M-Gabrielly
fb578b2a7a
- What was done: - Added a server-side Next.js route at `src/app/api/create-user/route.ts` that validates the requester token, checks roles, generates a temporary password and forwards the creation to the Supabase Edge Function using the service role key. - Client wired to call the route via `lib/config.ts` (`FUNCTIONS_ENDPOINTS.CREATE_USER` -> `/api/create-user`) and the `criarUsuario()` wrapper in `lib/api.ts`. - Status / missing work: - Important: user creation is NOT working yet (requests to `/api/create-user` return 404 in dev). - Next steps: restart dev server, ensure `SUPABASE_SERVICE_ROLE_KEY` is set in the environment, check server logs and run a test POST with a valid admin JWT.
78 lines
2.2 KiB
TypeScript
78 lines
2.2 KiB
TypeScript
/**
|
|
* Configuração segura das variáveis de ambiente
|
|
* Valida se URL e API Key pertencem ao mesmo projeto Supabase
|
|
*/
|
|
|
|
const SUPABASE_URL = process.env.NEXT_PUBLIC_SUPABASE_URL || "https://yuanqfswhberkoevtmfr.supabase.co";
|
|
const SUPABASE_ANON_KEY = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY || "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6Inl1YW5xZnN3aGJlcmtvZXZ0bWZyIiwicm9sZSI6ImFub24iLCJpYXQiOjE3NTQ5NTQzNjksImV4cCI6MjA3MDUzMDM2OX0.g8Fm4XAvtX46zifBZnYVH4tVuQkqUH6Ia9CXQj4DztQ";
|
|
|
|
/**
|
|
* Extrai o REF do projeto da URL da Supabase
|
|
*/
|
|
function extractProjectRef(url: string): string | null {
|
|
const match = url.match(/https:\/\/([^.]+)\.supabase\.co/);
|
|
return match ? match[1] : null;
|
|
}
|
|
|
|
/**
|
|
* Extrai o REF do projeto da API Key JWT
|
|
*/
|
|
function extractProjectRefFromKey(apiKey: string): string | null {
|
|
try {
|
|
const payload = JSON.parse(atob(apiKey.split('.')[1]));
|
|
return payload.ref || null;
|
|
} catch {
|
|
return null;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Valida se URL e API Key pertencem ao mesmo projeto
|
|
*/
|
|
function validateProjectConsistency(): boolean {
|
|
const urlRef = extractProjectRef(SUPABASE_URL);
|
|
const keyRef = extractProjectRefFromKey(SUPABASE_ANON_KEY);
|
|
|
|
if (!urlRef || !keyRef) {
|
|
console.warn('[ENV] Não foi possível extrair REF do projeto');
|
|
return false;
|
|
}
|
|
|
|
if (urlRef !== keyRef) {
|
|
console.error('[ENV] ERRO: URL e API Key são de projetos diferentes!', {
|
|
urlRef,
|
|
keyRef
|
|
});
|
|
return false;
|
|
}
|
|
|
|
console.log('[ENV] Projeto validado:', urlRef);
|
|
return true;
|
|
}
|
|
|
|
// Validar na inicialização
|
|
if (typeof window === 'undefined') {
|
|
// Server-side
|
|
validateProjectConsistency();
|
|
} else {
|
|
// Client-side
|
|
setTimeout(() => validateProjectConsistency(), 100);
|
|
}
|
|
|
|
export const ENV_CONFIG = {
|
|
SUPABASE_URL,
|
|
SUPABASE_ANON_KEY,
|
|
PROJECT_REF: extractProjectRef(SUPABASE_URL),
|
|
|
|
// Observação: endpoints de autenticação (admin) foram removidos do bundle cliente.
|
|
// Operações administrativas e privilégios devem ser executados no servidor.
|
|
|
|
// Headers padrão
|
|
DEFAULT_HEADERS: {
|
|
"Content-Type": "application/json",
|
|
"apikey": SUPABASE_ANON_KEY,
|
|
},
|
|
|
|
// Validação
|
|
isValid: validateProjectConsistency(),
|
|
} as const; |