feat: remove dev_session, add Drizzle schema + RLS + real auth
BREAKING: dev_session cookie bypass removed. Admin access now requires a real Auth.js v5 session (Google OAuth in production). Provision users by inserting into users + tenant_users tables. New in this commit: - db/migrations/0001_init.sql: 18-table SaaS schema with RLS (tenants, users, tenant_users, plans, add_ons, subscriptions, tenant_add_ons, products, product_images, stops, customers, orders, order_items, brand_settings, email_templates, campaigns, files, audit_log) - db/schema/: Drizzle TypeScript mirror of every table - db/client.ts: withTenant() / withPlatformAdmin() query wrappers that set Postgres GUCs (app.current_tenant_id, app.platform_admin) for RLS enforcement. Never query a tenant-scoped table without one. - db/seed.ts: seeds 3 plans, 6 add-ons, 2 tenants (Tuxedo, Indian River Direct), brand_settings, sample products/stops/customers - scripts/migrate.js: applies migrations in lexical order with tracking - scripts/db-reset.js: drops + recreates DB, runs migrate + seed - DATABASE_URL now uses rc_app (non-superuser, NOBYPASSRLS). RLS is enforced even for the app user. DATABASE_ADMIN_URL for migrations. - src/lib/admin-permissions.ts: getAdminUser() reads Auth.js session, looks up user + tenant in Postgres. brand_id kept as alias for backward compat. - src/middleware.ts: Auth.js-only route protection, dev_session gone - src/app/login/LoginClient.tsx: Google OAuth only, no demo mode - src/components/admin/AdminSidebar.tsx + AdminHeader.tsx: signOutAction replaces supabase signout - @/db/* path aliases in tsconfig.json + vitest.config.ts - drizzle.config.ts added - db/auth_schema.sql removed (was a stub; replaced by real schema) - src/app/api/dev-login/route.ts deleted - tests: updated to remove dev_session coverage
This commit is contained in:
@@ -1,43 +1,16 @@
|
||||
"use server";
|
||||
|
||||
import "server-only";
|
||||
import { signIn, signOut } from "@/lib/auth";
|
||||
import { AuthError } from "next-auth";
|
||||
|
||||
export type SignInResult = { ok: true } | { ok: false; error: string };
|
||||
|
||||
/**
|
||||
* Sign in with the email/password (Supabase-backed) Credentials provider
|
||||
* configured in src/lib/auth.ts.
|
||||
*/
|
||||
export async function signInWithPassword(
|
||||
_prev: SignInResult | null,
|
||||
formData: FormData
|
||||
): Promise<SignInResult> {
|
||||
const email = String(formData.get("email") ?? "").trim();
|
||||
const password = String(formData.get("password") ?? "");
|
||||
|
||||
if (!email) return { ok: false, error: "Please enter your email address." };
|
||||
if (!password) return { ok: false, error: "Please enter your password." };
|
||||
|
||||
try {
|
||||
await signIn("supabase-password", {
|
||||
email,
|
||||
password,
|
||||
redirect: false,
|
||||
});
|
||||
return { ok: true };
|
||||
} catch (err) {
|
||||
if (err instanceof AuthError) {
|
||||
return { ok: false, error: "Invalid email or password." };
|
||||
}
|
||||
throw err;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Kick off the Google OAuth flow. Auth.js will redirect to Google's consent
|
||||
* screen and then back to /api/auth/callback/google, which sets the session
|
||||
* cookie and redirects to the configured callback URL.
|
||||
* Kick off the Google OAuth flow. Auth.js will redirect to Google's
|
||||
* consent screen and then back to /api/auth/callback/google, which sets
|
||||
* the session cookie and redirects to /admin.
|
||||
*
|
||||
* The historical Supabase-backed email/password sign-in action was
|
||||
* removed in the cleanup pass. Admin accounts are provisioned by an
|
||||
* existing platform admin via /admin/users.
|
||||
*/
|
||||
export async function signInWithGoogle(): Promise<void> {
|
||||
await signIn("google", { redirectTo: "/admin" });
|
||||
|
||||
Reference in New Issue
Block a user