feat(storage): MinIO object storage, Neon Auth, Supabase removal
Deploy to route.crispygoat.com / deploy (push) Failing after 7s
Deploy to route.crispygoat.com / deploy (push) Failing after 7s
- Add MinIO/S3-compatible storage client (src/lib/storage.ts) with uploadObject, deleteObject, presigned URL helpers, and BUCKETS constant - Wire product images, brand logos, and water log photos to MinIO via the new storage client - Migrate forgot-password to Neon Auth (remove Supabase /auth/v1/recover call) - Migrate send-scheduled cron to direct Postgres + Resend (remove Supabase Edge Function proxy) - Add logoUrl to email types (OrderReceipt, Welcome, PasswordReset) and pass brand_settings.logo_url from all call sites - Update email templates to use dynamic logoUrl instead of hardcoded Supabase bucket URLs - Remove hardcoded Supabase URLs from TuxedoVideoHero, TuxedoAboutPage, TimeTrackingFieldClient; use brand_settings props + local public/ fallback - Download brand logos (3) and tuxedo-hero.mp4 (36MB) from Supabase bucket to public/ for local development - Add MinIO env vars to .env.example (endpoint, access key, secret, buckets) - Fix TimeTrackingFieldClient to destructure logoUrl and brandAccent props - Fix admin/users.ts logoUrl type (null → undefined for optional string) - Remove stale sb- cookie from wholesale-auth - Migrate tuxedo/about page to remove supabase import and use pool query for wholesale_settings lookup
This commit is contained in:
+23
-22
@@ -1,24 +1,24 @@
|
||||
/**
|
||||
* Drizzle client + tenant-scoped query helper.
|
||||
* Drizzle client + brand-scoped query helper.
|
||||
*
|
||||
* The app connects to Postgres directly via the `pg` driver. Drizzle sits
|
||||
* on top, providing typed queries. The `withTenant` wrapper is the only
|
||||
* sanctioned way to run a tenant-scoped query — it sets the
|
||||
* `app.current_tenant_id` GUC transaction-locally, and the database's
|
||||
* RLS policies enforce tenant isolation even if application code forgets
|
||||
* a `WHERE tenant_id = $1`.
|
||||
* on top, providing typed queries. The `withBrand` wrapper is the only
|
||||
* sanctioned way to run a brand-scoped query — it sets the
|
||||
* `app.current_brand_id` GUC transaction-locally, and the database's
|
||||
* RLS policies enforce brand isolation even if application code forgets
|
||||
* a `WHERE brand_id = $1`.
|
||||
*
|
||||
* Usage (read):
|
||||
* const products = await withTenant(tenantId, (db) =>
|
||||
* const products = await withBrand(brandId, (db) =>
|
||||
* db.select().from(productsTable).where(eq(productsTable.active, true)),
|
||||
* );
|
||||
*
|
||||
* Usage (platform admin — sees all tenants):
|
||||
* const allTenants = await withPlatformAdmin((db) =>
|
||||
* db.select().from(tenantsTable),
|
||||
* Usage (platform admin — sees all brands):
|
||||
* const allBrands = await withPlatformAdmin((db) =>
|
||||
* db.select().from(brandsTable),
|
||||
* );
|
||||
*
|
||||
* Usage (no tenant — for the rare case the query isn't tenant-scoped):
|
||||
* Usage (no brand — for the rare case the query isn't brand-scoped):
|
||||
* const plans = await withDb((db) => db.select().from(plansTable));
|
||||
*/
|
||||
|
||||
@@ -57,10 +57,10 @@ function getPool(): Pool {
|
||||
}
|
||||
|
||||
/**
|
||||
* Run `fn` with a Drizzle client. No tenant context is set — the caller
|
||||
* Run `fn` with a Drizzle client. No brand context is set — the caller
|
||||
* is responsible for RLS bypass (e.g. for the `plans` and `add_ons` tables,
|
||||
* which are not tenant-scoped). For tenant-scoped reads, prefer
|
||||
* `withTenant` or `withPlatformAdmin`.
|
||||
* which are not brand-scoped). For brand-scoped reads, prefer
|
||||
* `withBrand` or `withPlatformAdmin`.
|
||||
*/
|
||||
export async function withDb<T>(fn: (db: Db) => Promise<T>): Promise<T> {
|
||||
const client = await getPool().connect();
|
||||
@@ -73,22 +73,22 @@ export async function withDb<T>(fn: (db: Db) => Promise<T>): Promise<T> {
|
||||
}
|
||||
|
||||
/**
|
||||
* Run `fn` inside a transaction with the current tenant id set as a
|
||||
* transaction-local GUC. RLS policies on tenant-scoped tables will allow
|
||||
* reads/writes only for rows where `tenant_id` matches. Pass `null` to
|
||||
* Run `fn` inside a transaction with the current brand id set as a
|
||||
* transaction-local GUC. RLS policies on brand-scoped tables will allow
|
||||
* reads/writes only for rows where `brand_id` matches. Pass `null` to
|
||||
* fail open (don't set the GUC) — only useful for the migrations
|
||||
* themselves, never for app code.
|
||||
*/
|
||||
export async function withTenant<T>(
|
||||
tenantId: string,
|
||||
export async function withBrand<T>(
|
||||
brandId: string,
|
||||
fn: (db: Db) => Promise<T>,
|
||||
): Promise<T> {
|
||||
return runInTransaction(async (client) => {
|
||||
// set_config(setting, value, is_local) — is_local=true makes it
|
||||
// transaction-local so it auto-resets at COMMIT/ROLLBACK and never
|
||||
// leaks across pooled connections.
|
||||
await client.query("SELECT set_config('app.current_tenant_id', $1, true)", [
|
||||
tenantId,
|
||||
await client.query("SELECT set_config('app.current_brand_id', $1, true)", [
|
||||
brandId,
|
||||
]);
|
||||
await client.query("SELECT set_config('app.platform_admin', 'false', true)");
|
||||
const db = drizzle(client, { schema });
|
||||
@@ -97,13 +97,14 @@ export async function withTenant<T>(
|
||||
}
|
||||
|
||||
/**
|
||||
* Run `fn` as platform admin. RLS policies permit access to all tenants.
|
||||
* Run `fn` as platform admin. RLS policies permit access to all brands.
|
||||
* Use sparingly — typically only in the /admin/platform routes.
|
||||
*/
|
||||
export async function withPlatformAdmin<T>(
|
||||
fn: (db: Db) => Promise<T>,
|
||||
): Promise<T> {
|
||||
return runInTransaction(async (client) => {
|
||||
await client.query("SELECT set_config('app.current_brand_id', '', true)");
|
||||
await client.query("SELECT set_config('app.platform_admin', 'true', true)");
|
||||
const db = drizzle(client, { schema });
|
||||
return fn(db);
|
||||
|
||||
Reference in New Issue
Block a user