0ac4beaaa8
- Add requireAuth() to admin-permissions.ts as recognized auth call - Convert getAdminUser() → requireAuth() across 73 admin action files - Add getSession() to public/wholesale server actions - Fix multi-line return type corruption from earlier auto-fixers - Move FedEx token cache to non-'use server' module - Object.freeze module-level constants: PRICE_KEYS, EMPTY_MOBILE_DASHBOARD, EMPTY_PAY_PERIOD, LOCALE_CART_SUBJECT, WELCOME_EMAILS - Update Stripe API version 2026-05-27 → 2026-06-24 - Fix wholesale employee portal: getEmployeeSessionAction + EmployeePortalClient - Fix 51 TypeScript errors (return type corruption, missing imports)
21 lines
841 B
SQL
21 lines
841 B
SQL
-- 0002_admin_password.sql
|
|
--
|
|
-- Adds a `password_hash` column to `users` so the Auth.js Credentials
|
|
-- provider can verify email + password against the database.
|
|
--
|
|
-- Idempotent: uses `ADD COLUMN IF NOT EXISTS`. The column is nullable
|
|
-- because OAuth-only users (Google) never set a password.
|
|
--
|
|
-- The Credentials provider's `authorize` function is documented in
|
|
-- `src/lib/auth.ts` — it queries this column and runs `verifyPassword`
|
|
-- (see `src/lib/passwords.ts`) before returning the user.
|
|
|
|
-- Transaction is managed by the migrate runner (scripts/migrate.js).
|
|
-- File kept small and re-runnable via IF NOT EXISTS on the ALTER.
|
|
|
|
ALTER TABLE users
|
|
ADD COLUMN IF NOT EXISTS password_hash TEXT;
|
|
|
|
-- Update the updated_at trigger tracking — no new triggers needed since
|
|
-- `users` already has `set_updated_at` from migration 0001.
|