feat: lock down registration and enforce partner-only logins
All checks were successful
Staging Build / build (push) Successful in 2m19s

This commit is contained in:
DanielS
2026-06-23 23:59:22 +02:00
parent b71b84da1b
commit bdbf840529
4 changed files with 26 additions and 41 deletions

View File

@@ -1,11 +1,5 @@
import { SignUpForm } from "@/components/sign-up-form";
import { redirect } from "next/navigation";
export default function Page() {
return (
<div className="flex min-h-svh w-full items-center justify-center p-6 md:p-10">
<div className="w-full max-w-sm">
<SignUpForm />
</div>
</div>
);
export default function SignUpPage() {
redirect("/auth/login");
}

View File

@@ -21,9 +21,6 @@ export async function AuthButton() {
<Button asChild size="sm" variant={"outline"}>
<Link href="/auth/login">Sign in</Link>
</Button>
<Button asChild size="sm" variant={"default"}>
<Link href="/auth/sign-up">Sign up</Link>
</Button>
</div>
);
}

View File

@@ -83,21 +83,12 @@ export function LoginForm({
onChange={(e) => setPassword(e.target.value)}
/>
</div>
{error && <p className="text-sm text-red-500">{error}</p>}
<Button type="submit" className="w-full" disabled={isLoading}>
{isLoading ? "Logging in..." : "Login"}
</Button>
</div>
<div className="mt-4 text-center text-sm">
Don&apos;t have an account?{" "}
<Link
href="/auth/sign-up"
className="underline underline-offset-4"
>
Sign up
</Link>
</div>
</form>
{error && <p className="text-sm text-red-500">{error}</p>}
<Button type="submit" className="w-full" disabled={isLoading}>
{isLoading ? "Logging in..." : "Login"}
</Button>
</div>
</form>
</CardContent>
</Card>
</div>

View File

@@ -5,30 +5,33 @@ import { headers } from 'next/headers'
export async function signIn(email: string, password: string) {
const supabase = await createClient()
const { error } = await supabase.auth.signInWithPassword({
const { data, error } = await supabase.auth.signInWithPassword({
email,
password,
})
if (error) {
throw new Error(error.message)
}
const userId = data.user?.id
if (userId) {
const { data: userData, error: userError } = await supabase
.from('users')
.select('role')
.eq('id', userId)
.single()
if (userError || !userData || (userData.role !== 'partner' && userData.role !== 'admin')) {
await supabase.auth.signOut()
throw new Error("Zugriff verweigert. Nur registrierte Partner dürfen sich anmelden.")
}
}
return { success: true }
}
export async function signUp(email: string, password: string) {
const supabase = await createClient()
const origin = (await headers()).get('origin') || ''
const { error } = await supabase.auth.signUp({
email,
password,
options: {
emailRedirectTo: `${origin}/protected`,
},
})
if (error) {
throw new Error(error.message)
}
return { success: true }
throw new Error("Registrierung ist deaktiviert.")
}
export async function signOut() {