Files

Giancarlo Buomprisco 7ebff31475 Next.js Supabase V3 (#463 )

Version 3 of the kit:
- Radix UI replaced with Base UI (using the Shadcn UI patterns)
- next-intl replaces react-i18next
- enhanceAction deprecated; usage moved to next-safe-action
- main layout now wrapped with [locale] path segment
- Teams only mode
- Layout updates
- Zod v4
- Next.js 16.2
- Typescript 6
- All other dependencies updated
- Removed deprecated Edge CSRF
- Dynamic Github Action runner

2026-03-24 13:40:38 +08:00

1.3 KiB

Raw Blame History

Super Admin

Critical Security Rules

ALWAYS use AdminGuard to protect pages
ALWAYS validate admin status before operations
NEVER bypass authentication or authorization
ALWAYS audit admin operations with logging
ALWAYS use adminAction to wrap admin actions @packages/features/admin/src/lib/server/utils/admin-action.ts

Page Structure

import { AdminGuard } from '@kit/admin/components/admin-guard';
import { PageBody, PageHeader } from '@kit/ui/page';

async function AdminPage() {
  return (
    <>
      <PageHeader title="Admin" />
      <PageBody>{/* Content */}</PageBody>
    </>
  );
}

export default AdminGuard(AdminPage);

Admin Client Usage

import { isSuperAdmin } from '@kit/admin';
import { getSupabaseServerAdminClient } from '@kit/supabase/server-admin-client';

async function adminOperation() {
  // CRITICAL: Validate first - admin client bypasses RLS
  if (!(await isSuperAdmin(currentUser))) {
    throw new Error('Unauthorized');
  }

  const adminClient = getSupabaseServerAdminClient();
  // Safe to proceed
}

Audit Logging

const logger = await getLogger();
logger.info({
  name: 'admin-audit',
  action: 'delete-user',
  adminId: currentUser.id,
  targetId: userId,
}, 'Admin action performed');

1.3 KiB Raw Blame History

Super Admin

Critical Security Rules

Page Structure

Admin Client Usage

Audit Logging

1.3 KiB

Raw Blame History