916ad39176
Deploy to route.crispygoat.com / deploy (push) Failing after 3m1s
- Add MinIO/S3-compatible storage client (src/lib/storage.ts) with uploadObject, deleteObject, presigned URL helpers, and BUCKETS constant - Wire product images, brand logos, and water log photos to MinIO via the new storage client - Migrate forgot-password to Neon Auth (remove Supabase /auth/v1/recover call) - Migrate send-scheduled cron to direct Postgres + Resend (remove Supabase Edge Function proxy) - Add logoUrl to email types (OrderReceipt, Welcome, PasswordReset) and pass brand_settings.logo_url from all call sites - Update email templates to use dynamic logoUrl instead of hardcoded Supabase bucket URLs - Remove hardcoded Supabase URLs from TuxedoVideoHero, TuxedoAboutPage, TimeTrackingFieldClient; use brand_settings props + local public/ fallback - Download brand logos (3) and tuxedo-hero.mp4 (36MB) from Supabase bucket to public/ for local development - Add MinIO env vars to .env.example (endpoint, access key, secret, buckets) - Fix TimeTrackingFieldClient to destructure logoUrl and brandAccent props - Fix admin/users.ts logoUrl type (null → undefined for optional string) - Remove stale sb- cookie from wholesale-auth - Migrate tuxedo/about page to remove supabase import and use pool query for wholesale_settings lookup
11 lines
536 B
SQL
11 lines
536 B
SQL
-- ============================================================
|
|
-- Remove broad anon SELECT policies
|
|
-- ============================================================
|
|
-- The checkout flow no longer requires post-checkout SELECT
|
|
-- because the RPC returns full order data directly.
|
|
-- Admin SELECT is handled by server-side auth (getAdminUser).
|
|
|
|
-- Drop the overly permissive read policies
|
|
DROP POLICY IF EXISTS "Allow public read on orders for checkout" ON orders;
|
|
DROP POLICY IF EXISTS "Allow public read on order_items" ON order_items;
|