4b0f5742af
Replaces direct Supabase client instantiation with a unified authentication and authorization helper, introducing role-based access control to sensitive endpoints like escrow and payroll, and standardizing compliance event logging. Replit-Commit-Author: Agent Replit-Commit-Session-Id: 9203795e-937a-4306-b81d-b4d5c78c240e Replit-Commit-Checkpoint-Type: intermediate_checkpoint Replit-Commit-Event-Id: 5eb35c62-c5ab-4c7e-9552-8dc89efa29f3 Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/7c94b7a0-29c7-4f2e-94ef-44b2153872b7/9203795e-937a-4306-b81d-b4d5c78c240e/aPpJgbb Replit-Helium-Checkpoint-Created: true
75 lines
2.2 KiB
TypeScript
75 lines
2.2 KiB
TypeScript
import type { VercelRequest, VercelResponse } from "@vercel/node";
|
|
import { authenticateRequest, requireAuth, logComplianceEvent } from "../_auth";
|
|
|
|
export default async function handler(req: VercelRequest, res: VercelResponse) {
|
|
const auth = await authenticateRequest(req);
|
|
if (!requireAuth(auth, res)) return;
|
|
|
|
const { userClient, adminClient, user } = auth;
|
|
|
|
if (req.method === 'GET') {
|
|
const { data, error } = await userClient
|
|
.from('nexus_talent_profiles')
|
|
.select('*')
|
|
.eq('user_id', user.id)
|
|
.single();
|
|
|
|
if (error && error.code !== 'PGRST116') {
|
|
return res.status(500).json({ error: error.message });
|
|
}
|
|
|
|
return res.status(200).json({ data });
|
|
}
|
|
|
|
if (req.method === 'POST') {
|
|
const body = req.body;
|
|
|
|
const { data, error } = await userClient
|
|
.from('nexus_talent_profiles')
|
|
.upsert({
|
|
user_id: user.id,
|
|
legal_first_name: body.legal_first_name,
|
|
legal_last_name: body.legal_last_name,
|
|
tax_classification: body.tax_classification,
|
|
residency_state: body.residency_state,
|
|
residency_country: body.residency_country || 'US',
|
|
address_city: body.address_city,
|
|
address_state: body.address_state,
|
|
address_zip: body.address_zip,
|
|
updated_at: new Date().toISOString()
|
|
}, { onConflict: 'user_id' })
|
|
.select()
|
|
.single();
|
|
|
|
if (error) {
|
|
return res.status(500).json({ error: error.message });
|
|
}
|
|
|
|
await logComplianceEvent(adminClient, {
|
|
entity_type: 'talent',
|
|
entity_id: data.id,
|
|
event_type: 'profile_updated',
|
|
event_category: 'data_change',
|
|
actor_id: user.id,
|
|
actor_role: 'talent',
|
|
realm_context: 'nexus',
|
|
description: 'Talent profile updated',
|
|
payload: { fields_updated: Object.keys(body) }
|
|
}, req);
|
|
|
|
return res.status(200).json({ data });
|
|
}
|
|
|
|
if (req.method === 'GET' && req.query.action === 'compliance-summary') {
|
|
const { data, error } = await userClient
|
|
.rpc('get_talent_compliance_summary', { p_user_id: user.id });
|
|
|
|
if (error) {
|
|
return res.status(500).json({ error: error.message });
|
|
}
|
|
|
|
return res.status(200).json({ data });
|
|
}
|
|
|
|
return res.status(405).json({ error: 'Method not allowed' });
|
|
}
|