916ad39176
Deploy to route.crispygoat.com / deploy (push) Failing after 3m1s
- Add MinIO/S3-compatible storage client (src/lib/storage.ts) with uploadObject, deleteObject, presigned URL helpers, and BUCKETS constant - Wire product images, brand logos, and water log photos to MinIO via the new storage client - Migrate forgot-password to Neon Auth (remove Supabase /auth/v1/recover call) - Migrate send-scheduled cron to direct Postgres + Resend (remove Supabase Edge Function proxy) - Add logoUrl to email types (OrderReceipt, Welcome, PasswordReset) and pass brand_settings.logo_url from all call sites - Update email templates to use dynamic logoUrl instead of hardcoded Supabase bucket URLs - Remove hardcoded Supabase URLs from TuxedoVideoHero, TuxedoAboutPage, TimeTrackingFieldClient; use brand_settings props + local public/ fallback - Download brand logos (3) and tuxedo-hero.mp4 (36MB) from Supabase bucket to public/ for local development - Add MinIO env vars to .env.example (endpoint, access key, secret, buckets) - Fix TimeTrackingFieldClient to destructure logoUrl and brandAccent props - Fix admin/users.ts logoUrl type (null → undefined for optional string) - Remove stale sb- cookie from wholesale-auth - Migrate tuxedo/about page to remove supabase import and use pool query for wholesale_settings lookup
61 lines
1.8 KiB
TypeScript
61 lines
1.8 KiB
TypeScript
"use server";
|
|
|
|
import "server-only";
|
|
import { getSession } from "@/lib/auth";
|
|
import { setUserPassword } from "@/lib/auth";
|
|
import { getAdminUser } from "@/lib/admin-permissions";
|
|
|
|
const MIN_PASSWORD_LENGTH = 8;
|
|
|
|
/**
|
|
* Change a user's password. Requires admin privileges.
|
|
*
|
|
* Use this for admin-initiated password resets. For self-service
|
|
* password changes, users should use the forgot password flow.
|
|
*/
|
|
export async function updatePasswordAction(
|
|
userId: string,
|
|
newPassword: string
|
|
): Promise<{ success: boolean; error?: string }> {
|
|
// Verify the caller is an admin
|
|
const adminUser = await getAdminUser();
|
|
if (!adminUser) {
|
|
return { success: false, error: "Not authenticated. Please log in again." };
|
|
}
|
|
|
|
if (adminUser.role !== "platform_admin") {
|
|
return { success: false, error: "Only platform admins can change passwords." };
|
|
}
|
|
|
|
// Validate password
|
|
if (!newPassword || newPassword.length < MIN_PASSWORD_LENGTH) {
|
|
return { success: false, error: `Password must be at least ${MIN_PASSWORD_LENGTH} characters.` };
|
|
}
|
|
|
|
try {
|
|
const result = await setUserPassword({
|
|
userId,
|
|
newPassword,
|
|
});
|
|
|
|
if (result.error) {
|
|
console.error("[updatePassword] Failed:", result.error);
|
|
return { success: false, error: result.error.message ?? "Failed to update password." };
|
|
}
|
|
|
|
console.log("[updatePassword] Password updated for user:", userId);
|
|
return { success: true };
|
|
} catch (err) {
|
|
console.error("[updatePassword] Unexpected error:", err);
|
|
return { success: false, error: "An unexpected error occurred." };
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Get the current session user ID. Used by the change-password UI.
|
|
*/
|
|
export async function getCurrentUserId(): Promise<string | null> {
|
|
const { data: session } = await getSession();
|
|
return session?.user?.id ?? null;
|
|
}
|