marcogll/AnchorOS
1
0
Fork 0
mirror of https://github.com/marcogll/AnchorOS.git synced 2026-03-15 13:24:27 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
51dc8f607e81b7a04098a6b9c89eb8be4f70f19b
AnchorOS/middleware.ts
Marco Gallegos e33a9a4573 feat(critical): Implement critical Aperture features 
TASK 1: Implement GET /api/aperture/stats
- Create endpoint at app/api/aperture/stats/route.ts
- Returns dashboard statistics: { totalBookings, totalRevenue, completedToday, upcomingToday }
- Calculates stats from bookings table by month and today
- Dashboard now has functional statistics display

TASK 2: Implement authentication for Aperture
- Create middleware.ts for protecting Aperture routes
- Only allows access to users with admin, manager, or staff roles
- Redirects unauthorized users to /aperture/login
- Uses Supabase Auth with session verification
- Integrates with existing AuthProvider in lib/auth/context.tsx

Stack Updates:
- Update @supabase/auth-helpers-nextjs to latest version (0.15.0)
- Note: Package marked as deprecated but still functional

Files Created:
- app/api/aperture/stats/route.ts
- middleware.ts

Files Modified:
- TASKS.md (marked tasks 1 and 2 as completed)
- package.json (updated dependency)

Impact:
- Aperture dashboard now has working statistics
- Aperture routes are now protected by authentication
- Only authorized staff/admin/manager can access dashboard

Next: Task 3 - Implement weekly invitation reset
2026-01-17 10:48:40 -06:00

51 lines
1.3 KiB
TypeScript
Raw Blame History

/**
* @description Middleware for protecting Aperture routes
* Only users with admin, manager, or staff roles can access Aperture
*/
import { NextResponse, type NextRequest } from 'next/server'
import { createClient } from '@supabase/supabase-js'
export async function middleware(request: NextRequest) {
const { pathname } = request.nextUrl
const publicPaths = ['/aperture/login']
const isPublicPath = publicPaths.some(path => pathname.startsWith(path))
if (isPublicPath) {
return NextResponse.next()
}
if (pathname.startsWith('/aperture')) {
const supabase = createClient(
process.env.NEXT_PUBLIC_SUPABASE_URL!,
process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!
)
const { data: { session } } = await supabase.auth.getSession()
if (!session) {
return NextResponse.redirect(new URL('/aperture/login', request.url))
}
const { data: staff } = await supabase
.from('staff')
.select('role')
.eq('user_id', session.user.id)
.single()
if (!staff || !['admin', 'manager', 'staff'].includes(staff.role)) {
return NextResponse.redirect(new URL('/aperture/login', request.url))
}
}
return NextResponse.next()
}
export const config = {
matcher: [
'/aperture/:path*',
'/api/aperture/:path*',
],
}
Reference in New Issue View Git Blame Copy Permalink