feat(roles): add roles management with constants and types; update middleware for role validation

Jxl-s · Jxl-s · commit 971fb3096508 · 2026-04-02T00:01:11.000-04:00
diff --git a/lib/db/schema.ts b/lib/db/schema.ts
@@ -6,7 +6,6 @@ export const profiles = pgTable("profiles", {
    id: uuid("id").primaryKey(),
    firstName: text("first_name"),
    lastName: text("last_name"),
-   avatarUrl: text("avatar_url"),
    stripeCustomerId: text("stripe_customer_id"),
    role: userRoleEnum("role").default("user").notNull(),
    createdAt: timestamp("created_at").defaultNow(),
diff --git a/lib/roles.ts b/lib/roles.ts
@@ -0,0 +1,7 @@
+export const ROLES = {
+  ADMIN: "admin",
+  COACH: "coach",
+  USER: "user",
+} as const;
+
+export type Role = (typeof ROLES)[keyof typeof ROLES];
diff --git a/utils/supabase/middleware.ts b/utils/supabase/middleware.ts
@@ -1,5 +1,6 @@
 import { createServerClient } from "@supabase/ssr";
 import { type NextRequest, NextResponse } from "next/server";
+import { ROLES } from "@/lib/roles";
 
 export async function updateSession(request: NextRequest) {
   let supabaseResponse = NextResponse.next({
@@ -46,8 +47,9 @@ export async function updateSession(request: NextRequest) {
 
   // Protect /dashboard/* — admin only
   if (request.nextUrl.pathname.startsWith("/dashboard")) {
-    const role = user?.app_metadata?.role;
-    if (role !== "admin") {
+    const { data: claimsData } = await supabase.auth.getClaims();
+    const role = claimsData?.claims?.user_role;
+    if (role !== ROLES.ADMIN) {
       const url = request.nextUrl.clone();
       url.pathname = "/";
       return NextResponse.redirect(url);
