@create-lft-app/nextjs 3.1.0 → 3.3.0

package/template/src/lib/date/index.ts

@@ -1,7 +1,14 @@
-export { dayjs, setDefaultTimezone } from './config'
+export {
+  dayjs,
+  setDefaultTimezone,
+  DEFAULT_LOCALE,
+  DEFAULT_TIMEZONE,
+  DEFAULT_CURRENCY,
+} from './config'
 export {
   formatDate,
   formatDateLong,
+  formatDateShort,
   formatTime,
   formatTimeWithSeconds,
   formatDateTime,

package/template/src/lib/supabase/admin.ts

@@ -0,0 +1,23 @@
+import { createClient } from '@supabase/supabase-js'
+
+const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!
+const secretKey = process.env.SUPABASE_SECRET_DEFAULT_KEY!
+
+/**
+ * Cliente admin para operaciones que requieren privilegios elevados.
+ * Usa la nueva Secret Key de Supabase (sb_secret_...).
+ * SOLO usar en server-side (actions, API routes).
+ * NUNCA exponer en el cliente.
+ */
+export function createAdminClient() {
+  if (!secretKey) {
+    throw new Error('SUPABASE_SECRET_DEFAULT_KEY is not defined')
+  }
+
+  return createClient(supabaseUrl, secretKey, {
+    auth: {
+      autoRefreshToken: false,
+      persistSession: false,
+    },
+  })
+}

package/template/src/lib/supabase/proxy.ts

@@ -46,7 +46,7 @@ export async function updateSession(request: NextRequest) {
   // Define route protection
   const pathname = request.nextUrl.pathname
 
-  const protectedPaths = ['/dashboard', '/users', '/settings', '/reports']
+  const protectedPaths = ['/dashboard', '/users', '/reports']
   const publicOnlyPaths = ['/login', '/register']
 
   const isProtectedPath = protectedPaths.some((path) => pathname.startsWith(path))

package/template/src/modules/users/actions/users-actions.ts

@@ -1,41 +1,54 @@
 'use server'
 
 import { createClient } from '@/lib/supabase/server'
-import { createUserSchema, updateUserSchema, type CreateUserInput, type UpdateUserInput } from '../schemas/users.schema'
-
+import { createAdminClient } from '@/lib/supabase/admin'
+import {
+  createAuthUserSchema,
+  updateAuthUserSchema,
+  type CreateAuthUserInput,
+  type UpdateAuthUserInput,
+} from '../schemas/users.schema'
+import { mapAuthUserToUser, mapAuthUsersToUsers } from '../utils/user-mapper'
+
+/**
+ * Obtiene todos los usuarios desde auth.users
+ */
 export async function getUsers() {
   const supabase = await createClient()
   const { data: { user } } = await supabase.auth.getUser()
 
   if (!user) throw new Error('Unauthorized')
 
-  const { data, error } = await supabase
-    .from('users')
-    .select('*')
-    .order('created_at', { ascending: false })
+  const adminClient = createAdminClient()
+  const { data, error } = await adminClient.auth.admin.listUsers()
 
   if (error) throw error
-  return data
+
+  return mapAuthUsersToUsers(data.users)
 }
 
+/**
+ * Obtiene un usuario por ID desde auth.users
+ */
 export async function getUserById(id: string) {
   const supabase = await createClient()
   const { data: { user } } = await supabase.auth.getUser()
 
   if (!user) throw new Error('Unauthorized')
 
-  const { data, error } = await supabase
-    .from('users')
-    .select('*')
-    .eq('id', id)
-    .single()
+  const adminClient = createAdminClient()
+  const { data, error } = await adminClient.auth.admin.getUserById(id)
 
   if (error) throw error
-  return data
+
+  return mapAuthUserToUser(data.user)
 }
 
-export async function createUser(input: CreateUserInput) {
-  const parsed = createUserSchema.safeParse(input)
+/**
+ * Crea un nuevo usuario en auth.users
+ */
+export async function createUser(input: CreateAuthUserInput) {
+  const parsed = createAuthUserSchema.safeParse(input)
 
   if (!parsed.success) {
     throw new Error(parsed.error.errors[0].message)
@@ -46,18 +59,36 @@ export async function createUser(input: CreateUserInput) {
 
   if (!user) throw new Error('Unauthorized')
 
-  const { data, error } = await supabase
-    .from('users')
-    .insert(parsed.data)
-    .select()
-    .single()
+  const adminClient = createAdminClient()
+
+  const { data, error } = await adminClient.auth.admin.createUser({
+    email: parsed.data.email,
+    password: parsed.data.password,
+    email_confirm: !parsed.data.send_invite,
+    app_metadata: {
+      role: parsed.data.role,
+    },
+    user_metadata: {
+      name: parsed.data.name,
+      avatar_url: parsed.data.avatar_url ?? null,
+    },
+  })
 
   if (error) throw error
-  return data
+
+  // Enviar email de invitación si se solicita y no se proporcionó password
+  if (parsed.data.send_invite && !parsed.data.password) {
+    await adminClient.auth.admin.inviteUserByEmail(parsed.data.email)
+  }
+
+  return mapAuthUserToUser(data.user)
 }
 
-export async function updateUser(id: string, input: UpdateUserInput) {
-  const parsed = updateUserSchema.safeParse(input)
+/**
+ * Actualiza un usuario en auth.users
+ */
+export async function updateUser(id: string, input: UpdateAuthUserInput) {
+  const parsed = updateAuthUserSchema.safeParse(input)
 
   if (!parsed.success) {
     throw new Error(parsed.error.errors[0].message)
@@ -68,27 +99,68 @@ export async function updateUser(id: string, input: UpdateUserInput) {
 
   if (!user) throw new Error('Unauthorized')
 
-  const { data, error } = await supabase
-    .from('users')
-    .update(parsed.data)
-    .eq('id', id)
-    .select()
-    .single()
+  const adminClient = createAdminClient()
+
+  // Obtener usuario actual para merge de metadata
+  const { data: currentUser, error: fetchError } = await adminClient.auth.admin.getUserById(id)
+
+  if (fetchError) throw fetchError
+  if (!currentUser.user) throw new Error('User not found')
+
+  const updatePayload: Parameters<typeof adminClient.auth.admin.updateUserById>[1] = {}
+
+  if (parsed.data.email) {
+    updatePayload.email = parsed.data.email
+  }
+
+  if (parsed.data.password) {
+    updatePayload.password = parsed.data.password
+  }
+
+  // Merge app_metadata (solo role)
+  if (parsed.data.role) {
+    updatePayload.app_metadata = {
+      ...currentUser.user.app_metadata,
+      role: parsed.data.role,
+    }
+  }
+
+  // Merge user_metadata
+  const hasUserMetadataChanges =
+    parsed.data.name !== undefined ||
+    parsed.data.avatar_url !== undefined
+
+  if (hasUserMetadataChanges) {
+    updatePayload.user_metadata = {
+      ...currentUser.user.user_metadata,
+      ...(parsed.data.name !== undefined && { name: parsed.data.name }),
+      ...(parsed.data.avatar_url !== undefined && { avatar_url: parsed.data.avatar_url }),
+    }
+  }
+
+  const { data, error } = await adminClient.auth.admin.updateUserById(id, updatePayload)
 
   if (error) throw error
-  return data
+
+  return mapAuthUserToUser(data.user)
 }
 
+/**
+ * Elimina un usuario de auth.users
+ */
 export async function deleteUser(id: string) {
   const supabase = await createClient()
   const { data: { user } } = await supabase.auth.getUser()
 
   if (!user) throw new Error('Unauthorized')
 
-  const { error } = await supabase
-    .from('users')
-    .delete()
-    .eq('id', id)
+  // Prevenir auto-eliminación
+  if (user.id === id) {
+    throw new Error('No puedes eliminar tu propio usuario')
+  }
+
+  const adminClient = createAdminClient()
+  const { error } = await adminClient.auth.admin.deleteUser(id)
 
   if (error) throw error
 }

package/template/src/modules/users/columns.tsx

@@ -12,7 +12,12 @@ import {
   DropdownMenuTrigger,
 } from '@/components/ui/dropdown-menu'
 import { DataTableColumnHeader } from '@/components/tables/data-table-column-header'
+import { dateRangeFilterFn } from '@/components/tables/data-table-date-filter'
+// numberRangeFilterFn disponible para campos numéricos: import { numberRangeFilterFn } from '@/components/tables/data-table-number-filter'
+import { formatDate } from '@/lib/date'
+import { ROLE_LABELS } from '@/config/roles'
 import type { User } from './schemas/users.schema'
+import type { UserRole } from '@/config/roles'
 
 export const columns: ColumnDef<User>[] = [
   {
@@ -33,13 +38,11 @@ export const columns: ColumnDef<User>[] = [
       <DataTableColumnHeader column={column} title="Rol" />
     ),
     cell: ({ row }) => {
-      const role = row.getValue('role') as string
-      const labels: Record<string, string> = {
-        admin: 'Administrador',
-        user: 'Usuario',
-        viewer: 'Visualizador',
-      }
-      return labels[role] ?? role
+      const role = row.getValue('role') as UserRole
+      return ROLE_LABELS[role] ?? role
+    },
+    filterFn: (row, id, value) => {
+      return value.includes(row.getValue(id))
     },
   },
   {
@@ -48,10 +51,27 @@ export const columns: ColumnDef<User>[] = [
       <DataTableColumnHeader column={column} title="Creado" />
     ),
     cell: ({ row }) => {
-      const date = new Date(row.getValue('created_at'))
-      return date.toLocaleDateString('es-ES')
+      return formatDate(row.getValue('created_at'))
     },
+    filterFn: dateRangeFilterFn,
   },
+  // Ejemplo de columna numérica con filtro de rango:
+  // import { DEFAULT_LOCALE, DEFAULT_CURRENCY } from '@/lib/date'
+  // {
+  //   accessorKey: 'balance',
+  //   header: ({ column }) => (
+  //     <DataTableColumnHeader column={column} title="Balance" />
+  //   ),
+  //   cell: ({ row }) => {
+  //     const balance = row.getValue('balance') as number | undefined
+  //     if (balance === undefined || balance === null) return '-'
+  //     return new Intl.NumberFormat(DEFAULT_LOCALE, {
+  //       style: 'currency',
+  //       currency: DEFAULT_CURRENCY,
+  //     }).format(balance)
+  //   },
+  //   filterFn: numberRangeFilterFn,
+  // },
   {
     id: 'actions',
     cell: ({ row }) => {

package/template/src/modules/users/components/users-list.tsx

@@ -1,9 +1,33 @@
 'use client'
 
-import { DataTable } from '@/components/tables/data-table'
+import { DataTable, type FilterConfig } from '@/components/tables/data-table'
+import { ROLE_OPTIONS } from '@/config/roles'
 import { useUsers } from '../hooks/useUsers'
 import { columns } from '../columns'
 
+// Configuración de filtros para la tabla de usuarios
+const filters: FilterConfig[] = [
+  {
+    columnId: 'role',
+    type: 'faceted',
+    title: 'Rol',
+    options: ROLE_OPTIONS,
+  },
+  {
+    columnId: 'created_at',
+    type: 'date-range',
+    title: 'Fecha',
+  },
+  // Ejemplo de filtro numérico (rango):
+  // {
+  //   columnId: 'balance',
+  //   type: 'number-range',
+  //   title: 'Balance',
+  //   format: 'currency',
+  //   currencySymbol: '$',
+  // },
+]
+
 export function UsersList() {
   const { users, isLoading } = useUsers()
 
@@ -17,6 +41,8 @@ export function UsersList() {
       data={users}
       searchKey="name"
       searchPlaceholder="Buscar por nombre..."
+      filters={filters}
+      filterMode="inline"
     />
   )
 }

package/template/src/modules/users/hooks/useUsersMutations.ts

@@ -4,13 +4,13 @@ import { useMutation, useQueryClient } from '@tanstack/react-query'
 import { toast } from 'sonner'
 import { createUser, updateUser, deleteUser } from '../actions/users-actions'
 import { usersKeys } from './useUsersQueries'
-import type { CreateUserInput, UpdateUserInput } from '../schemas/users.schema'
+import type { CreateAuthUserInput, UpdateAuthUserInput } from '../schemas/users.schema'
 
 export function useUsersMutations() {
   const queryClient = useQueryClient()
 
   const createMutation = useMutation({
-    mutationFn: (input: CreateUserInput) => createUser(input),
+    mutationFn: (input: CreateAuthUserInput) => createUser(input),
     onSuccess: () => {
       queryClient.invalidateQueries({ queryKey: usersKeys.lists() })
       toast.success('Usuario creado correctamente')
@@ -21,7 +21,7 @@ export function useUsersMutations() {
   })
 
   const updateMutation = useMutation({
-    mutationFn: ({ id, input }: { id: string; input: UpdateUserInput }) =>
+    mutationFn: ({ id, input }: { id: string; input: UpdateAuthUserInput }) =>
       updateUser(id, input),
     onSuccess: (_, { id }) => {
       queryClient.invalidateQueries({ queryKey: usersKeys.lists() })

package/template/src/modules/users/index.ts

@@ -5,8 +5,26 @@ export { UsersList } from './components/users-list'
 export { useUsers } from './hooks/useUsers'
 
 // Schemas
-export { userSchema, createUserSchema, updateUserSchema } from './schemas/users.schema'
-export type { User, CreateUserInput, UpdateUserInput } from './schemas/users.schema'
+export {
+  userSchema,
+  createUserSchema,
+  updateUserSchema,
+  createAuthUserSchema,
+  updateAuthUserSchema,
+} from './schemas/users.schema'
+export type {
+  User,
+  CreateUserInput,
+  UpdateUserInput,
+  CreateAuthUserInput,
+  UpdateAuthUserInput,
+} from './schemas/users.schema'
+
+// Types - Auth User types
+export type { UserRole, UserAppMetadata, UserMetadata } from './types/auth-user.types'
+
+// Utils - Mappers
+export { mapAuthUserToUser, mapAuthUsersToUsers } from './utils/user-mapper'
 
 // Columns
 export { columns as usersColumns } from './columns'

package/template/src/modules/users/schemas/users.schema.ts

@@ -1,15 +1,40 @@
 import { z } from 'zod'
+import { USER_ROLES, DEFAULT_ROLE } from '@/config/roles'
 
+// Schema de rol reutilizable
+const roleSchema = z.enum(USER_ROLES)
+
+// Schema base del usuario (estructura que devuelve el mapper)
 export const userSchema = z.object({
   id: z.string().uuid(),
   email: z.string().email(),
   name: z.string().min(1, 'El nombre es requerido'),
-  role: z.enum(['admin', 'user', 'viewer']).default('user'),
+  role: roleSchema.default(DEFAULT_ROLE),
   avatar_url: z.string().url().nullable().optional(),
   created_at: z.string().datetime(),
   updated_at: z.string().datetime(),
 })
 
+// Schema para crear usuario via Supabase Auth Admin
+export const createAuthUserSchema = z.object({
+  email: z.string().email('Email inválido'),
+  password: z.string().min(8, 'Mínimo 8 caracteres').optional(),
+  name: z.string().min(1, 'El nombre es requerido'),
+  role: roleSchema.default(DEFAULT_ROLE),
+  avatar_url: z.string().url().nullable().optional(),
+  send_invite: z.boolean().default(true),
+})
+
+// Schema para actualizar usuario via Supabase Auth Admin
+export const updateAuthUserSchema = z.object({
+  email: z.string().email('Email inválido').optional(),
+  password: z.string().min(8, 'Mínimo 8 caracteres').optional(),
+  name: z.string().min(1, 'El nombre es requerido').optional(),
+  role: roleSchema.optional(),
+  avatar_url: z.string().url().nullable().optional(),
+})
+
+// Schemas legacy (mantener compatibilidad)
 export const createUserSchema = userSchema.omit({
   id: true,
   created_at: true,
@@ -18,6 +43,9 @@ export const createUserSchema = userSchema.omit({
 
 export const updateUserSchema = createUserSchema.partial()
 
+// Types
 export type User = z.infer<typeof userSchema>
 export type CreateUserInput = z.infer<typeof createUserSchema>
 export type UpdateUserInput = z.infer<typeof updateUserSchema>
+export type CreateAuthUserInput = z.infer<typeof createAuthUserSchema>
+export type UpdateAuthUserInput = z.infer<typeof updateAuthUserSchema>

package/template/src/modules/users/types/auth-user.types.ts

@@ -0,0 +1,42 @@
+import type { User as SupabaseAuthUser } from '@supabase/supabase-js'
+import type { UserRole } from '@/config/roles'
+
+// Re-exportar desde config para mantener compatibilidad
+export type { UserRole } from '@/config/roles'
+
+export interface UserAppMetadata {
+  role: UserRole
+}
+
+export interface UserMetadata {
+  name: string
+  avatar_url?: string | null
+}
+
+export interface AuthUserWithMetadata extends SupabaseAuthUser {
+  app_metadata: UserAppMetadata
+  user_metadata: UserMetadata
+}
+
+/**
+ * Input para crear usuario via auth.admin.createUser
+ */
+export interface CreateAuthUserInput {
+  email: string
+  password?: string
+  name: string
+  role?: UserRole
+  avatar_url?: string | null
+  send_invite?: boolean
+}
+
+/**
+ * Input para actualizar usuario via auth.admin.updateUserById
+ */
+export interface UpdateAuthUserInput {
+  email?: string
+  password?: string
+  name?: string
+  role?: UserRole
+  avatar_url?: string | null
+}

package/template/src/modules/users/utils/user-mapper.ts

@@ -0,0 +1,32 @@
+import type { User as SupabaseAuthUser } from '@supabase/supabase-js'
+import type { User } from '../schemas/users.schema'
+import { DEFAULT_ROLE, type UserRole } from '@/config/roles'
+
+/**
+ * Mapea un usuario de auth.users al tipo User de la aplicación.
+ * Extrae datos de app_metadata (role) y user_metadata (name, avatar_url).
+ */
+export function mapAuthUserToUser(authUser: SupabaseAuthUser): User {
+  const appMetadata = authUser.app_metadata as { role?: UserRole } | undefined
+  const userMetadata = authUser.user_metadata as {
+    name?: string
+    avatar_url?: string | null
+  } | undefined
+
+  return {
+    id: authUser.id,
+    email: authUser.email ?? '',
+    name: userMetadata?.name ?? '',
+    role: appMetadata?.role ?? DEFAULT_ROLE,
+    avatar_url: userMetadata?.avatar_url ?? null,
+    created_at: authUser.created_at ?? new Date().toISOString(),
+    updated_at: authUser.updated_at ?? new Date().toISOString(),
+  }
+}
+
+/**
+ * Mapea array de usuarios de auth.users al tipo User[]
+ */
+export function mapAuthUsersToUsers(authUsers: SupabaseAuthUser[]): User[] {
+  return authUsers.map(mapAuthUserToUser)
+}