- What was done:
- Added a server-side Next.js route at `src/app/api/create-user/route.ts` that validates the requester token, checks roles, generates a temporary password and forwards the creation to the Supabase Edge Function using the service role key.
- Client wired to call the route via `lib/config.ts` (`FUNCTIONS_ENDPOINTS.CREATE_USER` -> `/api/create-user`) and the `criarUsuario()` wrapper in `lib/api.ts`.
- Status / missing work:
- Important: user creation is NOT working yet (requests to `/api/create-user` return 404 in dev).
- Next steps: restart dev server, ensure `SUPABASE_SERVICE_ROLE_KEY` is set in the environment, check server logs and run a test POST with a valid admin JWT.
- Persist `roles` array in localStorage on login and session restore.
- Reconcile `userType` from roles returned by the `user-info` function.
- `ProtectedRoute` now accepts `requiredUserType?: UserType[]` and `requiredRoles?: string[]` and evaluates multi-role permission (OR semantics).
- Minor adjustments in `useAuth` and debug logs to ensure consistent `profile` and `roles` restoration.
- Main files changed: `hooks/useAuth.tsx`, `components/ProtectedRoute.tsx`, `types/auth.ts.
- Impact: prevents profile loss on reload
chore(assignment): add professional assignment form
- Impact: enables assigning professionals to patients via UI
