Fix file sharing load speed and move error; misc updates

- Remove recursive directory size calculations (single Seafile API call per list)
- Remove 'Used in this location' usage display
- Fix move using v2 per-type endpoints instead of broken batch endpoint
- Send entry type from frontend for correct move routing

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

supabase/functions/create-user/index.ts

@@ -1,5 +1,4 @@
 // deno-lint-ignore-file
-import { serve } from 'https://deno.land/std@0.168.0/http/server.ts'
 import { createClient } from 'https://esm.sh/@supabase/supabase-js@2'
 
 const corsHeaders = {
@@ -7,17 +6,18 @@ const corsHeaders = {
   'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type',
 }
 
-const ok = (body: Record<string, unknown>) => new Response(JSON.stringify(body), {
-  status: 200,
-  headers: { ...corsHeaders, 'Content-Type': 'application/json' },
-})
+const json = (body: Record<string, unknown>, status: number) =>
+  new Response(JSON.stringify(body), {
+    status,
+    headers: { ...corsHeaders, 'Content-Type': 'application/json' },
+  })
 
-serve(async (req) => {
+Deno.serve(async (req) => {
   if (req.method === 'OPTIONS') return new Response('ok', { headers: corsHeaders })
 
   try {
     const authHeader = req.headers.get('Authorization') ?? ''
-    if (!authHeader) return ok({ error: 'No authorization header' })
+    if (!authHeader) return json({ error: 'No authorization header' }, 401)
 
     const callerClient = createClient(
       Deno.env.get('SUPABASE_URL') ?? '',
@@ -26,16 +26,19 @@ serve(async (req) => {
     )
 
     const { data: userData, error: userError } = await callerClient.auth.getUser()
-    if (userError || !userData?.user) return ok({ error: `Auth failed: ${userError?.message ?? 'no user'}` })
+    if (userError || !userData?.user) return json({ error: `Auth failed: ${userError?.message ?? 'no user'}` }, 401)
 
     const { data: profile, error: profileError } = await callerClient
       .from('profiles').select('role').eq('id', userData.user.id).single()
-    if (profileError) return ok({ error: `Profile error: ${profileError.message}` })
-    if (profile?.role !== 'team') return ok({ error: 'Forbidden: team only' })
+    if (profileError) return json({ error: `Profile error: ${profileError.message}` }, 500)
+    if (profile?.role !== 'team') return json({ error: 'Forbidden: team only' }, 403)
 
     const body = await req.json()
-    const { name, email, password, company_id } = body
-    if (!name || !email || !password) return ok({ error: 'name, email and password are required' })
+    const { name, email, password, company_id, role: roleParam } = body
+    if (!name || !email || !password) return json({ error: 'name, email and password are required' }, 400)
+
+    const validRoles = ['team', 'client', 'external']
+    const role = validRoles.includes(roleParam) ? roleParam : 'client'
 
     const admin = createClient(
       Deno.env.get('SUPABASE_URL') ?? '',
@@ -46,20 +49,47 @@ serve(async (req) => {
       email,
       password,
       email_confirm: true,
-      user_metadata: { name, role: 'client' },
+      user_metadata: { name, role },
     })
 
-    if (createError) return ok({ error: `Create user failed: ${createError.message}` })
+    if (createError) return json({ error: `Create user failed: ${createError.message}` }, 500)
+
+    if (role === 'client' && company_id && created?.user) {
+      const { error: profileUpsertError } = await admin
+        .from('profiles')
+        .upsert({
+          id: created.user.id,
+          name,
+          email,
+          role,
+          company_id,
+        }, { onConflict: 'id' })
+      if (profileUpsertError) return json({ error: `User created but profile setup failed: ${profileUpsertError.message}` }, 500)
 
-    if (company_id && created?.user) {
       const { error: assignError } = await admin
         .from('profiles').update({ company_id }).eq('id', created.user.id)
-      if (assignError) return ok({ error: `User created but company assign failed: ${assignError.message}` })
+      if (assignError) return json({ error: `User created but company assign failed: ${assignError.message}` }, 500)
+
+      const { error: membershipError } = await admin
+        .from('company_members')
+        .upsert({ company_id, profile_id: created.user.id }, { onConflict: 'company_id,profile_id' })
+      if (membershipError) return json({ error: `User created but company membership failed: ${membershipError.message}` }, 500)
+    } else if (role === 'external' && created?.user) {
+      const { error: profileUpsertError } = await admin
+        .from('profiles')
+        .upsert({
+          id: created.user.id,
+          name,
+          email,
+          role,
+          company_id: null,
+        }, { onConflict: 'id' })
+      if (profileUpsertError) return json({ error: `User created but profile setup failed: ${profileUpsertError.message}` }, 500)
     }
 
-    return ok({ success: true })
+    return json({ success: true }, 200)
 
   } catch (err) {
-    return ok({ error: `Unexpected: ${String(err)}` })
+    return json({ error: `Unexpected: ${String(err)}` }, 500)
   }
 })