wp-login: use service_role admin client for createUser; /login redirects to /client-login
- Add src/lib/supabase/admin.ts: server-only Supabase client constructed with SUPABASE_SERVICE_ROLE_KEY. Uses persistSession=false. Throws if the env var is missing. - src/app/api/auth/wp-login/route.ts: switch the auth.admin.createUser call (step 5, transparent migration on first login) to use the new admin client. The anon-key client cannot call admin.createUser, which would have made first-login attempts for legacy WP users fail at step 5 with a permission error. - src/app/login/page.tsx: replaced the old WP-style login form with a server-side redirect to /client-login so the new client-login is the canonical PR-firm/contributor entry point. Existing bookmarks for /login keep working. Coolify app env: SUPABASE_SERVICE_ROLE_KEY added (set out-of-band; not NEXT_PUBLIC_-prefixed so it never ships to the client bundle).
This commit is contained in:
@@ -1,5 +1,6 @@
|
||||
import { NextRequest, NextResponse } from 'next/server';
|
||||
import { createClient } from '@/lib/supabase/server';
|
||||
import { createAdminClient } from '@/lib/supabase/admin';
|
||||
import { validatePhpassPassword } from '@/lib/auth/phpass';
|
||||
|
||||
export async function POST(request: NextRequest) {
|
||||
@@ -54,8 +55,10 @@ export async function POST(request: NextRequest) {
|
||||
}
|
||||
}
|
||||
|
||||
// 5. Create a new Supabase auth account for this legacy user (transparent migration)
|
||||
const { data: signUpData, error: signUpError } = await supabase.auth.admin.createUser({
|
||||
// 5. Create a new Supabase auth account for this legacy user (transparent migration).
|
||||
// admin.createUser requires the service_role key — use the admin client.
|
||||
const admin = createAdminClient();
|
||||
const { data: signUpData, error: signUpError } = await admin.auth.admin.createUser({
|
||||
email: email.toLowerCase().trim(),
|
||||
password,
|
||||
email_confirm: true,
|
||||
|
||||
Reference in New Issue
Block a user