Platform admin invita usuarios de empresa desde /admin/usuarios. inviteUserByEmail + insert inmediato en user_roles (org_admin). Rollback explícito si falla el insert. /auth/confirm maneja el link de invitación con PASSWORD_RECOVERY event. Middleware no requirió cambios — /auth/confirm ya queda fuera del matcher de rutas protegidas. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
25 lines
1.2 KiB
TypeScript
25 lines
1.2 KiB
TypeScript
import { createClient as createSupabaseClient } from '@supabase/supabase-js'
|
|
|
|
// Browser-side client using the anon key (public, respects RLS)
|
|
// NEVER put SUPABASE_SERVICE_ROLE_KEY in a NEXT_PUBLIC_ variable or in this file.
|
|
export function createClient() {
|
|
// Placeholders keep the module loadable at build time (static analysis, standalone output).
|
|
// The real values must be set at runtime via .env.local / Dokploy env vars.
|
|
// force-dynamic on page.tsx guarantees this function is never *called* at build time.
|
|
const url = process.env.NEXT_PUBLIC_SUPABASE_URL ?? 'https://placeholder.supabase.co'
|
|
const anonKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY ?? 'placeholder'
|
|
|
|
return createSupabaseClient(url, anonKey)
|
|
}
|
|
|
|
// service_role — bypasa RLS por completo (regla 9 CLAUDE.md). Solo se importa
|
|
// desde Server Components / Server Actions ('use server'), nunca desde código
|
|
// que se bundlea al cliente. No exportar este cliente ni su resultado hacia props
|
|
// de un Client Component.
|
|
export function getSupabaseAdmin() {
|
|
const url = process.env.NEXT_PUBLIC_SUPABASE_URL ?? 'https://placeholder.supabase.co'
|
|
const serviceKey = process.env.SUPABASE_SERVICE_ROLE_KEY ?? 'placeholder'
|
|
|
|
return createSupabaseClient(url, serviceKey)
|
|
}
|