Files
route-commerce/package.json
T
tyler 7cd0603cfb feat: remove dev_session, add Drizzle schema + RLS + real auth
BREAKING: dev_session cookie bypass removed. Admin access now requires
a real Auth.js v5 session (Google OAuth in production). Provision users
by inserting into users + tenant_users tables.

New in this commit:
- db/migrations/0001_init.sql: 18-table SaaS schema with RLS (tenants,
  users, tenant_users, plans, add_ons, subscriptions, tenant_add_ons,
  products, product_images, stops, customers, orders, order_items,
  brand_settings, email_templates, campaigns, files, audit_log)
- db/schema/: Drizzle TypeScript mirror of every table
- db/client.ts: withTenant() / withPlatformAdmin() query wrappers that
  set Postgres GUCs (app.current_tenant_id, app.platform_admin) for
  RLS enforcement. Never query a tenant-scoped table without one.
- db/seed.ts: seeds 3 plans, 6 add-ons, 2 tenants (Tuxedo, Indian River
  Direct), brand_settings, sample products/stops/customers
- scripts/migrate.js: applies migrations in lexical order with tracking
- scripts/db-reset.js: drops + recreates DB, runs migrate + seed
- DATABASE_URL now uses rc_app (non-superuser, NOBYPASSRLS). RLS is
  enforced even for the app user. DATABASE_ADMIN_URL for migrations.
- src/lib/admin-permissions.ts: getAdminUser() reads Auth.js session,
  looks up user + tenant in Postgres. brand_id kept as alias for
  backward compat.
- src/middleware.ts: Auth.js-only route protection, dev_session gone
- src/app/login/LoginClient.tsx: Google OAuth only, no demo mode
- src/components/admin/AdminSidebar.tsx + AdminHeader.tsx: signOutAction
  replaces supabase signout
- @/db/* path aliases in tsconfig.json + vitest.config.ts
- drizzle.config.ts added
- db/auth_schema.sql removed (was a stub; replaced by real schema)
- src/app/api/dev-login/route.ts deleted
- tests: updated to remove dev_session coverage
2026-06-07 01:23:44 +00:00

82 lines
2.3 KiB
JSON

{
"name": "route-commerce-platform",
"version": "1.0.0",
"private": true,
"scripts": {
"dev": "node fix-agents.js && next dev --webpack -H 0.0.0.0",
"build": "next build --webpack",
"start": "next start",
"lint": "eslint",
"lint:fix": "eslint --fix",
"migrate": "node scripts/migrate.js",
"migrate:one": "node scripts/migrate.js",
"db:migrate": "node scripts/migrate.js",
"db:seed": "tsx db/seed.ts",
"db:reset": "node scripts/db-reset.js",
"db:studio": "drizzle-kit studio",
"type-check": "npx tsc --noEmit",
"test": "vitest run",
"test:watch": "vitest",
"test:ui": "vitest --ui",
"test:e2e": "playwright test --project=local",
"test:e2e:prod": "PLAYWRIGHT_PROD=1 playwright test",
"format": "prettier --write \"src/**/*.{ts,tsx}\""
},
"dependencies": {
"@anthropic-ai/sdk": "^0.96.0",
"@google/generative-ai": "^0.24.1",
"@gsap/react": "^2.1.2",
"@sentry/nextjs": "^10.55.0",
"@supabase/ssr": "^0.10.2",
"@supabase/supabase-js": "^2.105.3",
"@upstash/ratelimit": "^2.0.8",
"@upstash/redis": "^1.38.0",
"drizzle-orm": "^0.36.4",
"exceljs": "^4.4.0",
"framer-motion": "^12.40.0",
"gsap": "^3.15.0",
"lucide-react": "^1.17.0",
"next": "^16.2.6",
"next-auth": "^5.0.0-beta.31",
"next-themes": "^0.4.6",
"openai": "^6.37.0",
"papaparse": "^5.5.3",
"pdf-lib": "^1.17.1",
"posthog-js": "^1.378.1",
"posthog-node": "^5.35.11",
"qrcode": "^1.5.4",
"react": "19.2.4",
"react-dom": "19.2.4",
"server-only": "^0.0.1",
"square": "^44.0.1",
"stripe": "^22.1.1",
"uuid": "^11.1.1",
"zod": "^4.4.3"
},
"devDependencies": {
"@playwright/test": "^1.60.0",
"@tailwindcss/postcss": "^4",
"@types/node": "^20",
"@types/papaparse": "^5.5.2",
"@types/pg": "^8.20.0",
"@types/qrcode": "^1.5.6",
"@types/react": "^19",
"@types/react-dom": "^19",
"@types/uuid": "^11.0.0",
"@vitejs/plugin-react": "^4.7.0",
"dotenv": "^17.4.2",
"drizzle-kit": "^0.30.6",
"eslint": "^9",
"eslint-config-next": "16.2.5",
"jsdom": "^25.0.1",
"pg": "^8.20.0",
"playwright": "^1.59.1",
"tailwindcss": "^4",
"tsx": "^4.22.4",
"typescript": "^5",
"vite-tsconfig-paths": "^5.1.4",
"vitest": "^2.1.9"
},
"overrides": "{}"
}