feat(auth): roles and admin dashboard protection#37
Conversation
martin0024
left a comment
martin0024
left a comment
There was a problem hiding this comment.
other than that LGTM, good work guys, thanks!
…tion check (middleware handles it)
RenaudBernier
left a comment
RenaudBernier
left a comment
There was a problem hiding this comment.
lgtm, do my requested edit if you have time
…ddleware for role validation
| redirect( | ||
| `/login?message=${encodeURIComponent("Check your email to confirm your account.")}` | ||
| ); | ||
| redirect("/login?message=Check+your+email+to+confirm+your+account."); |
There was a problem hiding this comment.
Should we make a enum file for strings like this? something like constants.js, and maybe we would put it in a constants folder maybe in lib/
There was a problem hiding this comment.
For now, we don't have that much strings, let's try to not over complicate the project for nothing. Later on, if we do have a lot of strings we could yes. Usually having a lib for strings is useful when you have locales translation in multiple languages.
| ? "Sign in to your account" | ||
| : "Fill in your details to get started"} |
There was a problem hiding this comment.
same as above, maybe in a constants file?
There was a problem hiding this comment.
Same comment. See previous
Closes #7
Summary
userRoleEnum(admin,coach,user) and fullprofilesschema (first_name, last_name, role, avatar_url, stripe_customer_id, updated_at)user_metadatato Supabase/dashboard/*— non-admins are redirected to/Supabase setup required
Two triggers must be added via SQL Editor (see issue comments):
on_auth_user_created— creates aprofilesrow with name + default role on signupon_profile_role_updated— syncsprofiles.role→app_metadata.rolein the JWT whenever role changesTest plan
role = user/dashboardredirects to/adminin Supabase → sign out and back in →/dashboardis accessibleprofiles.role→app_metadataupdates automatically (verify in Supabase auth users table)