migrate: replace Supabase REST with Drizzle/pg in water-log/time-tracking/reports/etc (wave 4)
This commit is contained in:
@@ -1,15 +1,6 @@
|
||||
"use server";
|
||||
|
||||
import { createClient as createServiceClient } from "@supabase/supabase-js";
|
||||
|
||||
function getServiceClient() {
|
||||
const roleKey = process.env.SUPABASE_SERVICE_ROLE_KEY;
|
||||
if (!roleKey) throw new Error("SUPABASE_SERVICE_ROLE_KEY not set");
|
||||
return createServiceClient(
|
||||
process.env.NEXT_PUBLIC_SUPABASE_URL!,
|
||||
roleKey,
|
||||
);
|
||||
}
|
||||
import { query } from "@/lib/db";
|
||||
|
||||
export type ResetAdminPasswordResult =
|
||||
| { success: true; tempPassword: string }
|
||||
@@ -17,35 +8,35 @@ export type ResetAdminPasswordResult =
|
||||
|
||||
/**
|
||||
* Emergency recovery action — only usable in development or when the caller
|
||||
* already has service role access. Resets the password for the specified email
|
||||
* already has direct DB access. Resets the password for the specified email
|
||||
* and returns the temp password so it can be displayed to the user.
|
||||
*
|
||||
* Now that Supabase auth is gone, this hits the `users` table directly and
|
||||
* calls the same `update_user_password` SECURITY DEFINER RPC used by the
|
||||
* self-service password change action.
|
||||
*/
|
||||
export async function resetAdminPassword(
|
||||
email: string,
|
||||
newPassword: string
|
||||
): Promise<ResetAdminPasswordResult> {
|
||||
const service = getServiceClient();
|
||||
|
||||
// Look up auth user by email
|
||||
const { data: authUsers, error: listError } = await service.auth.admin.listUsers();
|
||||
if (listError || !authUsers?.users) {
|
||||
return { success: false, error: "Could not list users: " + listError?.message };
|
||||
}
|
||||
|
||||
const authUser = authUsers.users.find((u) => u.email?.toLowerCase() === email.toLowerCase());
|
||||
if (!authUser) {
|
||||
// Look up the user by email
|
||||
const { rows } = await query<{ id: string }>(
|
||||
"SELECT id FROM users WHERE email = $1 LIMIT 1",
|
||||
[email.toLowerCase()],
|
||||
);
|
||||
const user = rows[0];
|
||||
if (!user) {
|
||||
return { success: false, error: "No auth user found for that email address." };
|
||||
}
|
||||
|
||||
// Update password via service role
|
||||
const { error: updateError } = await service.auth.admin.updateUserById(
|
||||
authUser.id,
|
||||
{ password: newPassword, email_confirm: true }
|
||||
);
|
||||
|
||||
if (updateError) {
|
||||
return { success: false, error: updateError.message };
|
||||
// Update password via SECURITY DEFINER RPC
|
||||
try {
|
||||
await query("SELECT update_user_password($1, $2)", [user.id, newPassword]);
|
||||
return { success: true, tempPassword: newPassword };
|
||||
} catch (err) {
|
||||
return {
|
||||
success: false,
|
||||
error: err instanceof Error ? err.message : "Failed to update password",
|
||||
};
|
||||
}
|
||||
|
||||
return { success: true, tempPassword: newPassword };
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user