feat(auth): Supabase Auth email/password + middleware + login [auth]
Protege /admin/* con Supabase Auth. Tabla user_roles con custom claims (app_role, org_id) en JWT. Middleware Next.js redirige a /login sin sesión. Página /login con email/password. /admin/responses migrado de service_role a sesión de usuario autenticado. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
64
scripts/setup_first_admin.sql
Normal file
64
scripts/setup_first_admin.sql
Normal file
@@ -0,0 +1,64 @@
|
||||
-- ============================================================
|
||||
-- Script: crear primer usuario platform_admin
|
||||
--
|
||||
-- USO:
|
||||
-- docker exec -i supabase-db psql -U postgres -d postgres \
|
||||
-- -v email='admin@ejemplo.com' -v password='CAMBIAR' \
|
||||
-- < scripts/setup_first_admin.sql
|
||||
--
|
||||
-- CAMBIAR CONTRASEÑA LUEGO DEL PRIMER LOGIN:
|
||||
-- El usuario puede cambiarla desde la app (si se implementa esa UI)
|
||||
-- o el director puede actualizarla con:
|
||||
-- UPDATE auth.users
|
||||
-- SET encrypted_password = extensions.crypt('NuevaContraseña', extensions.gen_salt('bf'))
|
||||
-- WHERE email = 'admin@ejemplo.com';
|
||||
-- ============================================================
|
||||
|
||||
DO $$
|
||||
DECLARE
|
||||
v_user_id uuid;
|
||||
v_inq_org uuid := '10000000-0000-0000-0000-000000000002';
|
||||
BEGIN
|
||||
|
||||
-- Insertar usuario en auth.users
|
||||
INSERT INTO auth.users (
|
||||
id,
|
||||
instance_id,
|
||||
aud,
|
||||
role,
|
||||
email,
|
||||
encrypted_password,
|
||||
email_confirmed_at,
|
||||
created_at,
|
||||
updated_at,
|
||||
raw_app_meta_data,
|
||||
raw_user_meta_data,
|
||||
confirmation_token,
|
||||
recovery_token,
|
||||
is_super_admin
|
||||
) VALUES (
|
||||
gen_random_uuid(),
|
||||
'00000000-0000-0000-0000-000000000000',
|
||||
'authenticated',
|
||||
'authenticated',
|
||||
:'email',
|
||||
extensions.crypt(:'password', extensions.gen_salt('bf')),
|
||||
now(),
|
||||
now(),
|
||||
now(),
|
||||
'{"provider":"email","providers":["email"]}',
|
||||
'{}',
|
||||
'',
|
||||
'',
|
||||
false
|
||||
)
|
||||
RETURNING id INTO v_user_id;
|
||||
|
||||
-- Asignar rol platform_admin vinculado a InQuality
|
||||
INSERT INTO public.user_roles (user_id, app_role, org_id)
|
||||
VALUES (v_user_id, 'platform_admin', v_inq_org);
|
||||
|
||||
RAISE NOTICE 'Usuario creado: % (id=%)', :'email', v_user_id;
|
||||
|
||||
END;
|
||||
$$;
|
||||
Reference in New Issue
Block a user