Next.js Supabase V3 (#463)

Version 3 of the kit: - Radix UI replaced with Base UI (using the Shadcn UI patterns) - next-intl replaces react-i18next - enhanceAction deprecated; usage moved to next-safe-action - main layout now wrapped with [locale] path segment - Teams only mode - Layout updates - Zod v4 - Next.js 16.2 - Typescript 6 - All other dependencies updated - Removed deprecated Edge CSRF - Dynamic Github Action runner
2026-03-24 13:40:38 +08:00
parent 4912e402a3
commit 7ebff31475
840 changed files with 71395 additions and 20095 deletions
--- a/packages/features/team-accounts/src/server/actions/create-team-account-server-actions.ts
+++ b/packages/features/team-accounts/src/server/actions/create-team-account-server-actions.ts
@@ -1,18 +1,17 @@
 'use server';

-import 'server-only';
-
 import { redirect } from 'next/navigation';

-import { enhanceAction } from '@kit/next/actions';
+import { authActionClient } from '@kit/next/safe-action';
 import { getLogger } from '@kit/shared/logger';

 import { CreateTeamSchema } from '../../schema/create-team.schema';
 import { createAccountCreationPolicyEvaluator } from '../policies';
 import { createCreateTeamAccountService } from '../services/create-team-account.service';

-export const createTeamAccountAction = enhanceAction(
-  async ({ name, slug }, user) => {
+export const createTeamAccountAction = authActionClient
+  .inputSchema(CreateTeamSchema)
+  .action(async ({ parsedInput: { name, slug }, ctx: { user } }) => {
    const logger = await getLogger();
    const service = createCreateTeamAccountService();

@@ -61,7 +60,7 @@ export const createTeamAccountAction = enhanceAction(
    if (error === 'duplicate_slug') {
      return {
        error: true,
-        message: 'teams:duplicateSlugError',
+        message: 'teams.duplicateSlugError',
      };
    }

@@ -70,8 +69,4 @@ export const createTeamAccountAction = enhanceAction(
    const accountHomePath = '/home/' + data.slug;

    redirect(accountHomePath);
-  },
-  {
-    schema: CreateTeamSchema,
-  },
-);
+  });
--- a/packages/features/team-accounts/src/server/actions/delete-team-account-server-actions.ts
+++ b/packages/features/team-accounts/src/server/actions/delete-team-account-server-actions.ts
@@ -1,10 +1,11 @@
 'use server';

+import { revalidatePath } from 'next/cache';
 import { redirect } from 'next/navigation';

 import type { SupabaseClient } from '@supabase/supabase-js';

-import { enhanceAction } from '@kit/next/actions';
+import { authActionClient } from '@kit/next/safe-action';
 import { createOtpApi } from '@kit/otp';
 import { getLogger } from '@kit/shared/logger';
 import type { Database } from '@kit/supabase/database';
@@ -16,14 +17,11 @@ import { createDeleteTeamAccountService } from '../services/delete-team-account.
 const enableTeamAccountDeletion =
  process.env.NEXT_PUBLIC_ENABLE_TEAM_ACCOUNTS_DELETION === 'true';

-export const deleteTeamAccountAction = enhanceAction(
-  async (formData: FormData, user) => {
+export const deleteTeamAccountAction = authActionClient
+  .inputSchema(DeleteTeamAccountSchema)
+  .action(async ({ parsedInput: params, ctx: { user } }) => {
    const logger = await getLogger();

-    const params = DeleteTeamAccountSchema.parse(
-      Object.fromEntries(formData.entries()),
-    );
-
    const otpService = createOtpApi(getSupabaseServerClient());

    const otpResult = await otpService.verifyToken({
@@ -57,12 +55,9 @@ export const deleteTeamAccountAction = enhanceAction(

    logger.info(ctx, `Team account request successfully sent`);

-    return redirect('/home');
-  },
-  {
-    auth: true,
-  },
-);
+    revalidatePath('/');
+    redirect('/home');
+  });

 async function deleteTeamAccount(params: {
  accountId: string;
--- a/packages/features/team-accounts/src/server/actions/leave-team-account-server-actions.ts
+++ b/packages/features/team-accounts/src/server/actions/leave-team-account-server-actions.ts
@@ -3,17 +3,15 @@
 import { revalidatePath } from 'next/cache';
 import { redirect } from 'next/navigation';

-import { enhanceAction } from '@kit/next/actions';
+import { authActionClient } from '@kit/next/safe-action';
 import { getSupabaseServerAdminClient } from '@kit/supabase/server-admin-client';

 import { LeaveTeamAccountSchema } from '../../schema/leave-team-account.schema';
 import { createLeaveTeamAccountService } from '../services/leave-team-account.service';

-export const leaveTeamAccountAction = enhanceAction(
-  async (formData: FormData, user) => {
-    const body = Object.fromEntries(formData.entries());
-    const params = LeaveTeamAccountSchema.parse(body);
-
+export const leaveTeamAccountAction = authActionClient
+  .inputSchema(LeaveTeamAccountSchema)
+  .action(async ({ parsedInput: params, ctx: { user } }) => {
    const service = createLeaveTeamAccountService(
      getSupabaseServerAdminClient(),
    );
@@ -25,7 +23,5 @@ export const leaveTeamAccountAction = enhanceAction(

    revalidatePath('/home/[account]', 'layout');

-    return redirect('/home');
-  },
-  {},
-);
+    redirect('/home');
+  });
--- a/packages/features/team-accounts/src/server/actions/team-details-server-actions.ts
+++ b/packages/features/team-accounts/src/server/actions/team-details-server-actions.ts
@@ -2,14 +2,15 @@

 import { redirect } from 'next/navigation';

-import { enhanceAction } from '@kit/next/actions';
+import { authActionClient } from '@kit/next/safe-action';
 import { getLogger } from '@kit/shared/logger';
 import { getSupabaseServerClient } from '@kit/supabase/server-client';

 import { UpdateTeamNameSchema } from '../../schema/update-team-name.schema';

-export const updateTeamAccountName = enhanceAction(
-  async (params) => {
+export const updateTeamAccountName = authActionClient
+  .inputSchema(UpdateTeamNameSchema)
+  .action(async ({ parsedInput: params }) => {
    const client = getSupabaseServerClient();
    const logger = await getLogger();
    const { name, path, slug, newSlug } = params;
@@ -40,7 +41,7 @@ export const updateTeamAccountName = enhanceAction(
      if (error.code === '23505') {
        return {
          success: false,
-          error: 'teams:duplicateSlugError',
+          error: 'teams.duplicateSlugError',
        };
      }

@@ -60,8 +61,4 @@ export const updateTeamAccountName = enhanceAction(
    }

    return { success: true };
-  },
-  {
-    schema: UpdateTeamNameSchema,
-  },
-);
+  });
--- a/packages/features/team-accounts/src/server/actions/team-invitations-server-actions.ts
+++ b/packages/features/team-accounts/src/server/actions/team-invitations-server-actions.ts
@@ -3,9 +3,9 @@
 import { revalidatePath } from 'next/cache';
 import { redirect } from 'next/navigation';

-import { z } from 'zod';
+import * as z from 'zod';

-import { enhanceAction } from '@kit/next/actions';
+import { authActionClient } from '@kit/next/safe-action';
 import { getLogger } from '@kit/shared/logger';
 import { Database } from '@kit/supabase/database';
 import { getSupabaseServerAdminClient } from '@kit/supabase/server-admin-client';
@@ -26,8 +26,15 @@ import { createAccountPerSeatBillingService } from '../services/account-per-seat
 * @name createInvitationsAction
 * @description Creates invitations for inviting members.
 */
-export const createInvitationsAction = enhanceAction(
-  async (params, user) => {
+export const createInvitationsAction = authActionClient
+  .inputSchema(
+    InviteMembersSchema.and(
+      z.object({
+        accountSlug: z.string().min(1),
+      }),
+    ),
+  )
+  .action(async ({ parsedInput: params, ctx: { user } }) => {
    const logger = await getLogger();

    logger.info(
@@ -116,22 +123,15 @@ export const createInvitationsAction = enhanceAction(
        success: false,
      };
    }
-  },
-  {
-    schema: InviteMembersSchema.and(
-      z.object({
-        accountSlug: z.string().min(1),
-      }),
-    ),
-  },
-);
+  });

 /**
 * @name deleteInvitationAction
 * @description Deletes an invitation specified by the invitation ID.
 */
-export const deleteInvitationAction = enhanceAction(
-  async (data) => {
+export const deleteInvitationAction = authActionClient
+  .inputSchema(DeleteInvitationSchema)
+  .action(async ({ parsedInput: data }) => {
    const client = getSupabaseServerClient();
    const service = createAccountInvitationsService(client);

@@ -143,18 +143,15 @@ export const deleteInvitationAction = enhanceAction(
    return {
      success: true,
    };
-  },
-  {
-    schema: DeleteInvitationSchema,
-  },
-);
+  });

 /**
 * @name updateInvitationAction
 * @description Updates an invitation.
 */
-export const updateInvitationAction = enhanceAction(
-  async (invitation) => {
+export const updateInvitationAction = authActionClient
+  .inputSchema(UpdateInvitationSchema)
+  .action(async ({ parsedInput: invitation }) => {
    const client = getSupabaseServerClient();
    const service = createAccountInvitationsService(client);

@@ -165,23 +162,18 @@ export const updateInvitationAction = enhanceAction(
    return {
      success: true,
    };
-  },
-  {
-    schema: UpdateInvitationSchema,
-  },
-);
+  });

 /**
 * @name acceptInvitationAction
 * @description Accepts an invitation to join a team.
 */
-export const acceptInvitationAction = enhanceAction(
-  async (data: FormData, user) => {
+export const acceptInvitationAction = authActionClient
+  .inputSchema(AcceptInvitationSchema)
+  .action(async ({ parsedInput: data, ctx: { user } }) => {
    const client = getSupabaseServerClient();

-    const { inviteToken, nextPath } = AcceptInvitationSchema.parse(
-      Object.fromEntries(data),
-    );
+    const { inviteToken, nextPath } = data;

    // create the services
    const perSeatBillingService = createAccountPerSeatBillingService(client);
@@ -205,19 +197,17 @@ export const acceptInvitationAction = enhanceAction(
    // Increase the seats for the account
    await perSeatBillingService.increaseSeats(accountId);

-    return redirect(nextPath);
-  },
-  {},
-);
+    redirect(nextPath);
+  });

 /**
 * @name renewInvitationAction
 * @description Renews an invitation.
 */
-export const renewInvitationAction = enhanceAction(
-  async (params) => {
+export const renewInvitationAction = authActionClient
+  .inputSchema(RenewInvitationSchema)
+  .action(async ({ parsedInput: { invitationId } }) => {
    const client = getSupabaseServerClient();
-    const { invitationId } = RenewInvitationSchema.parse(params);

    const service = createAccountInvitationsService(client);

@@ -229,11 +219,7 @@ export const renewInvitationAction = enhanceAction(
    return {
      success: true,
    };
-  },
-  {
-    schema: RenewInvitationSchema,
-  },
-);
+  });

 function revalidateMemberPage() {
  revalidatePath('/home/[account]/members', 'page');
@@ -247,7 +233,7 @@ function revalidateMemberPage() {
 * @param accountId - The account ID (already fetched to avoid duplicate queries).
 */
 async function evaluateInvitationsPolicies(
-  params: z.infer<typeof InviteMembersSchema> & { accountSlug: string },
+  params: z.output<typeof InviteMembersSchema> & { accountSlug: string },
  user: JWTUserData,
  accountId: string,
 ) {
@@ -282,7 +268,7 @@ async function evaluateInvitationsPolicies(
 async function checkInvitationPermissions(
  accountId: string,
  userId: string,
-  invitations: z.infer<typeof InviteMembersSchema>['invitations'],
+  invitations: z.output<typeof InviteMembersSchema>['invitations'],
 ): Promise<{
  allowed: boolean;
  reason?: string;
--- a/packages/features/team-accounts/src/server/actions/team-members-server-actions.ts
+++ b/packages/features/team-accounts/src/server/actions/team-members-server-actions.ts
@@ -2,7 +2,7 @@

 import { revalidatePath } from 'next/cache';

-import { enhanceAction } from '@kit/next/actions';
+import { authActionClient } from '@kit/next/safe-action';
 import { createOtpApi } from '@kit/otp';
 import { getLogger } from '@kit/shared/logger';
 import { getSupabaseServerAdminClient } from '@kit/supabase/server-admin-client';
@@ -17,8 +17,9 @@ import { createAccountMembersService } from '../services/account-members.service
 * @name removeMemberFromAccountAction
 * @description Removes a member from an account.
 */
-export const removeMemberFromAccountAction = enhanceAction(
-  async ({ accountId, userId }) => {
+export const removeMemberFromAccountAction = authActionClient
+  .inputSchema(RemoveMemberSchema)
+  .action(async ({ parsedInput: { accountId, userId } }) => {
    const client = getSupabaseServerClient();
    const service = createAccountMembersService(client);

@@ -31,18 +32,15 @@ export const removeMemberFromAccountAction = enhanceAction(
    revalidatePath('/home/[account]', 'layout');

    return { success: true };
-  },
-  {
-    schema: RemoveMemberSchema,
-  },
-);
+  });

 /**
 * @name updateMemberRoleAction
 * @description Updates the role of a member in an account.
 */
-export const updateMemberRoleAction = enhanceAction(
-  async (data) => {
+export const updateMemberRoleAction = authActionClient
+  .inputSchema(UpdateMemberRoleSchema)
+  .action(async ({ parsedInput: data }) => {
    const client = getSupabaseServerClient();
    const service = createAccountMembersService(client);
    const adminClient = getSupabaseServerAdminClient();
@@ -54,19 +52,16 @@ export const updateMemberRoleAction = enhanceAction(
    revalidatePath('/home/[account]', 'layout');

    return { success: true };
-  },
-  {
-    schema: UpdateMemberRoleSchema,
-  },
-);
+  });

 /**
 * @name transferOwnershipAction
 * @description Transfers the ownership of an account to another member.
 * Requires OTP verification for security.
 */
-export const transferOwnershipAction = enhanceAction(
-  async (data, user) => {
+export const transferOwnershipAction = authActionClient
+  .inputSchema(TransferOwnershipConfirmationSchema)
+  .action(async ({ parsedInput: data, ctx: { user } }) => {
    const client = getSupabaseServerClient();
    const logger = await getLogger();

@@ -137,8 +132,4 @@ export const transferOwnershipAction = enhanceAction(
    return {
      success: true,
    };
-  },
-  {
-    schema: TransferOwnershipConfirmationSchema,
-  },
-);
+  });
--- a/packages/features/team-accounts/src/server/policies/create-account-policies.ts
+++ b/packages/features/team-accounts/src/server/policies/create-account-policies.ts
@@ -1,5 +1,4 @@
 import 'server-only';
-
 import { createPolicyRegistry } from '@kit/policies';

 /**
--- a/packages/features/team-accounts/src/server/policies/create-account-policy-evaluator.ts
+++ b/packages/features/team-accounts/src/server/policies/create-account-policy-evaluator.ts
@@ -1,5 +1,4 @@
 import 'server-only';
-
 import type { EvaluationResult } from '@kit/policies';
 import { createPoliciesEvaluator } from '@kit/policies';

--- a/packages/features/team-accounts/src/server/policies/invitation-context-builder.ts
+++ b/packages/features/team-accounts/src/server/policies/invitation-context-builder.ts
@@ -1,6 +1,6 @@
 import type { SupabaseClient } from '@supabase/supabase-js';

-import { z } from 'zod';
+import * as z from 'zod';

 import type { Database } from '@kit/supabase/database';
 import { JWTUserData } from '@kit/supabase/types';
@@ -29,7 +29,7 @@ class InvitationContextBuilder {
   * Build policy context for invitation evaluation with optimized parallel loading
   */
  async buildContext(
-    params: z.infer<typeof InviteMembersSchema> & { accountSlug: string },
+    params: z.output<typeof InviteMembersSchema> & { accountSlug: string },
    user: JWTUserData,
  ): Promise<FeaturePolicyInvitationContext> {
    // Fetch all data in parallel for optimal performance
@@ -43,7 +43,7 @@ class InvitationContextBuilder {
   * (avoids duplicate account lookup)
   */
  async buildContextWithAccountId(
-    params: z.infer<typeof InviteMembersSchema> & { accountSlug: string },
+    params: z.output<typeof InviteMembersSchema> & { accountSlug: string },
    user: JWTUserData,
    accountId: string,
  ): Promise<FeaturePolicyInvitationContext> {
--- a/packages/features/team-accounts/src/server/policies/policies.ts
+++ b/packages/features/team-accounts/src/server/policies/policies.ts
@@ -20,8 +20,8 @@ export const subscriptionRequiredInvitationsPolicy =
      if (!subscription || !subscription.active) {
        return deny({
          code: 'SUBSCRIPTION_REQUIRED',
-          message: 'teams:policyErrors.subscriptionRequired',
-          remediation: 'teams:policyRemediation.subscriptionRequired',
+          message: 'teams.policyErrors.subscriptionRequired',
+          remediation: 'teams.policyRemediation.subscriptionRequired',
        });
      }

@@ -55,8 +55,8 @@ export const paddleBillingInvitationsPolicy =
        if (hasPerSeatItems) {
          return deny({
            code: 'PADDLE_TRIAL_RESTRICTION',
-            message: 'teams:policyErrors.paddleTrialRestriction',
-            remediation: 'teams:policyRemediation.paddleTrialRestriction',
+            message: 'teams.policyErrors.paddleTrialRestriction',
+            remediation: 'teams.policyRemediation.paddleTrialRestriction',
          });
        }
      }
--- a/packages/features/team-accounts/src/server/services/account-invitations-dispatcher.service.ts
+++ b/packages/features/team-accounts/src/server/services/account-invitations-dispatcher.service.ts
@@ -1,6 +1,6 @@
 import { SupabaseClient } from '@supabase/supabase-js';

-import { z } from 'zod';
+import * as z from 'zod';

 import { getLogger } from '@kit/shared/logger';
 import { Database, Tables } from '@kit/supabase/database';
@@ -18,22 +18,22 @@ const env = z
  .object({
    invitePath: z
      .string({
-        required_error: 'The property invitePath is required',
+        error: 'The property invitePath is required',
      })
      .min(1),
    siteURL: z
      .string({
-        required_error: 'NEXT_PUBLIC_SITE_URL is required',
+        error: 'NEXT_PUBLIC_SITE_URL is required',
      })
      .min(1),
    productName: z
      .string({
-        required_error: 'NEXT_PUBLIC_PRODUCT_NAME is required',
+        error: 'NEXT_PUBLIC_PRODUCT_NAME is required',
      })
      .min(1),
    emailSender: z
      .string({
-        required_error: 'EMAIL_SENDER is required',
+        error: 'EMAIL_SENDER is required',
      })
      .min(1),
  })
--- a/packages/features/team-accounts/src/server/services/account-invitations.service.ts
+++ b/packages/features/team-accounts/src/server/services/account-invitations.service.ts
@@ -1,9 +1,8 @@
 import 'server-only';
-
 import { SupabaseClient } from '@supabase/supabase-js';

 import { addDays, formatISO } from 'date-fns';
-import { z } from 'zod';
+import * as z from 'zod';

 import { getLogger } from '@kit/shared/logger';
 import { Database } from '@kit/supabase/database';
@@ -37,7 +36,7 @@ class AccountInvitationsService {
   * @description Removes an invitation from the database.
   * @param params
   */
-  async deleteInvitation(params: z.infer<typeof DeleteInvitationSchema>) {
+  async deleteInvitation(params: z.output<typeof DeleteInvitationSchema>) {
    const logger = await getLogger();

    const ctx = {
@@ -70,7 +69,7 @@ class AccountInvitationsService {
   * @param params
   * @description Updates an invitation in the database.
   */
-  async updateInvitation(params: z.infer<typeof UpdateInvitationSchema>) {
+  async updateInvitation(params: z.output<typeof UpdateInvitationSchema>) {
    const logger = await getLogger();

    const ctx = {
@@ -107,7 +106,7 @@ class AccountInvitationsService {
  }

  async validateInvitation(
-    invitation: z.infer<typeof InviteMembersSchema>['invitations'][number],
+    invitation: z.output<typeof InviteMembersSchema>['invitations'][number],
    accountSlug: string,
  ) {
    const { data: members, error } = await this.client.rpc(
@@ -141,7 +140,7 @@ class AccountInvitationsService {
    invitations,
    invitedBy,
  }: {
-    invitations: z.infer<typeof InviteMembersSchema>['invitations'];
+    invitations: z.output<typeof InviteMembersSchema>['invitations'];
    accountSlug: string;
    invitedBy: string;
  }) {
--- a/packages/features/team-accounts/src/server/services/account-members.service.ts
+++ b/packages/features/team-accounts/src/server/services/account-members.service.ts
@@ -1,8 +1,7 @@
 import 'server-only';
-
 import { SupabaseClient } from '@supabase/supabase-js';

-import { z } from 'zod';
+import * as z from 'zod';

 import { getLogger } from '@kit/shared/logger';
 import { Database } from '@kit/supabase/database';
@@ -26,7 +25,7 @@ class AccountMembersService {
   * @description Removes a member from an account.
   * @param params
   */
-  async removeMemberFromAccount(params: z.infer<typeof RemoveMemberSchema>) {
+  async removeMemberFromAccount(params: z.output<typeof RemoveMemberSchema>) {
    const logger = await getLogger();

    const ctx = {
@@ -75,7 +74,7 @@ class AccountMembersService {
   * @param adminClient
   */
  async updateMemberRole(
-    params: z.infer<typeof UpdateMemberRoleSchema>,
+    params: z.output<typeof UpdateMemberRoleSchema>,
    adminClient: SupabaseClient<Database>,
  ) {
    const logger = await getLogger();
@@ -145,7 +144,7 @@ class AccountMembersService {
   * @param adminClient
   */
  async transferOwnership(
-    params: z.infer<typeof TransferOwnershipConfirmationSchema>,
+    params: z.output<typeof TransferOwnershipConfirmationSchema>,
    adminClient: SupabaseClient<Database>,
  ) {
    const logger = await getLogger();
--- a/packages/features/team-accounts/src/server/services/account-per-seat-billing.service.ts
+++ b/packages/features/team-accounts/src/server/services/account-per-seat-billing.service.ts
@@ -1,5 +1,4 @@
 import 'server-only';
-
 import { SupabaseClient } from '@supabase/supabase-js';

 import { createBillingGatewayService } from '@kit/billing-gateway';
--- a/packages/features/team-accounts/src/server/services/create-team-account.service.ts
+++ b/packages/features/team-accounts/src/server/services/create-team-account.service.ts
@@ -1,5 +1,4 @@
 import 'server-only';
-
 import { getLogger } from '@kit/shared/logger';
 import { getSupabaseServerAdminClient } from '@kit/supabase/server-admin-client';

--- a/packages/features/team-accounts/src/server/services/delete-team-account.service.ts
+++ b/packages/features/team-accounts/src/server/services/delete-team-account.service.ts
@@ -1,5 +1,4 @@
 import 'server-only';
-
 import { SupabaseClient } from '@supabase/supabase-js';

 import { getLogger } from '@kit/shared/logger';
--- a/packages/features/team-accounts/src/server/services/leave-team-account.service.ts
+++ b/packages/features/team-accounts/src/server/services/leave-team-account.service.ts
@@ -1,8 +1,7 @@
 import 'server-only';
-
 import { SupabaseClient } from '@supabase/supabase-js';

-import { z } from 'zod';
+import * as z from 'zod';

 import { getLogger } from '@kit/shared/logger';
 import { Database } from '@kit/supabase/database';
@@ -32,7 +31,7 @@ class LeaveTeamAccountService {
   * @description Leave a team account
   * @param params
   */
-  async leaveTeamAccount(params: z.infer<typeof Schema>) {
+  async leaveTeamAccount(params: z.output<typeof Schema>) {
    const logger = await getLogger();

    const ctx = {