT EXISTS idx_referral_codes_referrer ON referral_codes(referrer_user_id);
CREATE INDEX IF NOT EXISTS idx_referral_codes_code ON referral_codes(referral_code);
CREATE INDEX IF NOT EXISTS idx_referral_redemptions_referrer ON referral_redemptions(referral_code_id);
CREATE INDEX IF NOT EXISTS idx_referral_redemptions_referred ON referral_redemptions(referred_user_id);
CREATE INDEX IF NOT EXISTS idx_changelogs_brand ON changelogs(brand_id);
CREATE INDEX IF NOT EXISTS idx_changelogs_published ON changelogs(is_published, released_at DESC);
CREATE INDEX IF NOT EXISTS idx_changelog_reads_user ON changelog_reads(user_id, changelog_id);
CREATE INDEX IF NOT EXISTS idx_onboarding_brand ON onboarding_progress(brand_id);
CREATE INDEX IF NOT EXISTS idx_onboarding_user ON onboarding_progress(user_id);
CREATE INDEX IF NOT EXISTS idx_user_activity_user ON user_activity_logs(user_id);
CREATE INDEX IF NOT EXISTS idx_user_activity_brand ON user_activity_logs(brand_id);
CREATE INDEX IF NOT EXISTS idx_user_activity_created ON user_activity_logs(created_at DESC);
CREATE INDEX IF NOT EXISTS idx_api_keys_brand ON api_keys(brand_id);
CREATE INDEX IF NOT EXISTS idx_api_keys_active ON api_keys(is_active);
COMMIT;
+232
View File
@@ -0,0 +1,232 @@
-- Seed data for production development and testing
BEGIN;
-- =============================================================================
-- DEMO BRANDS
-- =============================================================================
INSERT INTO brands (id, name, slug, plan_tier, max_users, max_stops_monthly, max_products, stripe_customer_id, created_at)
VALUES
('a1b2c3d4-e5f6-7890-abcd-ef1234567890', 'Sunrise Farms', 'sunrise-farms', 'enterprise', 10, 100, 500, 'cus_demo_sunrise', NOW()),
('b2c3d4e5-f6a7-8901-bcde-f12345678901', 'Green Valley Organics', 'green-valley', 'farm', 5, 50, 250, 'cus_demo_green', NOW()),
('c3d4e5f6-a7b8-9012-cdef-123456789012', 'Orchard Fresh', 'orchard-fresh', 'starter', 2, 10, 50, 'cus_demo_orchard', NOW())
ON CONFLICT (id) DO NOTHING;
-- =============================================================================
-- DEMO PRODUCTS FOR SUNRISE FARMS
-- =============================================================================
INSERT INTO products (id, brand_id, name, description, price, unit, category, sku, is_active, is_taxable, image_url, created_at)
VALUES
('p0010001-0000-0000-0000-000000000001', 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
'Honeycrisp Apples', 'Premium organic Honeycrisp apples, sweet and crisp', 3.99, 'lb', 'Apples', 'APP-HC-001', true, true, NULL, NOW()),
('p0010002-0000-0000-0000-000000000002', 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
'Gala Apples', 'Sweet and mild Gala apples, perfect for snacking', 3.49, 'lb', 'Apples', 'APP-GA-001', true, true, NULL, NOW()),
('p0010003-0000-0000-0000-000000000003', 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
'Valencia Oranges', 'Fresh Valencia oranges, great for juicing', 2.99, 'lb', 'Oranges', 'ORG-VA-001', true, true, NULL, NOW()),
('p0010004-0000-0000-0000-000000000004', 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
'Navel Oranges', 'Seedless Navel oranges, sweet and easy to peel', 3.29, 'lb', 'Oranges', 'ORG-NA-001', true, true, NULL, NOW()),
('p0010005-0000-0000-0000-000000000005', 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
'Ruby Red Grapefruit', 'Juicy Ruby Red grapefruit, perfectly balanced sweet-tart', 3.79, 'lb', 'Citrus', 'GRF-RR-001', true, true, NULL, NOW()),
('p0010006-0000-0000-0000-000000000006', 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
'Pink Lady Apples', 'Crisp and sweet Pink Lady apples', 4.29, 'lb', 'Apples', 'APP-PL-001', true, true, NULL, NOW()),
('p0010007-0000-0000-0000-000000000007', 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
'Tangerines', 'Sweet and juicy tangerines, easy to peel', 4.49, 'lb', 'Citrus', 'CIT-TN-001', true, true, NULL, NOW()),
('p0010008-0000-0000-0000-000000000008', 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
'Meyer Lemons', 'Fragrant Meyer lemons, sweeter than regular lemons', 4.99, 'lb', 'Lemons', 'LEM-ME-001', true, true, NULL, NOW()),
('p0010009-0000-0000-0000-000000000009', 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
'Lime Mix Pack', 'Seasonal mix of Persian and Key limes', 5.99, 'lb', 'Lemons', 'LIM-MX-001', true, true, NULL, NOW()),
('p0010010-0000-0000-0000-000000000010', 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
'Mixed Citrus Box', 'Seasonal assortment of 5+ citrus varieties, 20lb box', 54.99, 'box', 'Boxes', 'BOX-MC-001', true, true, NULL, NOW())
ON CONFLICT (id) DO NOTHING;
-- =============================================================================
-- DEMO STOPS FOR SUNRISE FARMS
-- =============================================================================
INSERT INTO stops (id, brand_id, name, address, city, state, postal_code, scheduled_at, status, created_at)
VALUES
('s0010001-0000-0000-0000-000000000001', 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
'Downtown Farmers Market', '123 Main Street', 'Orlando', 'FL', '32801', NOW() + INTERVAL '2 days', 'scheduled', NOW()),
('s0010002-0000-0000-0000-000000000002', 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
'Winter Park Community', '456 Park Avenue', 'Winter Park', 'FL', '32789', NOW() + INTERVAL '3 days', 'scheduled', NOW()),
('s0010003-0000-0000-0000-000000000003', 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
'Maitland Office Park', '789 Commerce Blvd', 'Maitland', 'FL', '32751', NOW() + INTERVAL '5 days', 'scheduled', NOW()),
('s0010004-0000-0000-0000-000000000004', 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
'UCF Campus Store', '4000 Central Florida Blvd', 'Orlando', 'FL', '32816', NOW() + INTERVAL '7 days', 'scheduled', NOW()),
('s0010005-0000-0000-0000-000000000005', 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
'Lake Mary Corporate', '1000 Business Center Dr', 'Lake Mary', 'FL', '32746', NOW() + INTERVAL '10 days', 'scheduled', NOW())
ON CONFLICT (id) DO NOTHING;
-- =============================================================================
-- DEMO CUSTOMERS
-- =============================================================================
INSERT INTO customers (id, brand_id, email, first_name, last_name, phone, company, created_at)
VALUES
('c0010001-0000-0000-0000-000000000001', 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
'john.smith@email.com', 'John', 'Smith', '+1-407-555-0101', 'Smith Family Farm', NOW()),
('c0010002-0000-0000-0000-000000000002', 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
'sarah.jones@email.com', 'Sarah', 'Jones', '+1-407-555-0102', 'Jones Organic Co', NOW()),
('c0010003-0000-0000-0000-000000000003', 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
'mike.wilson@email.com', 'Mike', 'Wilson', '+1-407-555-0103', 'Wilson Grocers', NOW()),
('c0010004-0000-0000-0000-000000000004', 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
'emily.brown@email.com', 'Emily', 'Brown', '+1-407-555-0104', 'Brown Cafe', NOW()),
('c0010005-0000-0000-0000-000000000005', 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
'david.lee@email.com', 'David', 'Lee', '+1-407-555-0105', 'Lee Restaurant Group', NOW())
ON CONFLICT (id) DO NOTHING;
-- =============================================================================
-- DEMO WHOLESALE CUSTOMERS
-- =============================================================================
INSERT INTO wholesale_customers (id, brand_id, company_name, contact_name, email, phone, credit_limit, payment_terms, is_active, created_at)
VALUES
('w0010001-0000-0000-0000-000000000001', 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
'Whole Foods Market', 'Amanda Green', 'amanda.g@wholefoods.com', '+1-512-555-0201', 10000.00, 'net30', true, NOW()),
('w0010002-0000-0000-0000-000000000002', 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
'Publix Super Markets', 'Robert Baker', 'robert.b@publix.com', '+1-863-555-0202', 25000.00, 'net30', true, NOW()),
('w0010003-0000-0000-0000-000000000003', 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
'Fresh Market', 'Lisa Chen', 'lisa.c@freshmarket.com', '+1-919-555-0203', 15000.00, 'net15', true, NOW()),
('w0010004-0000-0000-0000-000000000004', 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
'Trader Joes', 'Mark Johnson', 'mark.j@traderjoes.com', '+1-626-555-0204', 20000.00, 'net30', true, NOW())
ON CONFLICT (id) DO NOTHING;
-- =============================================================================
-- DEMO ORDERS
-- =============================================================================
INSERT INTO orders (id, brand_id, customer_id, status, fulfillment, total_amount, customer_email, customer_name, customer_address, created_at)
VALUES
('o0010001-0000-0000-0000-000000000001', 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
'c0010001-0000-0000-0000-000000000001', 'completed', 'pickup', 45.87, 'john.smith@email.com', 'John Smith', '123 Main St, Orlando FL 32801', NOW() - INTERVAL '7 days'),
('o0010002-0000-0000-0000-000000000002', 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
'c0010002-0000-0000-0000-000000000002', 'completed', 'pickup', 62.34, 'sarah.jones@email.com', 'Sarah Jones', '456 Oak Ave, Winter Park FL 32789', NOW() - INTERVAL '5 days'),
('o0010003-0000-0000-0000-000000000003', 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
'c0010003-0000-0000-0000-000000000003', 'confirmed', 'pickup', 38.92, 'mike.wilson@email.com', 'Mike Wilson', '789 Pine St, Maitland FL 32751', NOW() - INTERVAL '2 days'),
('o0010004-0000-0000-0000-000000000004', 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
'c0010004-0000-0000-0000-000000000004', 'pending', 'ship', 89.55, 'emily.brown@email.com', 'Emily Brown', '321 Elm Blvd, Orlando FL 32816', NOW() - INTERVAL '1 day'),
('o0010005-0000-0000-0000-000000000005', 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
'c0010005-0000-0000-0000-000000000005', 'preparing', 'mixed', 156.78, 'david.lee@email.com', 'David Lee', '555 Commerce Dr, Lake Mary FL 32746', NOW())
ON CONFLICT (id) DO NOTHING;
-- =============================================================================
-- DEMO ORDER ITEMS
-- =============================================================================
INSERT INTO order_items (id, order_id, product_id, quantity, price, fulfillment, created_at)
VALUES
('oi001001-0000-0000-0000-0000000001', 'o0010001-0000-0000-0000-000000000001', 'p0010001-0000-0000-0000-000000000001', 5, 3.99, 'pickup', NOW() - INTERVAL '7 days'),
('oi001002-0000-0000-0000-0000000002', 'o0010001-0000-0000-0000-000000000001', 'p0010003-0000-0000-0000-000000000003', 8, 2.99, 'pickup', NOW() - INTERVAL '7 days'),
('oi002001-0000-0000-0000-0000000003', 'o0010002-0000-0000-0000-000000000002', 'p0010002-0000-0000-0000-000000000002', 10, 3.49, 'pickup', NOW() - INTERVAL '5 days'),
('oi002002-0000-0000-0000-0000000004', 'o0010002-0000-0000-0000-000000000002', 'p0010005-0000-0000-0000-000000000005', 6, 3.79, 'pickup', NOW() - INTERVAL '5 days'),
('oi003001-0000-0000-0000-0000000005', 'o0010003-0000-0000-0000-000000000003', 'p0010004-0000-0000-0000-000000000004', 7, 3.29, 'pickup', NOW() - INTERVAL '2 days'),
('oi003002-0000-0000-0000-0000000006', 'o0010003-0000-0000-0000-000000000003', 'p0010007-0000-0000-0000-000000000007', 4, 4.49, 'pickup', NOW() - INTERVAL '2 days'),
('oi004001-0000-0000-0000-0000000007', 'o0010004-0000-0000-0000-000000000004', 'p0010010-0000-0000-0000-000000000010', 1, 54.99, 'ship', NOW() - INTERVAL '1 day'),
('oi004002-0000-0000-0000-0000000008', 'o0010004-0000-0000-0000-000000000004', 'p0010001-0000-0000-0000-000000000001', 5, 3.99, 'ship', NOW() - INTERVAL '1 day'),
('oi004003-0000-0000-0000-0000000009', 'o0010004-0000-0000-0000-000000000004', 'p0010006-0000-0000-0000-000000000006', 4, 4.29, 'ship', NOW() - INTERVAL '1 day'),
('oi005001-0000-0000-0000-0000000010', 'o0010005-0000-0000-0000-000000000005', 'p0010010-0000-0000-0000-000000000010', 2, 54.99, 'pickup', NOW()),
('oi005002-0000-0000-0000-0000000011', 'o0010005-0000-0000-0000-000000000005', 'p0010003-0000-0000-0000-000000000003', 10, 2.99, 'ship', NOW())
ON CONFLICT (id) DO NOTHING;
-- =============================================================================
-- DEMO COMMUNICATION CONTACTS
-- =============================================================================
INSERT INTO communication_contacts (id, brand_id, email, first_name, last_name, phone, company, email_opt_in, sms_opt_in, tags, created_at)
VALUES
('cc001001-0000-0000-0000-0000000001', 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
'alex.rivera@email.com', 'Alex', 'Rivera', '+1-407-555-0301', 'Rivera Consulting', true, false, ARRAY['vip', 'wholesale'], NOW()),
('cc001002-0000-0000-0000-0000000002', 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
'jennifer.martinez@email.com', 'Jennifer', 'Martinez', '+1-407-555-0302', 'Martinez Restaurant', true, true, ARRAY['restaurant', 'wholesale'], NOW()),
('cc001003-0000-0000-0000-0000000003', 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
'chris.taylor@email.com', 'Chris', 'Taylor', '+1-407-555-0303', 'Taylor Grocers', true, false, ARRAY['retail'], NOW()),
('cc001004-0000-0000-0000-0000000004', 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
'michelle.davis@email.com', 'Michelle', 'Davis', '+1-407-555-0304', 'Davis Hotel Group', true, false, ARRAY['hospitality', 'wholesale'], NOW()),
('cc001005-0000-0000-0000-0000000005', 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
'andrew.wilson@email.com', 'Andrew', 'Wilson', '+1-407-555-0305', 'Wilson Catering', true, true, ARRAY['catering'], NOW())
ON CONFLICT (id) DO NOTHING;
-- =============================================================================
-- DEMO WATER LOG FIELDS
-- =============================================================================
INSERT INTO water_fields (id, brand_id, name, location, size_acres, crop_type, notes, created_at)
VALUES
('wf001001-0000-0000-0000-0000000001', 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
'North Grove Section A', 'GPS: 28.5383,-81.3792', 15.5, 'Citrus', 'Primary navel orange section', NOW()),
('wf001002-0000-0000-0000-0000000002', 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
'South Orchard', 'GPS: 28.5200,-81.4000', 22.0, 'Mixed Citrus', 'Mixed variety planting', NOW()),
('wf001003-0000-0000-0000-0000000003', 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
'East Block - Honeycrisp', 'GPS: 28.5450,-81.3500', 8.5, 'Apples', 'Premium Honeycrisp apples', NOW()),
('wf001004-0000-0000-0000-0000000004', 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
'West Test Plot', 'GPS: 28.5300,-81.4200', 3.0, 'Experimental', 'New variety test section', NOW())
ON CONFLICT (id) DO NOTHING;
-- =============================================================================
-- DEMO WATER LOGS
-- =============================================================================
INSERT INTO water_logs (id, brand_id, field_id, gallons, duration_minutes, water_method, notes, logged_at, created_at)
VALUES
('wl001001-0000-0000-0000-0000000001', 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
'wf001001-0000-0000-0000-0000000001', 2500, 45, 'drip', 'Regular weekly irrigation', NOW() - INTERVAL '2 days', NOW() - INTERVAL '2 days'),
('wl001002-0000-0000-0000-0000000002', 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
'wf001002-0000-0000-0000-0000000002', 4200, 60, 'sprinkler', 'Deep watering after dry spell', NOW() - INTERVAL '1 day', NOW() - INTERVAL '1 day'),
('wl001003-0000-0000-0000-0000000003', 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
'wf001003-0000-0000-0000-0000000003', 1800, 30, 'drip', 'Focused irrigation on new trees', NOW(), NOW()),
('wl001004-0000-0000-0000-0000000004', 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
'wf001001-0000-0000-0000-0000000001', 2800, 50, 'drip', 'Extended session for heat wave', NOW() - INTERVAL '4 days', NOW() - INTERVAL '4 days')
ON CONFLICT (id) DO NOTHING;
-- =============================================================================
-- DEMO CHANGELOGS
-- =============================================================================
INSERT INTO changelogs (id, brand_id, version, title, description, content, released_at, is_published, feature_type)
VALUES
('cl001001-0000-0000-0000-0000000001', 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
'2.0.0', 'Major Platform Update',
'We have rolled out significant improvements to the platform including a new analytics dashboard, improved order management, and faster performance.',
'[
{"type": "feature", "title": "New Analytics Dashboard", "description": "Real-time insights into your business performance with customizable reports and charts."},
{"type": "feature", "title": "Improved Order Management", "description": "Faster order processing with batch operations and smart filtering."},
{"type": "improvement", "title": "50% Faster Load Times", "description": "Optimized frontend for lightning-fast navigation across all pages."},
{"type": "bugfix", "title": "Fixed Mobile Checkout", "description": "Resolved issues with checkout on iOS devices."}
]'::jsonb,
NOW() - INTERVAL '3 days', true, 'major'),
('cl001002-0000-0000-0000-0000000002', 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
'1.9.5', 'Water Log Enhancement',
'Added new water tracking features including field mapping and usage analytics.',
'[
{"type": "feature", "title": "Field GPS Mapping", "description": "Track water usage by GPS-defined field boundaries."},
{"type": "feature", "title": "Usage Analytics", "description": "Weekly and monthly water usage reports with trend analysis."},
{"type": "improvement", "title": "Mobile-Friendly Interface", "description": "Optimized for field workers on mobile devices."}
]'::jsonb,
NOW() - INTERVAL '2 weeks', true, 'feature')
ON CONFLICT (id) DO NOTHING;
-- =============================================================================
-- DEMO REFERRAL CODES
-- =============================================================================
INSERT INTO referral_codes (id, brand_id, referrer_user_id, referral_code, referrer_email, reward_type, reward_value, max_uses)
VALUES
('rc001001-0000-0000-0000-0000000001', 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
'u0010001-0000-0000-0000-0000000001', 'SUNRISE20', 'admin@sunrisefarms.com', 'percentage', 20.00, 10)
ON CONFLICT (id) DO NOTHING;
-- =============================================================================
-- DEMO ADMIN USERS
-- =============================================================================
INSERT INTO admin_users (id, user_id, brand_id, email, role, active, can_manage_products, can_manage_stops, can_manage_orders, can_manage_pickup, can_manage_messages, can_manage_refunds, can_manage_users, can_manage_water_log, can_manage_reports, can_manage_settings)
VALUES
('au001001-0000-0000-0000-0000000001', 'u0010001-0000-0000-0000-0000000001', 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
'admin@sunrisefarms.com', 'brand_admin', true, true, true, true, true, true, true, true, true, true),
('au001002-0000-0000-0000-0000000002', 'u0010002-0000-0000-0000-0000000002', 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
'manager@sunrisefarms.com', 'brand_admin', true, true, true, true, false, true, false, true, true, true)
ON CONFLICT (id) DO NOTHING;
COMMIT;