7cd0603cfb
BREAKING: dev_session cookie bypass removed. Admin access now requires a real Auth.js v5 session (Google OAuth in production). Provision users by inserting into users + tenant_users tables. New in this commit: - db/migrations/0001_init.sql: 18-table SaaS schema with RLS (tenants, users, tenant_users, plans, add_ons, subscriptions, tenant_add_ons, products, product_images, stops, customers, orders, order_items, brand_settings, email_templates, campaigns, files, audit_log) - db/schema/: Drizzle TypeScript mirror of every table - db/client.ts: withTenant() / withPlatformAdmin() query wrappers that set Postgres GUCs (app.current_tenant_id, app.platform_admin) for RLS enforcement. Never query a tenant-scoped table without one. - db/seed.ts: seeds 3 plans, 6 add-ons, 2 tenants (Tuxedo, Indian River Direct), brand_settings, sample products/stops/customers - scripts/migrate.js: applies migrations in lexical order with tracking - scripts/db-reset.js: drops + recreates DB, runs migrate + seed - DATABASE_URL now uses rc_app (non-superuser, NOBYPASSRLS). RLS is enforced even for the app user. DATABASE_ADMIN_URL for migrations. - src/lib/admin-permissions.ts: getAdminUser() reads Auth.js session, looks up user + tenant in Postgres. brand_id kept as alias for backward compat. - src/middleware.ts: Auth.js-only route protection, dev_session gone - src/app/login/LoginClient.tsx: Google OAuth only, no demo mode - src/components/admin/AdminSidebar.tsx + AdminHeader.tsx: signOutAction replaces supabase signout - @/db/* path aliases in tsconfig.json + vitest.config.ts - drizzle.config.ts added - db/auth_schema.sql removed (was a stub; replaced by real schema) - src/app/api/dev-login/route.ts deleted - tests: updated to remove dev_session coverage
45 lines
1.4 KiB
JavaScript
45 lines
1.4 KiB
JavaScript
#!/usr/bin/env node
|
|
/**
|
|
* DESTRUCTIVE: drops and recreates the `route_commerce` database, then
|
|
* applies all migrations and seeds.
|
|
*
|
|
* Usage:
|
|
* npm run db:reset
|
|
*
|
|
* Use only in dev. Requires sudo-less access to a postgres superuser.
|
|
*/
|
|
require("dotenv").config({ path: ".env.local" });
|
|
const { execSync } = require("node:child_process");
|
|
const url = process.env.DATABASE_URL;
|
|
if (!url) {
|
|
console.error("❌ DATABASE_URL is not set");
|
|
process.exit(1);
|
|
}
|
|
|
|
const m = url.match(/postgres(?:ql)?:\/\/([^:]+):[^@]+@([^:]+):(\d+)\/(.+)/);
|
|
if (!m) {
|
|
console.error("❌ Could not parse DATABASE_URL");
|
|
process.exit(1);
|
|
}
|
|
const [, user, host, port, db] = m;
|
|
const adminUrl = url.replace(/\/[^/]+$/, "/postgres");
|
|
|
|
console.log(`⚠️ DROPPING and recreating ${db} on ${host}:${port} as ${user}`);
|
|
try {
|
|
execSync(
|
|
`psql "${adminUrl}" -c "DROP DATABASE IF EXISTS ${db};" -c "CREATE DATABASE ${db} OWNER ${user};"`,
|
|
{ stdio: "inherit" },
|
|
);
|
|
console.log("✓ Database recreated");
|
|
} catch (err) {
|
|
console.error("❌ Failed to drop/create database. Try with sudo:");
|
|
console.error(
|
|
` sudo -u postgres psql -c "DROP DATABASE IF EXISTS ${db};" -c "CREATE DATABASE ${db} OWNER ${user};"`,
|
|
);
|
|
process.exit(1);
|
|
}
|
|
|
|
execSync("npm run db:migrate", { stdio: "inherit" });
|
|
execSync("npm run db:seed", { stdio: "inherit" });
|
|
console.log("✅ Database reset, migrated, and seeded");
|