npm - @rensblitz/customer-instant-feedback-app - Versions diffs - 3.0.2 → 3.1.0 - Mend

@rensblitz/customer-instant-feedback-app 3.0.2 → 3.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/README.md +15 -17
package/dist/customer-instant-feedback.js +1591 -1608
package/dist/customer-instant-feedback.umd.cjs +15 -15
package/dist/feedback/FeedbackAuthContext.d.ts +0 -1
package/dist/feedback/FeedbackReviewPage.d.ts +1 -1
package/dist/feedback/supabase.d.ts +1 -1
package/migrations/rls_central.sql +13 -5
package/package.json +1 -1
package/supabase/config.toml +5 -0
package/supabase/functions/README.md +4 -0
package/supabase/functions/create-reviewer/index.ts +0 -110
package/supabase/functions/delete-reviewer/index.ts +0 -111

package/dist/feedback/FeedbackAuthContext.d.ts CHANGED Viewed

@@ -9,7 +9,6 @@ interface FeedbackAuthContextValue {
     session: Session | null;
     user: User | null;
     isReviewer: boolean;
-    isAdmin: boolean;
     reviewerProjects: ReviewerProject[];
     loading: boolean;
     hasAccessToProject: (projectId: string) => boolean;

package/dist/feedback/FeedbackReviewPage.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 interface FeedbackReviewPageProps {
-    /** Host app’s default project (public id: `short-code_uuid`). Admins may override via `?project=` on `/feedback`. */
+    /** Host app's project (public id: `short-code_uuid`). */
     projectId: string;
 }
 export declare function FeedbackReviewPage({ projectId }: FeedbackReviewPageProps): import("react/jsx-runtime").JSX.Element | null;

package/dist/feedback/supabase.d.ts CHANGED Viewed

@@ -22,7 +22,7 @@ export interface DbFeedbackItem {
     comment: string;
     screenshot?: string;
     project_id?: string;
-    reviewer_id?: string;
+    stakeholder_id?: string;
 }
 export declare function toDbItem(item: FeedbackItem): DbFeedbackItem;
 export declare function fromDbItem(dbItem: DbFeedbackItem): FeedbackItem;

package/migrations/rls_central.sql CHANGED Viewed

@@ -100,10 +100,12 @@ drop policy if exists "Reviewers can insert feedback for their project" on publi
 create policy "Reviewers can insert feedback for their project"
 on public.feedback_items for insert
 with check (
-  public.reviewer_has_project(project_id)
+  public.reviewer_has_project(feedback_items.project_id)
   and exists (
     select 1 from public.reviewers r
-    where r.id = reviewer_id and r.user_id = auth.uid() and r.project_id = project_id
+    where r.id = feedback_items.reviewer_id
+      and r.user_id = auth.uid()
+      and r.project_id = feedback_items.project_id
   )
 );
@@ -115,13 +117,17 @@ on public.feedback_items for update
 using (
   exists (
     select 1 from public.reviewers r
-    where r.id = reviewer_id and r.user_id = auth.uid() and r.project_id = project_id
+    where r.id = feedback_items.reviewer_id
+      and r.user_id = auth.uid()
+      and r.project_id = feedback_items.project_id
   )
 )
 with check (
   exists (
     select 1 from public.reviewers r
-    where r.id = reviewer_id and r.user_id = auth.uid() and r.project_id = project_id
+    where r.id = feedback_items.reviewer_id
+      and r.user_id = auth.uid()
+      and r.project_id = feedback_items.project_id
   )
 );
@@ -131,6 +137,8 @@ on public.feedback_items for delete
 using (
   exists (
     select 1 from public.reviewers r
-    where r.id = reviewer_id and r.user_id = auth.uid()
+    where r.id = feedback_items.reviewer_id
+      and r.user_id = auth.uid()
+      and r.project_id = feedback_items.project_id
   )
 );

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@rensblitz/customer-instant-feedback-app",
-  "version": "3.0.2",
+  "version": "3.1.0",
   "description": "A React component library for collecting user feedback with screenshots and annotations",
   "author": "Rens Blitz",
   "license": "MIT",

package/supabase/config.toml ADDED Viewed

@@ -0,0 +1,5 @@
+# Supabase CLI: ./functions is legacy (empty); reviewer APIs live in projectinablitz-backend.
+# Project ref is passed via --project-ref in scripts/CI (SUPABASE_PROJECT_REF).
+[api]
+enabled = true

package/supabase/functions/README.md ADDED Viewed

@@ -0,0 +1,4 @@
+# Supabase Edge Functions (removed)
+`create-reviewer` and `delete-reviewer` were removed. Reviewer provisioning now runs in
+`apps/projectinablitz-backend` (Spring Boot) using the Supabase Auth Admin API and the Postgres `reviewers` table.

package/supabase/functions/create-reviewer/index.ts DELETED Viewed

@@ -1,110 +0,0 @@
-import { createClient } from 'https://esm.sh/@supabase/supabase-js@2';
-const corsHeaders = {
-  'Access-Control-Allow-Origin': '*',
-  'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type',
-};
-interface CreateReviewerBody {
-  email: string;
-  password: string;
-  projectId: string;
-}
-Deno.serve(async (req) => {
-  if (req.method === 'OPTIONS') {
-    return new Response('ok', { headers: corsHeaders });
-  }
-  try {
-    const authHeader = req.headers.get('Authorization');
-    if (!authHeader) {
-      return new Response(
-        JSON.stringify({ error: 'Missing Authorization header' }),
-        { status: 401, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
-      );
-    }
-    const supabaseUrl = Deno.env.get('SUPABASE_URL') ?? '';
-    const supabaseServiceKey = Deno.env.get('SUPABASE_SERVICE_ROLE_KEY') ?? '';
-    const supabase = createClient(supabaseUrl, supabaseServiceKey);
-    const anonClient = createClient(supabaseUrl, Deno.env.get('SUPABASE_ANON_KEY') ?? '', {
-      global: { headers: { Authorization: authHeader } },
-    });
-    const { data: { user: caller } } = await anonClient.auth.getUser();
-    if (!caller) {
-      return new Response(
-        JSON.stringify({ error: 'Not authenticated' }),
-        { status: 401, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
-      );
-    }
-    const { data: adminRow } = await supabase
-      .from('admins')
-      .select('id')
-      .eq('user_id', caller.id)
-      .maybeSingle();
-    if (!adminRow) {
-      return new Response(
-        JSON.stringify({ error: 'Admin access required' }),
-        { status: 403, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
-      );
-    }
-    const body = (await req.json()) as CreateReviewerBody;
-    const { email, password, projectId } = body;
-    if (!email?.trim() || !password || !projectId) {
-      return new Response(
-        JSON.stringify({ error: 'email, password, and projectId are required' }),
-        { status: 400, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
-      );
-    }
-    const { data: newUser, error: createError } = await supabase.auth.admin.createUser({
-      email: email.trim(),
-      password,
-      email_confirm: true,
-    });
-    if (createError) {
-      return new Response(
-        JSON.stringify({ error: createError.message }),
-        { status: 400, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
-      );
-    }
-    if (!newUser.user) {
-      return new Response(
-        JSON.stringify({ error: 'Failed to create user' }),
-        { status: 500, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
-      );
-    }
-    const { error: insertError } = await supabase.from('reviewers').insert({
-      user_id: newUser.user.id,
-      project_id: projectId,
-    });
-    if (insertError) {
-      await supabase.auth.admin.deleteUser(newUser.user.id);
-      return new Response(
-        JSON.stringify({ error: insertError.message }),
-        { status: 400, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
-      );
-    }
-    return new Response(
-      JSON.stringify({ userId: newUser.user.id }),
-      { status: 200, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
-    );
-  } catch (err) {
-    return new Response(
-      JSON.stringify({ error: err instanceof Error ? err.message : 'Internal error' }),
-      { status: 500, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
-    );
-  }
-});

package/supabase/functions/delete-reviewer/index.ts DELETED Viewed

@@ -1,111 +0,0 @@
-import { createClient } from 'https://esm.sh/@supabase/supabase-js@2';
-const corsHeaders = {
-  'Access-Control-Allow-Origin': '*',
-  'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type',
-};
-interface DeleteReviewerBody {
-  reviewerId: string;
-}
-Deno.serve(async (req) => {
-  if (req.method === 'OPTIONS') {
-    return new Response('ok', { headers: corsHeaders });
-  }
-  try {
-    const authHeader = req.headers.get('Authorization');
-    if (!authHeader) {
-      return new Response(
-        JSON.stringify({ error: 'Missing Authorization header' }),
-        { status: 401, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
-      );
-    }
-    const supabaseUrl = Deno.env.get('SUPABASE_URL') ?? '';
-    const supabaseServiceKey = Deno.env.get('SUPABASE_SERVICE_ROLE_KEY') ?? '';
-    const supabase = createClient(supabaseUrl, supabaseServiceKey);
-    const anonClient = createClient(supabaseUrl, Deno.env.get('SUPABASE_ANON_KEY') ?? '', {
-      global: { headers: { Authorization: authHeader } },
-    });
-    const { data: { user: caller } } = await anonClient.auth.getUser();
-    if (!caller) {
-      return new Response(
-        JSON.stringify({ error: 'Not authenticated' }),
-        { status: 401, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
-      );
-    }
-    const { data: adminRow } = await supabase
-      .from('admins')
-      .select('id')
-      .eq('user_id', caller.id)
-      .maybeSingle();
-    if (!adminRow) {
-      return new Response(
-        JSON.stringify({ error: 'Admin access required' }),
-        { status: 403, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
-      );
-    }
-    const body = (await req.json()) as DeleteReviewerBody;
-    const { reviewerId } = body;
-    if (!reviewerId) {
-      return new Response(
-        JSON.stringify({ error: 'reviewerId is required' }),
-        { status: 400, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
-      );
-    }
-    const { data: reviewer, error: fetchError } = await supabase
-      .from('reviewers')
-      .select('user_id')
-      .eq('id', reviewerId)
-      .maybeSingle();
-    if (fetchError || !reviewer) {
-      return new Response(
-        JSON.stringify({ error: fetchError?.message ?? 'Reviewer not found' }),
-        { status: 404, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
-      );
-    }
-    const { error: deleteReviewerError } = await supabase
-      .from('reviewers')
-      .delete()
-      .eq('id', reviewerId);
-    if (deleteReviewerError) {
-      return new Response(
-        JSON.stringify({ error: deleteReviewerError.message }),
-        { status: 400, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
-      );
-    }
-    const { error: deleteUserError } = await supabase.auth.admin.deleteUser(reviewer.user_id);
-    if (deleteUserError) {
-      return new Response(
-        JSON.stringify({
-          error: 'Reviewer row removed but failed to delete auth user: ' + deleteUserError.message,
-        }),
-        { status: 500, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
-      );
-    }
-    return new Response(
-      JSON.stringify({ success: true }),
-      { status: 200, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
-    );
-  } catch (err) {
-    return new Response(
-      JSON.stringify({ error: err instanceof Error ? err.message : 'Internal error' }),
-      { status: 500, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
-    );
-  }
-});