krao/fourge-portal
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Add team-only user creation, remove public signup

Browse Source 
- Add + New User form on Companies page (name, email, password, company)
- Create-user Supabase edge function with role verification
- Remove public signup route and login page link

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Krao Hasanee
2026-03-30 09:27:19 -04:00
parent 5519c1f54b
commit 906a0041a4
3 changed files with 66 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/App.jsx
-4
View File
@@ -3,8 +3,6 @@ import { AuthProvider } from './context/AuthContext';
import ProtectedRoute from './components/ProtectedRoute';
import Login from './pages/Login';
import Signup from './pages/Signup';
import SignupConfirmation from './pages/SignupConfirmation';
import Dashboard from './pages/team/Dashboard';
import Companies from './pages/team/Companies';
@@ -32,8 +30,6 @@ export default function App() {
<BrowserRouter>
<Routes>
<Route path="/" element={<Login />} />
<Route path="/signup" element={<Signup />} />
<Route path="/signup-confirmation" element={<SignupConfirmation />} />
<Route path="/dashboard" element={<ProtectedRoute role="team"><Dashboard /></ProtectedRoute>} />
<Route path="/companies" element={<ProtectedRoute role="team"><Companies /></ProtectedRoute>} />
src/pages/Login.jsx
+1 -2
View File
@@ -67,8 +67,7 @@ export default function Login() {
</form>
<p style={{ textAlign: 'center', marginTop: 20, fontSize: 13, color: '#a8a8a8' }}>
New client?{' '}
<Link to="/signup" style={{ color: 'var(--accent)' }}>Create an account</Link>
Contact Fourge Branding to get access.
</p>
</div>
</div>
supabase/functions/create-user/index.ts
+65
View File
@@ -0,0 +1,65 @@
// deno-lint-ignore-file
import { serve } from 'https://deno.land/std@0.168.0/http/server.ts'
import { createClient } from 'https://esm.sh/@supabase/supabase-js@2'
const corsHeaders = {
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type',
}
const ok = (body: Record<string, unknown>) => new Response(JSON.stringify(body), {
status: 200,
headers: { ...corsHeaders, 'Content-Type': 'application/json' },
})
serve(async (req) => {
if (req.method === 'OPTIONS') return new Response('ok', { headers: corsHeaders })
try {
const authHeader = req.headers.get('Authorization') ?? ''
if (!authHeader) return ok({ error: 'No authorization header' })
const callerClient = createClient(
Deno.env.get('SUPABASE_URL') ?? '',
Deno.env.get('SUPABASE_ANON_KEY') ?? '',
{ global: { headers: { Authorization: authHeader } } }
)
const { data: userData, error: userError } = await callerClient.auth.getUser()
if (userError || !userData?.user) return ok({ error: `Auth failed: ${userError?.message ?? 'no user'}` })
const { data: profile, error: profileError } = await callerClient
.from('profiles').select('role').eq('id', userData.user.id).single()
if (profileError) return ok({ error: `Profile error: ${profileError.message}` })
if (profile?.role !== 'team') return ok({ error: 'Forbidden: team only' })
const body = await req.json()
const { name, email, password, company_id } = body
if (!name || !email || !password) return ok({ error: 'name, email and password are required' })
const admin = createClient(
Deno.env.get('SUPABASE_URL') ?? '',
Deno.env.get('SUPABASE_SERVICE_ROLE_KEY') ?? ''
)
const { data: created, error: createError } = await admin.auth.admin.createUser({
email,
password,
email_confirm: true,
user_metadata: { name, role: 'client' },
})
if (createError) return ok({ error: `Create user failed: ${createError.message}` })
if (company_id && created?.user) {
const { error: assignError } = await admin
.from('profiles').update({ company_id }).eq('id', created.user.id)
if (assignError) return ok({ error: `User created but company assign failed: ${assignError.message}` })
}
return ok({ success: true })
} catch (err) {
return ok({ error: `Unexpected: ${String(err)}` })
}
})