'use server' import { createClient } from '@/lib/supabase/server' import { headers } from 'next/headers' export async function signIn(email: string, password: string) { const supabase = await createClient() const { data, error } = await supabase.auth.signInWithPassword({ email, password, }) if (error) { throw new Error(error.message) } const userId = data.user?.id if (userId) { const { data: userData, error: userError } = await supabase .from('users') .select('role') .eq('id', userId) .single() if (userError || !userData || (userData.role !== 'partner' && userData.role !== 'admin')) { await supabase.auth.signOut() throw new Error("Zugriff verweigert. Nur registrierte Partner dürfen sich anmelden.") } // Andere aktive Sitzungen beenden await supabase.auth.signOut({ scope: 'others' }) return { success: true, role: userData.role } } return { success: true, role: 'partner' } } export async function signUp(email: string, password: string) { throw new Error("Registrierung ist deaktiviert.") } export async function signOut() { const supabase = await createClient() const { error } = await supabase.auth.signOut() if (error) { throw new Error(error.message) } return { success: true } } export async function resetPassword(email: string) { const supabase = await createClient() const origin = (await headers()).get('origin') || '' const { error } = await supabase.auth.resetPasswordForEmail(email, { redirectTo: `${origin}/auth/update-password`, }) if (error) { throw new Error(error.message) } return { success: true } } export async function updatePassword(password: string) { const supabase = await createClient() const { error } = await supabase.auth.updateUser({ password }) if (error) { throw new Error(error.message) } return { success: true } }