feat(db+auth): add pg pool, admin_users email/provider migration, refactor auth lookup
- Create src/lib/db.ts (shared pg.Pool, query/withTx helpers, server-only) - Add @types/pg devDep - Migration 204: add email, auth_provider, auth_subject columns to admin_users; backfill from auth.users; new upsert_admin_user accepts multi-provider args; new get_admin_user_for_session RPC resolves Auth.js session id (UUID or Google sub) to an admin row - Refactor getAdminUser() to use pg + new RPC; auto-provisions on first Google sign-in using session.user.email - Refactor updatePasswordAction to call update_user_password via pg (drops the Supabase REST hop) - Delete orphaned src/actions/login.ts (replaced by auth-actions.ts) - Drop remaining DEV_FORCE_UID references in users.ts; dev path now uses dev_session cookie (the only cookie the dev flow can set) - Update AdminUser type: user_id is now string | null (Google users have no Supabase auth id); add email + auth_provider fields - Fix downstream type errors: StopProductAssignment.callerUid accepts null; pickup.ts performedBy widens to string | null - Bump vitest config, tests/, and other earlier cleanup changes
This commit is contained in:
@@ -0,0 +1,51 @@
|
||||
"use server";
|
||||
|
||||
import { signIn, signOut } from "@/lib/auth";
|
||||
import { AuthError } from "next-auth";
|
||||
|
||||
export type SignInResult = { ok: true } | { ok: false; error: string };
|
||||
|
||||
/**
|
||||
* Sign in with the email/password (Supabase-backed) Credentials provider
|
||||
* configured in src/lib/auth.ts.
|
||||
*/
|
||||
export async function signInWithPassword(
|
||||
_prev: SignInResult | null,
|
||||
formData: FormData
|
||||
): Promise<SignInResult> {
|
||||
const email = String(formData.get("email") ?? "").trim();
|
||||
const password = String(formData.get("password") ?? "");
|
||||
|
||||
if (!email) return { ok: false, error: "Please enter your email address." };
|
||||
if (!password) return { ok: false, error: "Please enter your password." };
|
||||
|
||||
try {
|
||||
await signIn("supabase-password", {
|
||||
email,
|
||||
password,
|
||||
redirect: false,
|
||||
});
|
||||
return { ok: true };
|
||||
} catch (err) {
|
||||
if (err instanceof AuthError) {
|
||||
return { ok: false, error: "Invalid email or password." };
|
||||
}
|
||||
throw err;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Kick off the Google OAuth flow. Auth.js will redirect to Google's consent
|
||||
* screen and then back to /api/auth/callback/google, which sets the session
|
||||
* cookie and redirects to the configured callback URL.
|
||||
*/
|
||||
export async function signInWithGoogle(): Promise<void> {
|
||||
await signIn("google", { redirectTo: "/admin" });
|
||||
}
|
||||
|
||||
/**
|
||||
* Sign out and clear the Auth.js session cookie.
|
||||
*/
|
||||
export async function signOutAction(): Promise<void> {
|
||||
await signOut({ redirectTo: "/login" });
|
||||
}
|
||||
Reference in New Issue
Block a user