PR2: auth + real upload + DB schema + RLS#6
Open
Regantih wants to merge 6 commits into
Open
Conversation
Owner
Author
|
| This PR's content | Status in PR #7 |
|---|---|
Next.js scaffold (package.json, tsconfig.json, next.config.ts) |
✅ Included + @anthropic-ai/sdk@0.95.1 added |
lib/supabase/browser.ts, server.ts, types.ts |
✅ Included + types.ts updated with jobs table |
lib/storage.supabase.ts (SupabaseStorageClient) |
✅ Included + updated to import from lib/storage.ts |
| Auth UI pages (login, signup, callback) | ✅ Included unchanged |
middleware.ts |
✅ Included unchanged |
POST /api/upload, GET /api/usage |
✅ Included unchanged |
| 3 SQL migrations (init, RLS, storage) | ✅ Included + 4th migration added (jobs table) |
ENV.md, SETUP.md |
✅ Included |
PR #7 adds on top: real Anthropic LLM router, Supabase-backed jobs queue, ingest-link route, jobs worker, health endpoint.
Recommended action
This PR will be auto-closed when PR #7 merges to main. The merge order is: PR #8 (docs) first, then PR #7 (everything).
If you wish to close this PR now, use "Close pull request" below.
12 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
PR2: Auth + Real Upload + DB Schema + RLS
Implements the full auth layer, Supabase client wiring, database schema with RLS, real file upload, and usage guardrails. No fake data. All error states surface real causes.
What was created
1. Next.js scaffold
package.json@supabase/ssr+@supabase/supabase-js+ React 19 depstsconfig.jsontsconfig.lib.jsonlib/+api/compilation (PR#3 compatibility)next.config.ts.htmlfiles unaffected.env.exampleNEXT_PUBLIC_prefixes2. Supabase client wiring
lib/supabase/browser.tscreateBrowserClient— usesNEXT_PUBLIC_SUPABASE_URL+NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY. Throws with clear message if vars absent.lib/supabase/server.tsgetSupabaseServerClient()— cookie-based session client (respects RLS).getSupabaseAdminClient()— service-role client (bypasses RLS; server-only). Guarded byimport 'server-only'.lib/supabase/types.tssupabase gen types typescriptafter schema stabilises.3. Real
SupabaseStorageClientlib/storage.supabase.tsStorageClientimplementation:putFile(uploads todeal-uploadsbucket),getSignedUrl(time-limited signed URL),listDealFiles(newest-first). Standalone — inline types until PR#3 merges. UsesSUPABASE_SECRET_KEY.4. SQL migrations
supabase/migrations/20260510000001_init.sqlpgcryptoextension;profiles,deals,deal_files,deal_runs,cost_ledger,usage_counterstables;set_updated_attrigger ondealssupabase/migrations/20260510000002_rls.sqlhandle_new_userauth triggersupabase/migrations/20260510000003_storage.sqldeal-uploadsprivate bucket (50 MB limit, 13 allowed MIME types); Storage RLS: upload/select/delete gated ondeals.owner_id = auth.uid()supabase/config.toml5. Auth UI (Next.js App Router)
app/layout.tsxapp/(auth)/layout.tsxapp/(auth)/login/page.tsxapp/(auth)/login/LoginForm.tsxapp/(auth)/signup/page.tsxapp/(auth)/signup/SignupForm.tsxapp/auth/callback/route.ts/deals.htmlor?next=parammiddleware.ts/login?next=<path>; passes through public paths + static assets6. API routes
app/api/upload/route.tsPOST /api/uploaddeal-uploadsvia service-role; insertsdeal_filesrow; returns file metadataapp/api/usage/route.tsGET /api/usageplan,is_owner, monthlydeals_processed+usd_spent, computed limits (nullfor owners = unlimited),within_limitsboolean7. Documentation
ENV.mdNEXT_PUBLIC_mapping, Vercel setup guideSETUP.mddocs/DECISIONS.mdNEXT_PUBLIC_naming,is_ownerbypass, free tier, migration timestamps,tsconfig.lib.json, auth trigger + upsert, private bucket)Schema at a glance
RLS: every table locked down. Service-role (SUPABASE_SECRET_KEY) bypasses RLS for server-only operations. Auth trigger auto-creates
profilesrow on first sign-in.Acceptance checklist
lib/supabase/browser.ts—getSupabaseBrowserClient()returns singleton, throws if env vars absentlib/supabase/server.ts—getSupabaseServerClient()(RLS) +getSupabaseAdminClient()(bypass); guarded byserver-onlylib/supabase/types.ts— typedDatabaseinterface matching migration schemalib/storage.supabase.ts—SupabaseStorageClientimplementingStorageClientinterface;putFile,getSignedUrl,listDealFilesall functional; server-onlysupabase/migrations/20260510000001_init.sql— all 6 tables,pgcrypto,set_updated_attriggersupabase/migrations/20260510000002_rls.sql— RLS on all tables, 14 policies, auth triggersupabase/migrations/20260510000003_storage.sql— private bucket, 3 storage policiesapp/(auth)/login/page.tsx— server auth check + redirectapp/(auth)/login/LoginForm.tsx— magic link form + GitHub OAuth button + honest error/success statesapp/(auth)/signup/page.tsx+SignupForm.tsx— same flow, shows free-tier limitsapp/auth/callback/route.ts— code exchange, session cookie, profile upsert, redirectmiddleware.ts— session refresh, unauthenticated redirect, static-asset passthroughPOST /api/upload— auth check, deal ownership, MIME/size validation, storage upload,deal_filesinsert, real errorsGET /api/usage— plan +is_owner, monthly counters,within_limits,nulllimits for ownersENV.md— all vars documented withNEXT_PUBLIC_mapping and Vercel instructionsSETUP.md—npx supabase link+npx supabase db pushmigration guideSUPABASE_SECRET_KEYonly referenced inlib/supabase/server.tsandlib/storage.supabase.ts(both server-only)docs/DECISIONS.mdD-025–D-033 appended; no existing rows modifiedStep-by-step deployment guide
Prerequisites
npm install -g supabasekipyuhjbtkyhfapinwgj(already provisioned)Local setup
Apply migrations
npx supabase link --project-ref kipyuhjbtkyhfapinwgj # Enter your Supabase DB password when prompted npx supabase db pushThis applies all three migration files in timestamp order.
Run locally
npm run dev # Visit http://localhost:3000/loginDeploy to Vercel
.NEXT_PUBLIC_SUPABASE_URL(all environments)NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY(all environments)SUPABASE_URL(all environments)SUPABASE_SECRET_KEY(server only — Production + Preview, NONEXT_PUBLIC_prefix)https://your-app.vercel.apphttps://your-app.vercel.app/auth/callbackSet owner flag (one-time)
Enable GitHub OAuth (optional)
https://kipyuhjbtkyhfapinwgj.supabase.co/auth/v1/callbackMerge order recommendation
This PR is independent of PR#3 and PR#4 and can be merged in any order. After merging all three, replace the inline type/interface declarations in
lib/storage.supabase.tswith imports fromlib/storage.ts(one-line change)."