Files
route-commerce/supabase/migrations/.archived/044_square_sync_log.sql
T
openclaw 916ad39176
Deploy to route.crispygoat.com / deploy (push) Failing after 3m1s
feat(storage): MinIO object storage, Neon Auth, Supabase removal
- Add MinIO/S3-compatible storage client (src/lib/storage.ts) with uploadObject,
  deleteObject, presigned URL helpers, and BUCKETS constant
- Wire product images, brand logos, and water log photos to MinIO via the
  new storage client
- Migrate forgot-password to Neon Auth (remove Supabase /auth/v1/recover call)
- Migrate send-scheduled cron to direct Postgres + Resend (remove Supabase Edge
  Function proxy)
- Add logoUrl to email types (OrderReceipt, Welcome, PasswordReset) and pass
  brand_settings.logo_url from all call sites
- Update email templates to use dynamic logoUrl instead of hardcoded Supabase
  bucket URLs
- Remove hardcoded Supabase URLs from TuxedoVideoHero, TuxedoAboutPage,
  TimeTrackingFieldClient; use brand_settings props + local public/ fallback
- Download brand logos (3) and tuxedo-hero.mp4 (36MB) from Supabase bucket to
  public/ for local development
- Add MinIO env vars to .env.example (endpoint, access key, secret, buckets)
- Fix TimeTrackingFieldClient to destructure logoUrl and brandAccent props
- Fix admin/users.ts logoUrl type (null → undefined for optional string)
- Remove stale sb- cookie from wholesale-auth
- Migrate tuxedo/about page to remove supabase import and use pool query for
  wholesale_settings lookup
2026-06-09 12:23:37 -06:00

64 lines
2.3 KiB
PL/PgSQL

-- Migration 044: Square Sync Log
-- Append-only log of all Square sync events
CREATE TABLE IF NOT EXISTS public.square_sync_log (
id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
brand_id UUID NOT NULL REFERENCES brands(id) ON DELETE CASCADE,
event_type TEXT NOT NULL,
-- 'oauth_connected' | 'oauth_disconnected' | 'product_synced' | 'order_synced' | 'inventory_synced' | 'error'
direction TEXT,
-- 'rc_to_square' | 'square_to_rc'
entity_type TEXT,
-- 'product' | 'order' | 'inventory'
entity_id UUID,
status TEXT NOT NULL,
-- 'success' | 'error' | 'partial'
message TEXT,
details JSONB NOT NULL DEFAULT '{}',
created_at TIMESTAMPTZ NOT NULL DEFAULT now()
);
CREATE INDEX IF NOT EXISTS idx_square_sync_log_brand_created
ON square_sync_log(brand_id, created_at DESC);
CREATE INDEX IF NOT EXISTS idx_square_sync_log_event_type
ON square_sync_log(event_type, created_at DESC);
-- SECURITY DEFINER function to record sync log entries
-- Bypasses RLS since operational events use the same pattern
CREATE OR REPLACE FUNCTION public.record_square_sync_event(
p_brand_id UUID,
p_event_type TEXT,
p_direction TEXT,
p_entity_type TEXT,
p_entity_id UUID,
p_status TEXT,
p_message TEXT,
p_details JSONB DEFAULT '{}'::JSONB
)
RETURNS void
LANGUAGE plpgsql SECURITY DEFINER SET search_path = public
AS $$
BEGIN
INSERT INTO square_sync_log (
brand_id, event_type, direction, entity_type, entity_id, status, message, details
) VALUES (
p_brand_id, p_event_type, p_direction, p_entity_type, p_entity_id, p_status, p_message, p_details
);
END;
$$;
-- RLS: brands can read their own sync logs; platform_admin can read all
ALTER TABLE square_sync_log ENABLE ROW LEVEL SECURITY;
CREATE POLICY "brand_admin_read_own_sync_log" ON square_sync_log
FOR SELECT USING (
(current_setting('app.settings.role', true)::TEXT = 'brand_admin' AND brand_id = current_setting('app.settings.brand_id', true)::UUID)
OR current_setting('app.settings.role', true)::TEXT = 'platform_admin'
);
CREATE POLICY "service_insert_sync_log" ON square_sync_log
FOR INSERT WITH CHECK (true); -- service role bypasses RLS via SECURITY DEFINER
NOTIFY pgrst, 'reload schema';