fix(admin): key tunnels by user_id, server-side initial list load, full-scan user search

2026-05-31 11:46:14 +02:00
parent fb4880a1d9
commit b6c4d94990
19 changed files with 1676 additions and 840 deletions
@@ -45,20 +45,20 @@ export async function POST(

  const admin = getSupabaseAdmin();

-  // Reject if taken by a different tunnel.
+  // Reject if taken by a different tunnel (keyed by owner user_id).
  const { data: existing } = await admin
    .from('tunnels')
-    .select('id')
+    .select('user_id')
    .eq('subdomain', subdomain)
-    .maybeSingle<{ id: string }>();
-  if (existing && existing.id !== id) {
+    .maybeSingle<{ user_id: string }>();
+  if (existing && existing.user_id !== id) {
    return NextResponse.json({ error: 'subdomain taken' }, { status: 409 });
  }

  const { data, error } = await admin
    .from('tunnels')
    .update({ subdomain })
-    .eq('id', id)
+    .eq('user_id', id)
    .select('subdomain')
    .maybeSingle<{ subdomain: string }>();
  if (error) {