feat: Implementar sistema de kiosko, enrollment e integración Telegram

## Sistema de Kiosko ✅
- Nuevo rol 'kiosk' en enum user_role
- Tabla kiosks con autenticación por API key (64 caracteres)
- Funciones SQL: generate_kiosk_api_key(), is_kiosk(), get_available_resources_with_priority()
- API Routes: authenticate, bookings (GET/POST), confirm, resources/available, walkin
- Componentes UI: BookingConfirmation, WalkInFlow, ResourceAssignment
- Página kiosko: /kiosk/[locationId]/page.tsx

## Sistema de Enrollment ✅
- API routes para administración: /api/admin/users, /api/admin/kiosks, /api/admin/locations
- Frontend enrollment: /admin/enrollment con autenticación por ADMIN_KEY
- Creación de staff (admin, manager, staff, artist) con Supabase Auth
- Creación de kiosks con generación automática de API key
- Componentes UI: card, button, input, label, select, tabs

## Actualización de Recursos ✅
- Reemplazo de recursos con códigos estándarizados
- Estructura por location: 3 mkup, 1 lshs, 4 pedi, 4 mani
- Migración de limpieza: elimina duplicados
- Total: 12 recursos por location

## Integración Telegram y Scoring ✅
- Campos agregados a staff: telegram_id, email, gmail, google_account, telegram_chat_id
- Sistema de scoring: performance_score, total_bookings_completed, total_guarantees_count
- Tablas: telegram_notifications, telegram_groups, telegram_bots
- Funciones: update_staff_performance_score(), get_top_performers(), get_performance_summary()
- Triggers automáticos: notificaciones al crear/confirmar/completar booking
- Cálculo de score: base 50 +10 por booking +5 por garantía +1 por $100

## Actualización de Tipos ✅
- UserRole: agregado 'kiosk'
- CustomerTier: agregado 'black', 'VIP'
- Nuevas interfaces: Kiosk

## Documentación ✅
- KIOSK_SYSTEM.md: Documentación completa del sistema
- KIOSK_IMPLEMENTATION.md: Guía rápida
- ENROLLMENT_SYSTEM.md: Sistema de enrollment
- RESOURCES_UPDATE.md: Actualización de recursos
- PROJECT_UPDATE_JAN_2026.md: Resumen de proyecto

## Componentes UI (7)
- button.tsx, card.tsx, input.tsx, label.tsx, select.tsx, tabs.tsx

## Migraciones SQL (4)
- 20260116000000_add_kiosk_system.sql
- 20260116010000_update_resources.sql
- 20260116020000_cleanup_and_fix_resources.sql
- 20260116030000_telegram_integration.sql

## Métricas
- ~7,500 líneas de código
- 32 archivos creados/modificados
- 7 componentes UI
- 10 API routes
- 4 migraciones SQL

app/api/admin/kiosks/route.ts

@@ -0,0 +1,145 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { supabaseAdmin } from '@/lib/supabase/client'
+
+async function validateAdmin(request: NextRequest) {
+  const authHeader = request.headers.get('authorization')
+  
+  if (!authHeader) {
+    return null
+  }
+
+  const token = authHeader.replace('Bearer ', '')
+  
+  if (token !== process.env.ADMIN_ENROLLMENT_KEY) {
+    return null
+  }
+
+  return true
+}
+
+export async function GET(request: NextRequest) {
+  try {
+    const isAdmin = await validateAdmin(request)
+    
+    if (!isAdmin) {
+      return NextResponse.json(
+        { error: 'Unauthorized' },
+        { status: 401 }
+      )
+    }
+
+    const { searchParams } = new URL(request.url)
+    const locationId = searchParams.get('location_id')
+    const isActive = searchParams.get('is_active')
+
+    let query = supabaseAdmin
+      .from('kiosks')
+      .select(`
+        id,
+        location_id,
+        device_name,
+        display_name,
+        ip_address,
+        is_active,
+        created_at,
+        updated_at,
+        location (
+          id,
+          name,
+          timezone
+        )
+      `)
+
+    if (locationId) {
+      query = query.eq('location_id', locationId)
+    }
+
+    if (isActive !== null) {
+      query = query.eq('is_active', isActive === 'true')
+    }
+
+    const { data: kiosks, error: kiosksError } = await query.order('created_at', { ascending: false })
+
+    if (kiosksError) {
+      return NextResponse.json(
+        { error: kiosksError.message },
+        { status: 400 }
+      )
+    }
+
+    return NextResponse.json({ kiosks })
+  } catch (error) {
+    console.error('Admin kiosks GET error:', error)
+    return NextResponse.json(
+      { error: 'Internal server error' },
+      { status: 500 }
+    )
+  }
+}
+
+export async function POST(request: NextRequest) {
+  try {
+    const isAdmin = await validateAdmin(request)
+    
+    if (!isAdmin) {
+      return NextResponse.json(
+        { error: 'Unauthorized' },
+        { status: 401 }
+      )
+    }
+
+    const body = await request.json()
+    const {
+      location_id,
+      device_name,
+      display_name,
+      ip_address
+    } = body
+
+    if (!location_id || !device_name || !display_name) {
+      return NextResponse.json(
+        { error: 'Missing required fields: location_id, device_name, display_name' },
+        { status: 400 }
+      )
+    }
+
+    const { data: existingKiosk } = await supabaseAdmin
+      .from('kiosks')
+      .select('id')
+      .eq('device_name', device_name)
+      .single()
+
+    if (existingKiosk) {
+      return NextResponse.json(
+        { error: 'A kiosk with this device_name already exists' },
+        { status: 400 }
+      )
+    }
+
+    const { data: kiosk, error: kioskError } = await supabaseAdmin.rpc('create_kiosk', {
+      p_location_id: location_id,
+      p_device_name: device_name,
+      p_display_name: display_name,
+      p_ip_address: ip_address
+    })
+
+    if (kioskError || !kiosk) {
+      return NextResponse.json(
+        { error: kioskError?.message || 'Failed to create kiosk' },
+        { status: 400 }
+      )
+    }
+
+    return NextResponse.json({
+      success: true,
+      kiosk,
+      message: 'Kiosk created successfully. Save the API key securely.'
+    }, { status: 201 })
+  } catch (error) {
+    console.error('Admin kiosks POST error:', error)
+    return NextResponse.json(
+      { error: 'Internal server error' },
+      { status: 500 }
+    )
+  }
+}

app/api/admin/locations/route.ts

@@ -0,0 +1,51 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { supabaseAdmin } from '@/lib/supabase/client'
+
+async function validateAdmin(request: NextRequest) {
+  const authHeader = request.headers.get('authorization')
+  
+  if (!authHeader) {
+    return null
+  }
+
+  const token = authHeader.replace('Bearer ', '')
+  
+  if (token !== process.env.ADMIN_ENROLLMENT_KEY) {
+    return null
+  }
+
+  return true
+}
+
+export async function GET(request: NextRequest) {
+  try {
+    const isAdmin = await validateAdmin(request)
+    
+    if (!isAdmin) {
+      return NextResponse.json(
+        { error: 'Unauthorized' },
+        { status: 401 }
+      )
+    }
+
+    const { data: locations, error } = await supabaseAdmin
+      .from('locations')
+      .select('*')
+      .order('name', { ascending: true })
+
+    if (error) {
+      return NextResponse.json(
+        { error: error.message },
+        { status: 400 }
+      )
+    }
+
+    return NextResponse.json({ locations })
+  } catch (error) {
+    console.error('Admin locations GET error:', error)
+    return NextResponse.json(
+      { error: 'Internal server error' },
+      { status: 500 }
+    )
+  }
+}

app/api/admin/users/route.ts

@@ -0,0 +1,179 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { supabaseAdmin } from '@/lib/supabase/client'
+
+async function validateAdmin(request: NextRequest) {
+  const authHeader = request.headers.get('authorization')
+  
+  if (!authHeader) {
+    return null
+  }
+
+  const token = authHeader.replace('Bearer ', '')
+  
+  if (token !== process.env.ADMIN_ENROLLMENT_KEY) {
+    return null
+  }
+
+  return true
+}
+
+export async function GET(request: NextRequest) {
+  try {
+    const isAdmin = await validateAdmin(request)
+    
+    if (!isAdmin) {
+      return NextResponse.json(
+        { error: 'Unauthorized' },
+        { status: 401 }
+      )
+    }
+
+    const { searchParams } = new URL(request.url)
+    const locationId = searchParams.get('location_id')
+    const role = searchParams.get('role')
+
+    let query = supabaseAdmin
+      .from('staff')
+      .select(`
+        id,
+        user_id,
+        location_id,
+        role,
+        display_name,
+        phone,
+        is_active,
+        created_at,
+        updated_at,
+        location (
+          id,
+          name,
+          timezone
+        )
+      `)
+
+    if (locationId) {
+      query = query.eq('location_id', locationId)
+    }
+
+    if (role) {
+      query = query.eq('role', role)
+    }
+
+    const { data: staff, error: staffError } = await query.order('created_at', { ascending: false })
+
+    if (staffError) {
+      return NextResponse.json(
+        { error: staffError.message },
+        { status: 400 }
+      )
+    }
+
+    return NextResponse.json({ staff })
+  } catch (error) {
+    console.error('Admin users GET error:', error)
+    return NextResponse.json(
+      { error: 'Internal server error' },
+      { status: 500 }
+    )
+  }
+}
+
+export async function POST(request: NextRequest) {
+  try {
+    const isAdmin = await validateAdmin(request)
+    
+    if (!isAdmin) {
+      return NextResponse.json(
+        { error: 'Unauthorized' },
+        { status: 401 }
+      )
+    }
+
+    const body = await request.json()
+    const {
+      location_id,
+      role,
+      display_name,
+      phone,
+      email,
+      password,
+      first_name,
+      last_name
+    } = body
+
+    if (!location_id || !role || !display_name) {
+      return NextResponse.json(
+        { error: 'Missing required fields: location_id, role, display_name' },
+        { status: 400 }
+      )
+    }
+
+    if (!['admin', 'manager', 'staff', 'artist'].includes(role)) {
+      return NextResponse.json(
+        { error: 'Invalid role. Must be: admin, manager, staff, or artist' },
+        { status: 400 }
+      )
+    }
+
+    if (!email || !password) {
+      return NextResponse.json(
+        { error: 'Email and password are required to create auth user' },
+        { status: 400 }
+      )
+    }
+
+    const { data: authUser, error: authError } = await supabaseAdmin.auth.admin.createUser({
+      email,
+      password,
+      email_confirm: true,
+      user_metadata: {
+        first_name,
+        last_name
+      }
+    })
+
+    if (authError || !authUser) {
+      return NextResponse.json(
+        { error: authError?.message || 'Failed to create auth user' },
+        { status: 400 }
+      )
+    }
+
+    const { data: staff, error: staffError } = await supabaseAdmin
+      .from('staff')
+      .insert({
+        user_id: authUser.user.id,
+        location_id,
+        role,
+        display_name,
+        phone,
+        is_active: true
+      })
+      .select()
+      .single()
+
+    if (staffError || !staff) {
+      return NextResponse.json(
+        { error: staffError?.message || 'Failed to create staff record' },
+        { status: 400 }
+      )
+    }
+
+    return NextResponse.json({
+      success: true,
+      staff: {
+        ...staff,
+        email: authUser.user.email,
+        first_name: authUser.user.user_metadata?.first_name,
+        last_name: authUser.user.user_metadata?.last_name
+      },
+      message: 'User created successfully'
+    }, { status: 201 })
+  } catch (error) {
+    console.error('Admin users POST error:', error)
+    return NextResponse.json(
+      { error: 'Internal server error' },
+      { status: 500 }
+    )
+  }
+}

app/api/kiosk/authenticate/route.ts

@@ -0,0 +1,59 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { supabase } from '@/lib/supabase/client'
+import { Kiosk } from '@/lib/db/types'
+
+export async function POST(request: NextRequest) {
+  try {
+    const { api_key } = await request.json()
+
+    if (!api_key || typeof api_key !== 'string') {
+      return NextResponse.json(
+        { error: 'API key is required' },
+        { status: 400 }
+      )
+    }
+
+    const { data: kiosk, error } = await supabase
+      .from('kiosks')
+      .select(`
+        id,
+        location_id,
+        device_name,
+        display_name,
+        is_active,
+        location (
+          id,
+          name,
+          timezone
+        )
+      `)
+      .eq('api_key', api_key)
+      .eq('is_active', true)
+      .single()
+
+    if (error || !kiosk) {
+      return NextResponse.json(
+        { error: 'Invalid API key or kiosk not active' },
+        { status: 401 }
+      )
+    }
+
+    return NextResponse.json({
+      success: true,
+      kiosk: {
+        id: kiosk.id,
+        location_id: kiosk.location_id,
+        device_name: kiosk.device_name,
+        display_name: kiosk.display_name,
+        is_active: kiosk.is_active,
+        location: kiosk.location
+      }
+    })
+  } catch (error) {
+    console.error('Kiosk authentication error:', error)
+    return NextResponse.json(
+      { error: 'Internal server error' },
+      { status: 500 }
+    )
+  }
+}

app/api/kiosk/bookings/[shortId]/confirm/route.ts

@@ -0,0 +1,109 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { supabase } from '@/lib/supabase/client'
+
+async function validateKiosk(request: NextRequest) {
+  const apiKey = request.headers.get('x-kiosk-api-key')
+  
+  if (!apiKey) {
+    return null
+  }
+
+  const { data: kiosk } = await supabase
+    .from('kiosks')
+    .select('id, location_id, is_active')
+    .eq('api_key', apiKey)
+    .eq('is_active', true)
+    .single()
+
+  return kiosk
+}
+
+export async function POST(
+  request: NextRequest,
+  { params }: { params: { shortId: string } }
+) {
+  try {
+    const kiosk = await validateKiosk(request)
+    
+    if (!kiosk) {
+      return NextResponse.json(
+        { error: 'Unauthorized' },
+        { status: 401 }
+      )
+    }
+
+    const shortId = params.shortId
+
+    const { data: booking, error: fetchError } = await supabase
+      .from('bookings')
+      .select('id, status, location_id')
+      .eq('short_id', shortId)
+      .single()
+
+    if (fetchError || !booking) {
+      return NextResponse.json(
+        { error: 'Booking not found' },
+        { status: 404 }
+      )
+    }
+
+    if (booking.location_id !== kiosk.location_id) {
+      return NextResponse.json(
+        { error: 'Booking not found in kiosk location' },
+        { status: 404 }
+      )
+    }
+
+    if (booking.status !== 'pending') {
+      return NextResponse.json(
+        { error: 'Booking is not in pending status' },
+        { status: 400 }
+      )
+    }
+
+    const { data: updatedBooking, error: updateError } = await supabase
+      .from('bookings')
+      .update({ status: 'confirmed' })
+      .eq('id', booking.id)
+      .select(`
+        id,
+        short_id,
+        status,
+        start_time_utc,
+        end_time_utc,
+        service (
+          id,
+          name,
+          duration_minutes
+        ),
+        resource (
+          id,
+          name,
+          type
+        ),
+        staff (
+          id,
+          display_name
+        )
+      `)
+      .single()
+
+    if (updateError || !updatedBooking) {
+      return NextResponse.json(
+        { error: updateError?.message || 'Failed to confirm booking' },
+        { status: 400 }
+      )
+    }
+
+    return NextResponse.json({
+      success: true,
+      booking: updatedBooking
+    })
+  } catch (error) {
+    console.error('Kiosk booking confirm error:', error)
+    return NextResponse.json(
+      { error: 'Internal server error' },
+      { status: 500 }
+    )
+  }
+}

app/api/kiosk/bookings/route.ts

@@ -0,0 +1,240 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { supabase } from '@/lib/supabase/client'
+
+async function validateKiosk(request: NextRequest) {
+  const apiKey = request.headers.get('x-kiosk-api-key')
+  
+  if (!apiKey) {
+    return null
+  }
+
+  const { data: kiosk } = await supabase
+    .from('kiosks')
+    .select('id, location_id, is_active')
+    .eq('api_key', apiKey)
+    .eq('is_active', true)
+    .single()
+
+  return kiosk
+}
+
+export async function GET(request: NextRequest) {
+  try {
+    const kiosk = await validateKiosk(request)
+    
+    if (!kiosk) {
+      return NextResponse.json(
+        { error: 'Unauthorized' },
+        { status: 401 }
+      )
+    }
+
+    const { searchParams } = new URL(request.url)
+    const short_id = searchParams.get('short_id')
+    const date = searchParams.get('date')
+
+    let query = supabase
+      .from('bookings')
+      .select(`
+        id,
+        short_id,
+        status,
+        start_time_utc,
+        end_time_utc,
+        service (
+          id,
+          name,
+          duration_minutes
+        ),
+        resource (
+          id,
+          name,
+          type
+        ),
+        staff (
+          id,
+          display_name
+        )
+      `)
+      .eq('location_id', kiosk.location_id)
+      .in('status', ['pending', 'confirmed'])
+
+    if (short_id) {
+      query = query.eq('short_id', short_id)
+    }
+
+    if (date) {
+      const startDate = new Date(date)
+      const endDate = new Date(startDate)
+      endDate.setDate(endDate.getDate() + 1)
+      
+      query = query
+        .gte('start_time_utc', startDate.toISOString())
+        .lt('start_time_utc', endDate.toISOString())
+    }
+
+    const { data: bookings, error } = await query.order('start_time_utc', { ascending: true })
+
+    if (error) {
+      return NextResponse.json(
+        { error: error.message },
+        { status: 400 }
+      )
+    }
+
+    return NextResponse.json({ bookings })
+  } catch (error) {
+    console.error('Kiosk bookings GET error:', error)
+    return NextResponse.json(
+      { error: 'Internal server error' },
+      { status: 500 }
+    )
+  }
+}
+
+export async function POST(request: NextRequest) {
+  try {
+    const kiosk = await validateKiosk(request)
+    
+    if (!kiosk) {
+      return NextResponse.json(
+        { error: 'Unauthorized' },
+        { status: 401 }
+      )
+    }
+
+    const body = await request.json()
+    const { 
+      customer_email,
+      customer_phone,
+      customer_name,
+      service_id,
+      staff_id,
+      start_time_utc,
+      notes
+    } = body
+
+    if (!customer_email || !service_id || !staff_id || !start_time_utc) {
+      return NextResponse.json(
+        { error: 'Missing required fields: customer_email, service_id, staff_id, start_time_utc' },
+        { status: 400 }
+      )
+    }
+
+    const { data: service, error: serviceError } = await supabase
+      .from('services')
+      .select('*')
+      .eq('id', service_id)
+      .eq('is_active', true)
+      .single()
+
+    if (serviceError || !service) {
+      return NextResponse.json(
+        { error: 'Invalid service_id' },
+        { status: 400 }
+      )
+    }
+
+    const startTime = new Date(start_time_utc)
+    const endTime = new Date(startTime)
+    endTime.setMinutes(endTime.getMinutes() + service.duration_minutes)
+
+    const { data: availableResources } = await supabase
+      .rpc('get_available_resources_with_priority', {
+        p_location_id: kiosk.location_id,
+        p_start_time: startTime.toISOString(),
+        p_end_time: endTime.toISOString()
+      })
+
+    if (!availableResources || availableResources.length === 0) {
+      return NextResponse.json(
+        { error: 'No resources available for the selected time' },
+        { status: 400 }
+      )
+    }
+
+    const assignedResource = availableResources[0]
+
+    const { data: customer, error: customerError } = await supabase
+      .from('customers')
+      .upsert({
+        email: customer_email,
+        first_name: customer_name?.split(' ')[0] || 'Cliente',
+        last_name: customer_name?.split(' ').slice(1).join(' ') || 'Kiosko',
+        phone: customer_phone,
+        tier: 'free',
+        is_active: true
+      })
+      .select()
+      .single()
+
+    if (customerError || !customer) {
+      return NextResponse.json(
+        { error: 'Failed to create/find customer' },
+        { status: 400 }
+      )
+    }
+
+    const { data: booking, error: bookingError } = await supabase
+      .from('bookings')
+      .insert({
+        customer_id: customer.id,
+        staff_id,
+        location_id: kiosk.location_id,
+        resource_id: assignedResource.resource_id,
+        service_id,
+        start_time_utc: startTime.toISOString(),
+        end_time_utc: endTime.toISOString(),
+        status: 'pending',
+        deposit_amount: 0,
+        total_amount: service.base_price,
+        is_paid: false,
+        notes
+      })
+      .select(`
+        id,
+        short_id,
+        status,
+        start_time_utc,
+        end_time_utc,
+        service (
+          id,
+          name,
+          duration_minutes,
+          base_price
+        ),
+        resource (
+          id,
+          name,
+          type
+        ),
+        staff (
+          id,
+          display_name
+        )
+      `)
+      .single()
+
+    if (bookingError || !booking) {
+      return NextResponse.json(
+        { error: bookingError?.message || 'Failed to create booking' },
+        { status: 400 }
+      )
+    }
+
+    return NextResponse.json({
+      success: true,
+      booking: {
+        ...booking,
+        resource_name: assignedResource.resource_name,
+        resource_type: assignedResource.resource_type
+      }
+    }, { status: 201 })
+  } catch (error) {
+    console.error('Kiosk bookings POST error:', error)
+    return NextResponse.json(
+      { error: 'Internal server error' },
+      { status: 500 }
+    )
+  }
+}

app/api/kiosk/resources/available/route.ts

@@ -0,0 +1,98 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { supabase } from '@/lib/supabase/client'
+
+async function validateKiosk(request: NextRequest) {
+  const apiKey = request.headers.get('x-kiosk-api-key')
+  
+  if (!apiKey) {
+    return null
+  }
+
+  const { data: kiosk } = await supabase
+    .from('kiosks')
+    .select('id, location_id, is_active')
+    .eq('api_key', apiKey)
+    .eq('is_active', true)
+    .single()
+
+  return kiosk
+}
+
+export async function GET(request: NextRequest) {
+  try {
+    const kiosk = await validateKiosk(request)
+    
+    if (!kiosk) {
+      return NextResponse.json(
+        { error: 'Unauthorized' },
+        { status: 401 }
+      )
+    }
+
+    const { searchParams } = new URL(request.url)
+    const start_time = searchParams.get('start_time')
+    const end_time = searchParams.get('end_time')
+    const service_id = searchParams.get('service_id')
+
+    if (!start_time || !end_time) {
+      return NextResponse.json(
+        { error: 'start_time and end_time are required' },
+        { status: 400 }
+      )
+    }
+
+    const startTime = new Date(start_time)
+    const endTime = new Date(end_time)
+
+    if (isNaN(startTime.getTime()) || isNaN(endTime.getTime())) {
+      return NextResponse.json(
+        { error: 'Invalid date format' },
+        { status: 400 }
+      )
+    }
+
+    let resourceQuery = supabase
+      .rpc('get_available_resources_with_priority', {
+        p_location_id: kiosk.location_id,
+        p_start_time: startTime.toISOString(),
+        p_end_time: endTime.toISOString()
+      })
+
+    const { data: resources, error } = await resourceQuery
+
+    if (error) {
+      return NextResponse.json(
+        { error: error.message },
+        { status: 400 }
+      )
+    }
+
+    let availableResources = resources || []
+
+    if (service_id) {
+      const { data: service } = await supabase
+        .from('services')
+        .select('requires_dual_artist')
+        .eq('id', service_id)
+        .single()
+
+      if (service?.requires_dual_artist) {
+        availableResources = availableResources.filter(r => r.resource_type === 'room')
+      }
+    }
+
+    return NextResponse.json({
+      location_id: kiosk.location_id,
+      start_time: startTime.toISOString(),
+      end_time: endTime.toISOString(),
+      resources: availableResources,
+      total_available: availableResources.length
+    })
+  } catch (error) {
+    console.error('Kiosk resources available error:', error)
+    return NextResponse.json(
+      { error: 'Internal server error' },
+      { status: 500 }
+    )
+  }
+}

app/api/kiosk/walkin/route.ts

@@ -0,0 +1,182 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { supabase } from '@/lib/supabase/client'
+
+async function validateKiosk(request: NextRequest) {
+  const apiKey = request.headers.get('x-kiosk-api-key')
+  
+  if (!apiKey) {
+    return null
+  }
+
+  const { data: kiosk } = await supabase
+    .from('kiosks')
+    .select('id, location_id, is_active')
+    .eq('api_key', apiKey)
+    .eq('is_active', true)
+    .single()
+
+  return kiosk
+}
+
+export async function POST(request: NextRequest) {
+  try {
+    const kiosk = await validateKiosk(request)
+    
+    if (!kiosk) {
+      return NextResponse.json(
+        { error: 'Unauthorized' },
+        { status: 401 }
+      )
+    }
+
+    const body = await request.json()
+    const { 
+      customer_email,
+      customer_phone,
+      customer_name,
+      service_id,
+      notes
+    } = body
+
+    if (!customer_email || !service_id) {
+      return NextResponse.json(
+        { error: 'Missing required fields: customer_email, service_id' },
+        { status: 400 }
+      )
+    }
+
+    const { data: service, error: serviceError } = await supabase
+      .from('services')
+      .select('*')
+      .eq('id', service_id)
+      .eq('is_active', true)
+      .single()
+
+    if (serviceError || !service) {
+      return NextResponse.json(
+        { error: 'Invalid service_id' },
+        { status: 400 }
+      )
+    }
+
+    const { data: availableStaff } = await supabase
+      .from('staff')
+      .select('id, display_name, role')
+      .eq('location_id', kiosk.location_id)
+      .eq('is_active', true)
+      .in('role', ['artist', 'staff', 'manager'])
+
+    if (!availableStaff || availableStaff.length === 0) {
+      return NextResponse.json(
+        { error: 'No staff available' },
+        { status: 400 }
+      )
+    }
+
+    const assignedStaff = availableStaff[0]
+
+    const startTime = new Date()
+    const endTime = new Date(startTime)
+    endTime.setMinutes(endTime.getMinutes() + service.duration_minutes)
+
+    const { data: availableResources } = await supabase
+      .rpc('get_available_resources_with_priority', {
+        p_location_id: kiosk.location_id,
+        p_start_time: startTime.toISOString(),
+        p_end_time: endTime.toISOString()
+      })
+
+    if (!availableResources || availableResources.length === 0) {
+      return NextResponse.json(
+        { error: 'No resources available for immediate booking' },
+        { status: 400 }
+      )
+    }
+
+    const assignedResource = availableResources[0]
+
+    const { data: customer, error: customerError } = await supabase
+      .from('customers')
+      .upsert({
+        email: customer_email,
+        first_name: customer_name?.split(' ')[0] || 'Cliente',
+        last_name: customer_name?.split(' ').slice(1).join(' ') || 'Walk-in',
+        phone: customer_phone,
+        tier: 'free',
+        is_active: true
+      })
+      .select()
+      .single()
+
+    if (customerError || !customer) {
+      return NextResponse.json(
+        { error: 'Failed to create/find customer' },
+        { status: 400 }
+      )
+    }
+
+    const { data: booking, error: bookingError } = await supabase
+      .from('bookings')
+      .insert({
+        customer_id: customer.id,
+        staff_id: assignedStaff.id,
+        location_id: kiosk.location_id,
+        resource_id: assignedResource.resource_id,
+        service_id,
+        start_time_utc: startTime.toISOString(),
+        end_time_utc: endTime.toISOString(),
+        status: 'confirmed',
+        deposit_amount: 0,
+        total_amount: service.base_price,
+        is_paid: false,
+        notes: notes ? `${notes} [Walk-in]` : '[Walk-in]'
+      })
+      .select(`
+        id,
+        short_id,
+        status,
+        start_time_utc,
+        end_time_utc,
+        service (
+          id,
+          name,
+          duration_minutes,
+          base_price
+        ),
+        resource (
+          id,
+          name,
+          type
+        ),
+        staff (
+          id,
+          display_name
+        )
+      `)
+      .single()
+
+    if (bookingError || !booking) {
+      return NextResponse.json(
+        { error: bookingError?.message || 'Failed to create walk-in booking' },
+        { status: 400 }
+      )
+    }
+
+    return NextResponse.json({
+      success: true,
+      booking: {
+        ...booking,
+        resource_name: assignedResource.resource_name,
+        resource_type: assignedResource.resource_type,
+        staff_name: assignedStaff.display_name
+      },
+      message: 'Walk-in booking created successfully'
+    }, { status: 201 })
+  } catch (error) {
+    console.error('Kiosk walk-in error:', error)
+    return NextResponse.json(
+      { error: 'Internal server error' },
+      { status: 500 }
+    )
+  }
+}