Protege /admin/* con Supabase Auth. Tabla user_roles con custom claims (app_role, org_id) en JWT. Middleware Next.js redirige a /login sin sesión. Página /login con email/password. /admin/responses migrado de service_role a sesión de usuario autenticado. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
65 lines
1.6 KiB
SQL
65 lines
1.6 KiB
SQL
-- ============================================================
|
|
-- Script: crear primer usuario platform_admin
|
|
--
|
|
-- USO:
|
|
-- docker exec -i supabase-db psql -U postgres -d postgres \
|
|
-- -v email='admin@ejemplo.com' -v password='CAMBIAR' \
|
|
-- < scripts/setup_first_admin.sql
|
|
--
|
|
-- CAMBIAR CONTRASEÑA LUEGO DEL PRIMER LOGIN:
|
|
-- El usuario puede cambiarla desde la app (si se implementa esa UI)
|
|
-- o el director puede actualizarla con:
|
|
-- UPDATE auth.users
|
|
-- SET encrypted_password = extensions.crypt('NuevaContraseña', extensions.gen_salt('bf'))
|
|
-- WHERE email = 'admin@ejemplo.com';
|
|
-- ============================================================
|
|
|
|
DO $$
|
|
DECLARE
|
|
v_user_id uuid;
|
|
v_inq_org uuid := '10000000-0000-0000-0000-000000000002';
|
|
BEGIN
|
|
|
|
-- Insertar usuario en auth.users
|
|
INSERT INTO auth.users (
|
|
id,
|
|
instance_id,
|
|
aud,
|
|
role,
|
|
email,
|
|
encrypted_password,
|
|
email_confirmed_at,
|
|
created_at,
|
|
updated_at,
|
|
raw_app_meta_data,
|
|
raw_user_meta_data,
|
|
confirmation_token,
|
|
recovery_token,
|
|
is_super_admin
|
|
) VALUES (
|
|
gen_random_uuid(),
|
|
'00000000-0000-0000-0000-000000000000',
|
|
'authenticated',
|
|
'authenticated',
|
|
:'email',
|
|
extensions.crypt(:'password', extensions.gen_salt('bf')),
|
|
now(),
|
|
now(),
|
|
now(),
|
|
'{"provider":"email","providers":["email"]}',
|
|
'{}',
|
|
'',
|
|
'',
|
|
false
|
|
)
|
|
RETURNING id INTO v_user_id;
|
|
|
|
-- Asignar rol platform_admin vinculado a InQuality
|
|
INSERT INTO public.user_roles (user_id, app_role, org_id)
|
|
VALUES (v_user_id, 'platform_admin', v_inq_org);
|
|
|
|
RAISE NOTICE 'Usuario creado: % (id=%)', :'email', v_user_id;
|
|
|
|
END;
|
|
$$;
|