72 lines
No EOL
2.8 KiB
TypeScript
72 lines
No EOL
2.8 KiB
TypeScript
import { cookies } from "next/headers";
|
|
import { NextResponse } from "next/server";
|
|
import { createRouteHandlerClient } from "@supabase/auth-helpers-nextjs";
|
|
import { createClient } from "@supabase/supabase-js";
|
|
|
|
export async function POST(req: Request) {
|
|
try {
|
|
const { email } = await req.json();
|
|
if (!email) return new NextResponse("Email requis", { status: 400 });
|
|
|
|
const srv = createClient(
|
|
process.env.NEXT_PUBLIC_SUPABASE_URL!,
|
|
process.env.SUPABASE_SERVICE_ROLE_KEY!,
|
|
{ auth: { autoRefreshToken: false, persistSession: false } }
|
|
);
|
|
|
|
// 1) Retrouver le user par email pour savoir si c'est un Staff
|
|
const { data: users, error: listErr } = await (srv.auth.admin as any).listUsers();
|
|
if (listErr) return new NextResponse(listErr.message, { status: 500 });
|
|
const user = (users?.users || []).find(
|
|
(u: any) => (u.email || "").toLowerCase() === String(email).toLowerCase()
|
|
);
|
|
|
|
let isStaff = false;
|
|
if (user?.id) {
|
|
const { data: su } = await srv
|
|
.from("staff_users")
|
|
.select("is_staff")
|
|
.eq("user_id", user.id)
|
|
.maybeSingle();
|
|
isStaff = !!su?.is_staff;
|
|
}
|
|
|
|
if (!isStaff) {
|
|
// 2) Si pas Staff, vérifier qu'il a bien une org active (non révoquée)
|
|
const { data: ok, error: rpcErr } = await srv.rpc("user_has_active_org", { p_email: email });
|
|
if (rpcErr) return new NextResponse(rpcErr.message, { status: 500 });
|
|
if (!ok) return new NextResponse("revoked", { status: 403 });
|
|
}
|
|
|
|
// 3) Envoyer l'OTP avec détection automatique de l'URL
|
|
const supabase = createRouteHandlerClient({ cookies });
|
|
|
|
// Détecter automatiquement l'URL de base selon la requête (évite les soucis de sous-domaine)
|
|
const getBaseUrl = (req: Request) => {
|
|
try {
|
|
// 1) Privilégier les en-têtes proxy
|
|
const proto = req.headers.get('x-forwarded-proto') || 'https';
|
|
const host = req.headers.get('x-forwarded-host') || req.headers.get('host');
|
|
if (host) return `${proto}://${host}`;
|
|
} catch {}
|
|
// 2) Variable d'env explicite
|
|
if (process.env.NEXT_PUBLIC_SITE_URL) return process.env.NEXT_PUBLIC_SITE_URL;
|
|
// 3) Vercel fallback
|
|
if (process.env.VERCEL_URL) return `https://${process.env.VERCEL_URL}`;
|
|
// 4) Local dev
|
|
return "http://localhost:3000";
|
|
};
|
|
|
|
const origin = getBaseUrl(req);
|
|
console.log('[send-code] Using redirect origin:', origin);
|
|
const { error } = await supabase.auth.signInWithOtp({
|
|
email,
|
|
options: { shouldCreateUser: false, emailRedirectTo: `${origin}/auth/callback` },
|
|
});
|
|
if (error) return new NextResponse(error.message, { status: 400 });
|
|
|
|
return NextResponse.json({ ok: true });
|
|
} catch (e: any) {
|
|
return new NextResponse(e?.message || "Internal Server Error", { status: 500 });
|
|
}
|
|
} |