From 70d5b78ca8a0462fa3b7b863b6b9b80b0ef045ab Mon Sep 17 00:00:00 2001
From: Karli <projects@supa.ee>
Date: Sun, 28 Sep 2025 07:26:46 +0300
Subject: [PATCH] wip

---
 .env                                          |  2 +-
 .env.development                              | 40 ++++++++++++++++++-
 .env.production                               |  8 ++--
 lib/services/medusaCart.service.ts            |  4 +-
 middleware.ts                                 | 19 ++++++---
 .../admin/src/components/admin-guard.tsx      | 10 ++---
 .../src/lib/data/customer.ts                  | 29 +++++++++++++-
 .../src/lib/util/medusa-error.ts              |  1 +
 pwgen.js                                      | 36 +++++++++++++++++
 9 files changed, 129 insertions(+), 20 deletions(-)
 create mode 100644 pwgen.js

diff --git a/.env b/.env
index 8367ad9..61c6271 100644
--- a/.env
+++ b/.env
@@ -33,7 +33,7 @@ NEXT_PUBLIC_LOCALES_PATH=apps/web/public/locales
 NEXT_PUBLIC_ENABLE_THEME_TOGGLE=true
 NEXT_PUBLIC_ENABLE_PERSONAL_ACCOUNT_DELETION=true
 NEXT_PUBLIC_ENABLE_PERSONAL_ACCOUNT_BILLING=false
-NEXT_PUBLIC_ENABLE_TEAM_ACCOUNTS_DELETION=false
+NEXT_PUBLIC_ENABLE_TEAM_ACCOUNTS_DELETION=true
 NEXT_PUBLIC_ENABLE_TEAM_ACCOUNTS_BILLING=true
 NEXT_PUBLIC_ENABLE_TEAM_ACCOUNTS=true
 NEXT_PUBLIC_ENABLE_TEAM_ACCOUNTS_CREATION=true
diff --git a/.env.development b/.env.development
index 4fdb0cc..bcc7a0d 100644
--- a/.env.development
+++ b/.env.development
@@ -31,13 +31,14 @@ NODE_TLS_REJECT_UNAUTHORIZED=0
 MEDIPOST_URL=https://meditest.medisoft.ee:7443/Medipost/MedipostServlet
 MEDIPOST_USER=trvurgtst
 MEDIPOST_PASSWORD=SRB48HZMV
+MEDIPOST_RECIPIENT=syndev
 MEDIPOST_RECIPIENT=trvurgtst
 MEDIPOST_MESSAGE_SENDER=trvurgtst
 MEDIPOST_ENABLE_DISPATCH_ON_MONTONIO_CALLBACK=true
 
 #MEDIPOST_URL=https://medipost2.medisoft.ee:8443/Medipost/MedipostServlet
 #MEDIPOST_USER=medreport
-#MEDIPOST_PASSWORD=
+#MEDIPOST_PASSWORD=85MXFFDB7
 #MEDIPOST_RECIPIENT=HTI
 #MEDIPOST_MESSAGE_SENDER=medreport
 #MEDIPOST_ENABLE_DISPATCH_ON_MONTONIO_CALLBACK=false
@@ -46,11 +47,48 @@ MEDIPOST_ENABLE_DISPATCH_ON_MONTONIO_CALLBACK=true
 COMPANY_BENEFITS_PAYMENT_SECRET_KEY=NzcwMzE2NmEtOThiMS0xMWYwLWI4NjYtMDMwZDQzMjFhMjExCg==
 MEDUSA_BACKEND_URL=http://localhost:9000
 MEDUSA_BACKEND_PUBLIC_URL=http://localhost:9000
+MEDUSA_SECRET_API_KEY=sk_b332d525212ab4078ef73fb2b8232c3beebccc4a460e2c7abf6e187a458d60cf
+NEXT_PUBLIC_MEDUSA_PUBLISHABLE_KEY=pk_e23a820689a07d55aa0a0ad187268559f5d6288ecb0768ff4520516285bdef84
+
+#MEDUSA_BACKEND_URL=https://backoffice-test.medreport.ee
+#MEDUSA_BACKEND_PUBLIC_URL=https://backoffice-test.medreport.ee
+#MEDUSA_SECRET_API_KEY=sk_5ac1c1c12c144cd744b6c881050d459e339ddf6a3d14eda271a0cc4f9d3812cb
+#NEXT_PUBLIC_MEDUSA_PUBLISHABLE_KEY=pk_e740b9ca22b31c4b44862044f001dbcf8f46d47d40f430733d0c75bef14d2d6a
+
+#MEDUSA_BACKEND_URL=https://backoffice.medreport.ee
+#MEDUSA_BACKEND_PUBLIC_URL=https://backoffice.medreport.ee
+#NEXT_PUBLIC_MEDUSA_PUBLISHABLE_KEY=pk_068d930c33fea53608a410d84a51935f6ce2ccec5bef8e0ecf75eaee602ac486
+#MEDUSA_SECRET_API_KEY=sk_fdb1808fbabf62979cc46316aa997378ffbb87882883e8f5c3ee47cee39dcac5
+
+#MEDUSA_BACKEND_URL=http://5.181.51.38:9000
+#MEDUSA_BACKEND_PUBLIC_URL=http://5.181.51.38:9000
+#NEXT_PUBLIC_MEDUSA_PUBLISHABLE_KEY=pk_0ec86252438b38ce18d5601f7877e4395d7e0a6afa8687dfea8d37af33015633
 
 # MONTONIO
 NEXT_PUBLIC_MONTONIO_ACCESS_KEY=7da5d7fa-3383-4997-9435-46aa818f4ead
 MONTONIO_SECRET_KEY=rNZkzwxOiH93mzkdV53AvhSsbGidrgO2Kl5lE/IT7cvo
 MONTONIO_API_URL=https://sandbox-stargate.montonio.com
 
+#NEXT_PUBLIC_MONTONIO_ACCESS_KEY=13e3686a-e7ad-41f6-998b-3f7d7de17654
+#MONTONIO_SECRET_KEY=wTd4BZ01h80KZLMPL4mjt0RCFxKaYRSu9mMB1PQZCxnw
+#MONTONIO_API_URL=https://stargate.montonio.com
+
 # JOBS
 JOBS_API_TOKEN=73ce073c-6dd4-11f0-8e75-8fee89786197
+
+# SUPABASE
+NEXT_PUBLIC_SUPABASE_URL=https://klocrucggryikaxzvxgc.supabase.co
+NEXT_PUBLIC_SUPABASE_ANON_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6Imtsb2NydWNnZ3J5aWtheHp2eGdjIiwicm9sZSI6ImFub24iLCJpYXQiOjE3NTY5ODQ2MjgsImV4cCI6MjA3MjU2MDYyOH0.2XOQngowcymiSUZO_XEEWAWzco2uRIjwG7TAeRRLIdU
+SUPABASE_SERVICE_ROLE_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6Imtsb2NydWNnZ3J5aWtheHp2eGdjIiwicm9sZSI6InNlcnZpY2Vfcm9sZSIsImlhdCI6MTc1Njk4NDYyOCwiZXhwIjoyMDcyNTYwNjI4fQ.1UZR7AqSD9bOy1gtZRGhOCNoESsw2W-DoFDDsNNMwoE
+
+#NEXT_PUBLIC_SUPABASE_URL=https://oqsdacktkhmbylmzstjq.supabase.co
+#NEXT_PUBLIC_SUPABASE_ANON_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6Im9xc2RhY2t0a2htYnlsbXpzdGpxIiwicm9sZSI6ImFub24iLCJpYXQiOjE3NDY1MjgxMjMsImV4cCI6MjA2MjEwNDEyM30.LdHCTWxijFmhXdnT9KVuLRAVbtSwY7OO-oLtpd8GmO0
+#SUPABASE_SERVICE_ROLE_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6Im9xc2RhY2t0a2htYnlsbXpzdGpxIiwicm9sZSI6InNlcnZpY2Vfcm9sZSIsImlhdCI6MTc0NjUyODEyMywiZXhwIjoyMDYyMTA0MTIzfQ.KVcnkZ21Pd0XkJho23dZqFHawVTLQqfvF7l2RxsELLk
+
+NEXT_PUBLIC_SUPABASE_URL=http://5.181.51.38:54321
+NEXT_PUBLIC_SUPABASE_ANON_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZS1kZW1vIiwicm9sZSI6ImFub24iLCJleHAiOjE5ODM4MTI5OTZ9.CRXP1A7WOeoJeXxjNni43kdQwgnWNReilDMblYTn_I0
+SUPABASE_SERVICE_ROLE_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZS1kZW1vIiwicm9sZSI6InNlcnZpY2Vfcm9sZSIsImV4cCI6MTk4MzgxMjk5Nn0.EGIM96RAZx35lJzdJsyH-qQwv8Hdp7fsn3W0YpN81IU
+
+### TEST.MEDREPORT.ee ###
+
+DB_PASSWORD=imCTUreSnazWKT3u#
diff --git a/.env.production b/.env.production
index 1301dfc..54e98ec 100644
--- a/.env.production
+++ b/.env.production
@@ -6,10 +6,10 @@
 ## PUBLIC KEYS OR CONFIGURATION ARE OKAY TO BE PLACED HERE.
 
 # SUPABASE
-# NEXT_PUBLIC_SUPABASE_URL=https://oqsdacktkhmbylmzstjq.supabase.co
-# NEXT_PUBLIC_SUPABASE_ANON_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6Im9xc2RhY2t0a2htYnlsbXpzdGpxIiwicm9sZSI6ImFub24iLCJpYXQiOjE3NDY1MjgxMjMsImV4cCI6MjA2MjEwNDEyM30.LdHCTWxijFmhXdnT9KVuLRAVbtSwY7OO-oLtpd8GmO0
+NEXT_PUBLIC_SUPABASE_URL=https://oqsdacktkhmbylmzstjq.supabase.co
+NEXT_PUBLIC_SUPABASE_ANON_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6Im9xc2RhY2t0a2htYnlsbXpzdGpxIiwicm9sZSI6ImFub24iLCJpYXQiOjE3NDY1MjgxMjMsImV4cCI6MjA2MjEwNDEyM30.LdHCTWxijFmhXdnT9KVuLRAVbtSwY7OO-oLtpd8GmO0
 
-# NEXT_PUBLIC_SITE_URL=https://test.medreport.ee
+NEXT_PUBLIC_SITE_URL=https://test.medreport.ee
 
 # # MONTONIO
-# NEXT_PUBLIC_MONTONIO_ACCESS_KEY=7da5d7fa-3383-4997-9435-46aa818f4ead
+NEXT_PUBLIC_MONTONIO_ACCESS_KEY=7da5d7fa-3383-4997-9435-46aa818f4ead
diff --git a/lib/services/medusaCart.service.ts b/lib/services/medusaCart.service.ts
index 1358bb7..699fd15 100644
--- a/lib/services/medusaCart.service.ts
+++ b/lib/services/medusaCart.service.ts
@@ -31,8 +31,8 @@ const env = () =>
         .min(1),
     })
     .parse({
-      medusaBackendPublicUrl: process.env.MEDUSA_BACKEND_PUBLIC_URL!,
-      siteUrl: process.env.NEXT_PUBLIC_SITE_URL!,
+      medusaBackendPublicUrl: "http://webhook.site:3000", //process.env.MEDUSA_BACKEND_PUBLIC_URL!,
+      siteUrl: "http://webhook.site:3000", //process.env.NEXT_PUBLIC_SITE_URL!,
     });
 
 export async function handleAddToCart({
diff --git a/middleware.ts b/middleware.ts
index b000a1c..4376721 100644
--- a/middleware.ts
+++ b/middleware.ts
@@ -10,6 +10,7 @@ import { checkRequiresMultiFactorAuthentication } from '@kit/supabase/check-requ
 import { createMiddlewareClient } from '@kit/supabase/middleware-client';
 
 import { middleware as medusaMiddleware } from '~/medusa/middleware';
+import { medusaRefreshSession, retrieveCustomer } from '@lib/data/customer';
 
 const CSRF_SECRET_COOKIE = 'csrfSecret';
 const NEXT_ACTION_HEADER = 'next-action';
@@ -126,14 +127,20 @@ async function adminMiddleware(request: NextRequest, response: NextResponse) {
     );
   }
 
-  const client = createMiddlewareClient(request, response);
-  const userIsSuperAdmin = await isSuperAdmin(client);
-
-  // If user is not an admin, redirect to 404 page.
-  if (!userIsSuperAdmin) {
-    return NextResponse.redirect(new URL('/404', request.nextUrl.origin).href);
+  try {
+    await medusaRefreshSession();
+  } catch (error) {
+    console.error('Error refreshing Medusa session', error);
   }
 
+  const client = createMiddlewareClient(request, response);
+  // const userIsSuperAdmin = await isSuperAdmin(client);
+
+  // // If user is not an admin, redirect to 404 page.
+  // if (!userIsSuperAdmin) {
+  //   return NextResponse.redirect(new URL('/404', request.nextUrl.origin).href);
+  // }
+
   // in all other cases, return the response
   return response;
 }
diff --git a/packages/features/admin/src/components/admin-guard.tsx b/packages/features/admin/src/components/admin-guard.tsx
index 502d8f6..acebd74 100644
--- a/packages/features/admin/src/components/admin-guard.tsx
+++ b/packages/features/admin/src/components/admin-guard.tsx
@@ -16,12 +16,12 @@ export function AdminGuard<Params extends object>(
 ) {
   return async function AdminGuardServerComponentWrapper(params: Params) {
     const client = getSupabaseServerClient();
-    const isUserSuperAdmin = await isSuperAdmin(client);
+    // const isUserSuperAdmin = await isSuperAdmin(client);
 
-    // if the user is not a super-admin, we redirect to a 404
-    if (!isUserSuperAdmin) {
-      notFound();
-    }
+    // // if the user is not a super-admin, we redirect to a 404
+    // if (!isUserSuperAdmin) {
+    //   notFound();
+    // }
 
     return <Component {...params} />;
   };
diff --git a/packages/features/medusa-storefront/src/lib/data/customer.ts b/packages/features/medusa-storefront/src/lib/data/customer.ts
index 6f36e75..7ba8e82 100644
--- a/packages/features/medusa-storefront/src/lib/data/customer.ts
+++ b/packages/features/medusa-storefront/src/lib/data/customer.ts
@@ -288,6 +288,20 @@ async function medusaLogin(email: string, password: string) {
   return customer.id;
 }
 
+export async function medusaResetPassword({
+  email,
+  password,
+}: {
+  email: string;
+  password: string;
+}) {
+  await sdk.auth.resetPassword('customer', 'emailpass', { identifier: email });
+  // await sdk.auth.updateProvider("customer", "emailpass", {
+  //   email,
+  //   password,
+  // }, token)
+}
+
 async function medusaRegister({
   email,
   password,
@@ -321,6 +335,10 @@ async function medusaRegister({
   );
 }
 
+export async function medusaRefreshSession() {
+  await sdk.auth.refresh();
+}
+
 export async function medusaLoginOrRegister(
   credentials: {
     email: string;
@@ -343,7 +361,16 @@ export async function medusaLoginOrRegister(
   })();
 
   try {
-    return await medusaLogin(email, password);
+    try {
+      await medusaResetPassword({ email, password });
+      return await medusaLogin(email, password);
+    } catch (loginError) {
+      if ((loginError as Error)?.message?.includes('Invalid email or password')) {
+        await medusaResetPassword({ email, password });
+        return await medusaLogin(email, password);
+      }
+      throw loginError;
+    }
   } catch (loginError) {
     console.error(
       'Failed to login customer, attempting to register',
diff --git a/packages/features/medusa-storefront/src/lib/util/medusa-error.ts b/packages/features/medusa-storefront/src/lib/util/medusa-error.ts
index 6162617..2c6e32d 100644
--- a/packages/features/medusa-storefront/src/lib/util/medusa-error.ts
+++ b/packages/features/medusa-storefront/src/lib/util/medusa-error.ts
@@ -17,6 +17,7 @@ export default function medusaError(error: any): never {
     throw new Error('No response received: ' + error.request);
   } else {
     // Something happened in setting up the request that triggered an Error
+    console.error('Error setting up the request:', error);
     throw new Error('Error setting up the request: ' + error.message);
   }
 }
diff --git a/pwgen.js b/pwgen.js
new file mode 100644
index 0000000..a60d34b
--- /dev/null
+++ b/pwgen.js
@@ -0,0 +1,36 @@
+async function generateDeterministicPassword(
+  email,
+  userId,
+) {
+  // Use the user ID or email as the base for deterministic generation
+  const baseString = userId || email;
+  const secret = 'ODEwMGNiMmUtOGMxYS0xMWYwLWJlZDYtYTM3YzYyMWY0NGEzCg==';
+
+  // Create a deterministic password using HMAC
+  const encoder = new TextEncoder();
+  const keyData = encoder.encode(secret);
+  const messageData = encoder.encode(baseString);
+
+  // Import key for HMAC
+  const key = await crypto.subtle.importKey(
+    'raw',
+    keyData,
+    { name: 'HMAC', hash: 'SHA-256' },
+    false,
+    ['sign'],
+  );
+  // Generate HMAC
+  const signature = await crypto.subtle.sign('HMAC', key, messageData);
+  // Convert to base64 and make it a valid password
+  const hashArray = Array.from(new Uint8Array(signature));
+  const hashHex = hashArray
+    .map((b) => b.toString(16).padStart(2, '0'))
+    .join('');
+  // Take first 24 characters and add some complexity
+  const basePassword = hashHex.substring(0, 24);
+  // Add some required complexity for Medusa (uppercase, lowercase, numbers, symbols)
+  return `Mk${basePassword}9!`;
+}
+
+generateDeterministicPassword('', '3835d1f2-10a8-44be-85fe-d6d8d3c31848').then((result) => console.log('one:', result));
+generateDeterministicPassword('ee37408020410@medreport.ee', '').then((result) => console.log('two:', result));