feat: implement public API routes and staff authentication

- Add public API endpoints for locations, services, and availability - Implement staff login system with password authentication - Update auth context to support password sign-in - Protect aperture dashboard with authentication - Update project documentation with new domains
2026-03-15 11:24:26 +00:00 · 2026-01-16 21:45:47 -06:00
parent 0f6fe9bf7b
commit fb60178c86
8 changed files with 273 additions and 1 deletions
--- a/README.md
+++ b/README.md
@@ -62,6 +62,8 @@ El PRD es la fuente de verdad funcional. El README es la guía de ejecución.
 * `anchor23.mx` - Frontend institucional (landing page + páginas informativas)
 * `booking.anchor23.mx` - Frontend de reservas (The Boutique) - **Pendiente**
 * `kiosk.anchor23.mx` - Sistema de autoservicio (The Kiosk)
+* `aperture.anchor23.mx` - Dashboard administrativo y CRM (The HQ)
+* `api.anchor23.mx` - API pública para integraciones externas

 ### Experiencias

--- a/TASKS.md
+++ b/TASKS.md
@@ -348,7 +348,7 @@ Validación Staff (rol Staff):
  - ⏳ Gestión de recursos y asignación

 ### ⏳ Pendiente
- ⏳ Implementar API pública (api.anchor23.mx) - Horarios, servicios, ubicaciones públicas
+- ✅ Implementar API pública (api.anchor23.mx) - Horarios, servicios, ubicaciones públicas
 - ⏳ Implementar autenticación para staff/manager/admin (Supabase Auth)
 - ⏳ Implementar sistema completo de asignación de disponibilidad
 - ⏳ Integración con Google Calendar
--- a/app/aperture/login/page.tsx
+++ b/app/aperture/login/page.tsx
@@ -0,0 +1,115 @@
+'use client'
+
+import { useState } from 'react'
+import { useAuth } from '@/lib/auth/context'
+import { useRouter } from 'next/navigation'
+import { supabase } from '@/lib/supabase/client'
+
+export default function ApertureLogin() {
+  const [email, setEmail] = useState('')
+  const [password, setPassword] = useState('')
+  const [loading, setLoading] = useState(false)
+  const [error, setError] = useState('')
+  const { signInWithPassword } = useAuth()
+  const router = useRouter()
+
+  const handleLogin = async (e: React.FormEvent) => {
+    e.preventDefault()
+    setLoading(true)
+    setError('')
+
+    try {
+      const { error } = await signInWithPassword(email, password)
+
+      if (error) {
+        setError(error.message)
+      } else {
+        // Check user role from database
+        const { data: { user } } = await supabase.auth.getUser()
+        if (user) {
+          const { data: staff } = await supabase
+            .from('staff')
+            .select('role')
+            .eq('user_id', user.id)
+            .single()
+
+          if (staff && ['admin', 'manager', 'staff'].includes(staff.role)) {
+            router.push('/aperture')
+          } else {
+            setError('Unauthorized access')
+            await supabase.auth.signOut()
+          }
+        }
+      }
+    } catch (err) {
+      setError('An error occurred')
+    } finally {
+      setLoading(false)
+    }
+  }
+
+  return (
+    <div className="min-h-screen flex items-center justify-center bg-gray-50">
+      <div className="max-w-md w-full space-y-8">
+        <div>
+          <h2 className="mt-6 text-center text-3xl font-extrabold text-gray-900">
+            Aperture Login
+          </h2>
+          <p className="mt-2 text-center text-sm text-gray-600">
+            Staff, Manager, or Admin access
+          </p>
+        </div>
+        <form className="mt-8 space-y-6" onSubmit={handleLogin}>
+          <div className="rounded-md shadow-sm -space-y-px">
+            <div>
+              <label htmlFor="email" className="sr-only">
+                Email address
+              </label>
+              <input
+                id="email"
+                name="email"
+                type="email"
+                required
+                value={email}
+                onChange={(e) => setEmail(e.target.value)}
+                className="appearance-none rounded-none relative block w-full px-3 py-2 border border-gray-300 placeholder-gray-500 text-gray-900 rounded-t-md focus:outline-none focus:ring-indigo-500 focus:border-indigo-500 focus:z-10 sm:text-sm"
+                placeholder="Email address"
+              />
+            </div>
+            <div>
+              <label htmlFor="password" className="sr-only">
+                Password
+              </label>
+              <input
+                id="password"
+                name="password"
+                type="password"
+                required
+                value={password}
+                onChange={(e) => setPassword(e.target.value)}
+                className="appearance-none rounded-none relative block w-full px-3 py-2 border border-gray-300 placeholder-gray-500 text-gray-900 rounded-b-md focus:outline-none focus:ring-indigo-500 focus:border-indigo-500 focus:z-10 sm:text-sm"
+                placeholder="Password"
+              />
+            </div>
+          </div>
+
+          {error && (
+            <div className="text-red-600 text-sm text-center">
+              {error}
+            </div>
+          )}
+
+          <div>
+            <button
+              type="submit"
+              disabled={loading}
+              className="group relative w-full flex justify-center py-2 px-4 border border-transparent text-sm font-medium rounded-md text-white bg-indigo-600 hover:bg-indigo-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-indigo-500 disabled:opacity-50"
+            >
+              {loading ? 'Signing in...' : 'Sign in'}
+            </button>
+          </div>
+        </form>
+      </div>
+    </div>
+  )
+}
--- a/app/aperture/page.tsx
+++ b/app/aperture/page.tsx
@@ -44,6 +44,12 @@ export default function ApertureDashboard() {
    )
  }

+  useEffect(() => {
+    if (!user) {
+      router.push('/aperture/login')
+    }
+  }, [user, router])
+
  if (!user) {
    return null
  }
--- a/app/api/public/availability/route.ts
+++ b/app/api/public/availability/route.ts
@@ -0,0 +1,62 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { supabase } from '@/lib/supabase/client'
+
+/**
+ * @description Public API - Retrieves basic availability information
+ */
+export async function GET(request: NextRequest) {
+  try {
+    const { searchParams } = new URL(request.url)
+    const locationId = searchParams.get('location_id')
+
+    if (!locationId) {
+      return NextResponse.json(
+        { error: 'Missing required parameter: location_id' },
+        { status: 400 }
+      )
+    }
+
+    // Get location details
+    const { data: location, error: locationError } = await supabase
+      .from('locations')
+      .select('id, name, timezone')
+      .eq('id', locationId)
+      .eq('is_active', true)
+      .single()
+
+    if (locationError || !location) {
+      return NextResponse.json(
+        { error: 'Location not found' },
+        { status: 404 }
+      )
+    }
+
+    // Get active services for this location
+    const { data: services, error: servicesError } = await supabase
+      .from('services')
+      .select('id, name, duration_minutes, base_price')
+      .eq('is_active', true)
+      .order('name', { ascending: true })
+
+    if (servicesError) {
+      console.error('Public availability services error:', servicesError)
+      return NextResponse.json(
+        { error: servicesError.message },
+        { status: 500 }
+      )
+    }
+
+    return NextResponse.json({
+      success: true,
+      location,
+      services: services || [],
+      note: 'Use /api/availability/time-slots for detailed availability'
+    })
+  } catch (error) {
+    console.error('Public availability GET error:', error)
+    return NextResponse.json(
+      { error: 'Internal server error' },
+      { status: 500 }
+    )
+  }
+}
--- a/app/api/public/locations/route.ts
+++ b/app/api/public/locations/route.ts
@@ -0,0 +1,34 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { supabase } from '@/lib/supabase/client'
+
+/**
+ * @description Public API - Retrieves all active locations
+ */
+export async function GET(request: NextRequest) {
+  try {
+    const { data: locations, error } = await supabase
+      .from('locations')
+      .select('id, name, timezone, address, phone, is_active')
+      .eq('is_active', true)
+      .order('name', { ascending: true })
+
+    if (error) {
+      console.error('Public locations GET error:', error)
+      return NextResponse.json(
+        { error: error.message },
+        { status: 500 }
+      )
+    }
+
+    return NextResponse.json({
+      success: true,
+      locations: locations || []
+    })
+  } catch (error) {
+    console.error('Public locations GET error:', error)
+    return NextResponse.json(
+      { error: 'Internal server error' },
+      { status: 500 }
+    )
+  }
+}
--- a/app/api/public/services/route.ts
+++ b/app/api/public/services/route.ts
@@ -0,0 +1,43 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { supabase } from '@/lib/supabase/client'
+
+/**
+ * @description Public API - Retrieves active services
+ */
+export async function GET(request: NextRequest) {
+  try {
+    const { searchParams } = new URL(request.url)
+    const locationId = searchParams.get('location_id')
+
+    let query = supabase
+      .from('services')
+      .select('id, name, description, duration_minutes, base_price, is_active')
+      .eq('is_active', true)
+      .order('name', { ascending: true })
+
+    if (locationId) {
+      query = query.eq('location_id', locationId)
+    }
+
+    const { data: services, error } = await query
+
+    if (error) {
+      console.error('Public services GET error:', error)
+      return NextResponse.json(
+        { error: error.message },
+        { status: 500 }
+      )
+    }
+
+    return NextResponse.json({
+      success: true,
+      services: services || []
+    })
+  } catch (error) {
+    console.error('Public services GET error:', error)
+    return NextResponse.json(
+      { error: 'Internal server error' },
+      { status: 500 }
+    )
+  }
+}
--- a/lib/auth/context.tsx
+++ b/lib/auth/context.tsx
@@ -9,6 +9,7 @@ type AuthContextType = {
  session: Session | null
  loading: boolean
  signIn: (email: string) => Promise<{ error: any }>
+  signInWithPassword: (email: string, password: string) => Promise<{ error: any }>
  signOut: () => Promise<void>
 }

@@ -57,6 +58,14 @@ export function AuthProvider({ children }: { children: ReactNode }) {
    return { error }
  }

+  const signInWithPassword = async (email: string, password: string) => {
+    const { error } = await supabase.auth.signInWithPassword({
+      email,
+      password,
+    })
+    return { error }
+  }
+
  const signOut = async () => {
    const { error } = await supabase.auth.signOut()
    if (error) {
@@ -69,6 +78,7 @@ export function AuthProvider({ children }: { children: ReactNode }) {
    session,
    loading,
    signIn,
+    signInWithPassword,
    signOut,
  }