From bdbf840529114e03afb4afc8d3f280a591b84ec9 Mon Sep 17 00:00:00 2001 From: DanielS Date: Tue, 23 Jun 2026 23:59:22 +0200 Subject: [PATCH] feat: lock down registration and enforce partner-only logins --- shop/app/auth/sign-up/page.tsx | 12 +++--------- shop/components/auth-button.tsx | 3 --- shop/components/login-form.tsx | 21 ++++++--------------- shop/lib/actions/auth.ts | 31 +++++++++++++++++-------------- 4 files changed, 26 insertions(+), 41 deletions(-) diff --git a/shop/app/auth/sign-up/page.tsx b/shop/app/auth/sign-up/page.tsx index d5dca78..ddc9897 100644 --- a/shop/app/auth/sign-up/page.tsx +++ b/shop/app/auth/sign-up/page.tsx @@ -1,11 +1,5 @@ -import { SignUpForm } from "@/components/sign-up-form"; +import { redirect } from "next/navigation"; -export default function Page() { - return ( -
-
- -
-
- ); +export default function SignUpPage() { + redirect("/auth/login"); } diff --git a/shop/components/auth-button.tsx b/shop/components/auth-button.tsx index 29f696c..66c77e7 100644 --- a/shop/components/auth-button.tsx +++ b/shop/components/auth-button.tsx @@ -21,9 +21,6 @@ export async function AuthButton() { - ); } diff --git a/shop/components/login-form.tsx b/shop/components/login-form.tsx index 2de7898..0304324 100644 --- a/shop/components/login-form.tsx +++ b/shop/components/login-form.tsx @@ -83,21 +83,12 @@ export function LoginForm({ onChange={(e) => setPassword(e.target.value)} /> - {error &&

{error}

} - - -
- Don't have an account?{" "} - - Sign up - -
- + {error &&

{error}

} + + + diff --git a/shop/lib/actions/auth.ts b/shop/lib/actions/auth.ts index d555cd2..545d49d 100644 --- a/shop/lib/actions/auth.ts +++ b/shop/lib/actions/auth.ts @@ -5,30 +5,33 @@ import { headers } from 'next/headers' export async function signIn(email: string, password: string) { const supabase = await createClient() - const { error } = await supabase.auth.signInWithPassword({ + const { data, error } = await supabase.auth.signInWithPassword({ email, password, }) if (error) { throw new Error(error.message) } + + const userId = data.user?.id + if (userId) { + const { data: userData, error: userError } = await supabase + .from('users') + .select('role') + .eq('id', userId) + .single() + + if (userError || !userData || (userData.role !== 'partner' && userData.role !== 'admin')) { + await supabase.auth.signOut() + throw new Error("Zugriff verweigert. Nur registrierte Partner dürfen sich anmelden.") + } + } + return { success: true } } export async function signUp(email: string, password: string) { - const supabase = await createClient() - const origin = (await headers()).get('origin') || '' - const { error } = await supabase.auth.signUp({ - email, - password, - options: { - emailRedirectTo: `${origin}/protected`, - }, - }) - if (error) { - throw new Error(error.message) - } - return { success: true } + throw new Error("Registrierung ist deaktiviert.") } export async function signOut() {