feat(db+auth): add pg pool, admin_users email/provider migration, refactor auth lookup
- Create src/lib/db.ts (shared pg.Pool, query/withTx helpers, server-only) - Add @types/pg devDep - Migration 204: add email, auth_provider, auth_subject columns to admin_users; backfill from auth.users; new upsert_admin_user accepts multi-provider args; new get_admin_user_for_session RPC resolves Auth.js session id (UUID or Google sub) to an admin row - Refactor getAdminUser() to use pg + new RPC; auto-provisions on first Google sign-in using session.user.email - Refactor updatePasswordAction to call update_user_password via pg (drops the Supabase REST hop) - Delete orphaned src/actions/login.ts (replaced by auth-actions.ts) - Drop remaining DEV_FORCE_UID references in users.ts; dev path now uses dev_session cookie (the only cookie the dev flow can set) - Update AdminUser type: user_id is now string | null (Google users have no Supabase auth id); add email + auth_provider fields - Fix downstream type errors: StopProductAssignment.callerUid accepts null; pickup.ts performedBy widens to string | null - Bump vitest config, tests/, and other earlier cleanup changes
This commit is contained in:
@@ -1,30 +1,48 @@
|
||||
"use server";
|
||||
|
||||
import { cookies } from "next/headers";
|
||||
import { createClient as createServiceClient } from "@supabase/supabase-js";
|
||||
import { auth } from "@/lib/auth";
|
||||
import { query } from "@/lib/db";
|
||||
|
||||
/**
|
||||
* Update the current user's Supabase auth password.
|
||||
*
|
||||
* Reads the Auth.js v5 session to identify the user. The session's
|
||||
* `user.id` is either:
|
||||
* - a Supabase auth user id (UUID) for email/password sign-ins
|
||||
* - a Google `sub` (non-UUID) for Google sign-ins — these are not
|
||||
* provisioned in Supabase auth, so the RPC will reject them. Google
|
||||
* users must be provisioned in Supabase auth separately.
|
||||
*
|
||||
* The password update itself runs as a SECURITY DEFINER PL/pgSQL function
|
||||
* (`update_user_password`) inside the database, called directly via the
|
||||
* shared `pg` pool. No Supabase REST hop required.
|
||||
*/
|
||||
export async function updatePasswordAction(
|
||||
newPassword: string
|
||||
): Promise<{ error?: string }> {
|
||||
const cookieStore = await cookies();
|
||||
const uid =
|
||||
cookieStore.get("rc_auth_uid")?.value ??
|
||||
cookieStore.get("rc_uid")?.value;
|
||||
|
||||
): Promise<{ error?: string; userId?: string }> {
|
||||
const session = await auth();
|
||||
const uid = session?.user?.id;
|
||||
if (!uid) {
|
||||
return { error: "Not authenticated. Please log in again." };
|
||||
}
|
||||
|
||||
const service = createServiceClient(
|
||||
process.env.NEXT_PUBLIC_SUPABASE_URL!,
|
||||
process.env.SUPABASE_SERVICE_ROLE_KEY!
|
||||
);
|
||||
const UUID_REGEX = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
|
||||
if (!UUID_REGEX.test(uid)) {
|
||||
return {
|
||||
error:
|
||||
"Password change is not available for social sign-in accounts. Please contact an admin.",
|
||||
};
|
||||
}
|
||||
|
||||
const { error } = await service.rpc("update_user_password", {
|
||||
p_user_id: uid,
|
||||
p_password: newPassword,
|
||||
});
|
||||
|
||||
if (error) return { error: error.message };
|
||||
return {};
|
||||
}
|
||||
try {
|
||||
// The RPC is SECURITY DEFINER and returns a single row (or raises).
|
||||
// We SELECT it (rather than SELECT update_user_password(...)) so the
|
||||
// call stays a normal parameterized query and we can read the result.
|
||||
await query("SELECT update_user_password($1, $2)", [uid, newPassword]);
|
||||
return { userId: uid };
|
||||
} catch (err) {
|
||||
const message =
|
||||
err instanceof Error ? err.message : "Failed to update password.";
|
||||
return { error: message };
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user