marcogll/AnchorOS
1
0
Fork 0
mirror of https://github.com/marcogll/AnchorOS.git synced 2026-03-15 14:24:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: implement public API routes and staff authentication

Browse Source 
- Add public API endpoints for locations, services, and availability
- Implement staff login system with password authentication
- Update auth context to support password sign-in
- Protect aperture dashboard with authentication
- Update project documentation with new domains
This commit is contained in:
Marco Gallegos
2026-01-16 21:45:47 -06:00
parent 0f6fe9bf7b
commit fb60178c86
8 changed files with 273 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@@ -62,6 +62,8 @@ El PRD es la fuente de verdad funcional. El README es la guía de ejecución.
* `anchor23.mx` - Frontend institucional (landing page + páginas informativas) * `anchor23.mx` - Frontend institucional (landing page + páginas informativas)
* `booking.anchor23.mx` - Frontend de reservas (The Boutique) - **Pendiente** * `booking.anchor23.mx` - Frontend de reservas (The Boutique) - **Pendiente**
* `kiosk.anchor23.mx` - Sistema de autoservicio (The Kiosk) * `kiosk.anchor23.mx` - Sistema de autoservicio (The Kiosk)
* `aperture.anchor23.mx` - Dashboard administrativo y CRM (The HQ)
* `api.anchor23.mx` - API pública para integraciones externas
### Experiencias ### Experiencias

2
TASKS.md
View File

@@ -348,7 +348,7 @@ Validación Staff (rol Staff):
- ⏳ Gestión de recursos y asignación - ⏳ Gestión de recursos y asignación
### ⏳ Pendiente ### ⏳ Pendiente
- Implementar API pública (api.anchor23.mx) - Horarios, servicios, ubicaciones públicas - Implementar API pública (api.anchor23.mx) - Horarios, servicios, ubicaciones públicas
- ⏳ Implementar autenticación para staff/manager/admin (Supabase Auth) - ⏳ Implementar autenticación para staff/manager/admin (Supabase Auth)
- ⏳ Implementar sistema completo de asignación de disponibilidad - ⏳ Implementar sistema completo de asignación de disponibilidad
- ⏳ Integración con Google Calendar - ⏳ Integración con Google Calendar

115
app/aperture/login/page.tsx Normal file
View File

@@ -0,0 +1,115 @@
'use client'
import { useState } from 'react'
import { useAuth } from '@/lib/auth/context'
import { useRouter } from 'next/navigation'
import { supabase } from '@/lib/supabase/client'
export default function ApertureLogin() {
const [email, setEmail] = useState('')
const [password, setPassword] = useState('')
const [loading, setLoading] = useState(false)
const [error, setError] = useState('')
const { signInWithPassword } = useAuth()
const router = useRouter()
const handleLogin = async (e: React.FormEvent) => {
e.preventDefault()
setLoading(true)
setError('')
try {
const { error } = await signInWithPassword(email, password)
if (error) {
setError(error.message)
} else {
// Check user role from database
const { data: { user } } = await supabase.auth.getUser()
if (user) {
const { data: staff } = await supabase
.from('staff')
.select('role')
.eq('user_id', user.id)
.single()
if (staff && ['admin', 'manager', 'staff'].includes(staff.role)) {
router.push('/aperture')
} else {
setError('Unauthorized access')
await supabase.auth.signOut()
}
}
}
} catch (err) {
setError('An error occurred')
} finally {
setLoading(false)
}
}
return (
<div className="min-h-screen flex items-center justify-center bg-gray-50">
<div className="max-w-md w-full space-y-8">
<div>
<h2 className="mt-6 text-center text-3xl font-extrabold text-gray-900">
Aperture Login
</h2>
<p className="mt-2 text-center text-sm text-gray-600">
Staff, Manager, or Admin access
</p>
</div>
<form className="mt-8 space-y-6" onSubmit={handleLogin}>
<div className="rounded-md shadow-sm -space-y-px">
<div>
<label htmlFor="email" className="sr-only">
Email address
</label>
<input
id="email"
name="email"
type="email"
required
value={email}
onChange={(e) => setEmail(e.target.value)}
className="appearance-none rounded-none relative block w-full px-3 py-2 border border-gray-300 placeholder-gray-500 text-gray-900 rounded-t-md focus:outline-none focus:ring-indigo-500 focus:border-indigo-500 focus:z-10 sm:text-sm"
placeholder="Email address"
/>
</div>
<div>
<label htmlFor="password" className="sr-only">
Password
</label>
<input
id="password"
name="password"
type="password"
required
value={password}
onChange={(e) => setPassword(e.target.value)}
className="appearance-none rounded-none relative block w-full px-3 py-2 border border-gray-300 placeholder-gray-500 text-gray-900 rounded-b-md focus:outline-none focus:ring-indigo-500 focus:border-indigo-500 focus:z-10 sm:text-sm"
placeholder="Password"
/>
</div>
</div>
{error && (
<div className="text-red-600 text-sm text-center">
{error}
</div>
)}
<div>
<button
type="submit"
disabled={loading}
className="group relative w-full flex justify-center py-2 px-4 border border-transparent text-sm font-medium rounded-md text-white bg-indigo-600 hover:bg-indigo-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-indigo-500 disabled:opacity-50"
>
{loading ? 'Signing in...' : 'Sign in'}
</button>
</div>
</form>
</div>
</div>
)
}

6
app/aperture/page.tsx
View File

@@ -44,6 +44,12 @@ export default function ApertureDashboard() {
) )
} }
useEffect(() => {
if (!user) {
router.push('/aperture/login')
}
}, [user, router])
if (!user) { if (!user) {
return null return null
} }

62
app/api/public/availability/route.ts Normal file
View File

@@ -0,0 +1,62 @@
import { NextRequest, NextResponse } from 'next/server'
import { supabase } from '@/lib/supabase/client'
/**
* @description Public API - Retrieves basic availability information
*/
export async function GET(request: NextRequest) {
try {
const { searchParams } = new URL(request.url)
const locationId = searchParams.get('location_id')
if (!locationId) {
return NextResponse.json(
{ error: 'Missing required parameter: location_id' },
{ status: 400 }
)
}
// Get location details
const { data: location, error: locationError } = await supabase
.from('locations')
.select('id, name, timezone')
.eq('id', locationId)
.eq('is_active', true)
.single()
if (locationError || !location) {
return NextResponse.json(
{ error: 'Location not found' },
{ status: 404 }
)
}
// Get active services for this location
const { data: services, error: servicesError } = await supabase
.from('services')
.select('id, name, duration_minutes, base_price')
.eq('is_active', true)
.order('name', { ascending: true })
if (servicesError) {
console.error('Public availability services error:', servicesError)
return NextResponse.json(
{ error: servicesError.message },
{ status: 500 }
)
}
return NextResponse.json({
success: true,
location,
services: services || [],
note: 'Use /api/availability/time-slots for detailed availability'
})
} catch (error) {
console.error('Public availability GET error:', error)
return NextResponse.json(
{ error: 'Internal server error' },
{ status: 500 }
)
}
}

34
app/api/public/locations/route.ts Normal file
View File

@@ -0,0 +1,34 @@
import { NextRequest, NextResponse } from 'next/server'
import { supabase } from '@/lib/supabase/client'
/**
* @description Public API - Retrieves all active locations
*/
export async function GET(request: NextRequest) {
try {
const { data: locations, error } = await supabase
.from('locations')
.select('id, name, timezone, address, phone, is_active')
.eq('is_active', true)
.order('name', { ascending: true })
if (error) {
console.error('Public locations GET error:', error)
return NextResponse.json(
{ error: error.message },
{ status: 500 }
)
}
return NextResponse.json({
success: true,
locations: locations || []
})
} catch (error) {
console.error('Public locations GET error:', error)
return NextResponse.json(
{ error: 'Internal server error' },
{ status: 500 }
)
}
}

43
app/api/public/services/route.ts Normal file
View File

@@ -0,0 +1,43 @@
import { NextRequest, NextResponse } from 'next/server'
import { supabase } from '@/lib/supabase/client'
/**
* @description Public API - Retrieves active services
*/
export async function GET(request: NextRequest) {
try {
const { searchParams } = new URL(request.url)
const locationId = searchParams.get('location_id')
let query = supabase
.from('services')
.select('id, name, description, duration_minutes, base_price, is_active')
.eq('is_active', true)
.order('name', { ascending: true })
if (locationId) {
query = query.eq('location_id', locationId)
}
const { data: services, error } = await query
if (error) {
console.error('Public services GET error:', error)
return NextResponse.json(
{ error: error.message },
{ status: 500 }
)
}
return NextResponse.json({
success: true,
services: services || []
})
} catch (error) {
console.error('Public services GET error:', error)
return NextResponse.json(
{ error: 'Internal server error' },
{ status: 500 }
)
}
}

10
lib/auth/context.tsx
View File

@@ -9,6 +9,7 @@ type AuthContextType = {
session: Session | null session: Session | null
loading: boolean loading: boolean
signIn: (email: string) => Promise<{ error: any }> signIn: (email: string) => Promise<{ error: any }>
signInWithPassword: (email: string, password: string) => Promise<{ error: any }>
signOut: () => Promise<void> signOut: () => Promise<void>
} }
@@ -57,6 +58,14 @@ export function AuthProvider({ children }: { children: ReactNode }) {
return { error } return { error }
} }
const signInWithPassword = async (email: string, password: string) => {
const { error } = await supabase.auth.signInWithPassword({
email,
password,
})
return { error }
}
const signOut = async () => { const signOut = async () => {
const { error } = await supabase.auth.signOut() const { error } = await supabase.auth.signOut()
if (error) { if (error) {
@@ -69,6 +78,7 @@ export function AuthProvider({ children }: { children: ReactNode }) {
session, session,
loading, loading,
signIn, signIn,
signInWithPassword,
signOut, signOut,
} }