refactor(server): strip Express to Supabase-ready shell

.github/workflows/ci.yml

@@ -24,7 +24,6 @@ jobs:
   test-server:
     name: Server Tests
     runs-on: ubuntu-latest
-
     defaults:
       run:
         working-directory: server
@@ -39,20 +38,4 @@ jobs:
       - run: npm test
         env:
           NODE_ENV: test
-          # DATABASE_URL: postgresql://postgres:postgres@localhost:5432/test_db
-          JWT_SECRET: test_secret_for_ci_only
           CORS_ALLOWED_ORIGINS: http://localhost:5173
-    # services:
-    #   postgres:
-    #     image: postgres:16
-    #     env:
-    #       POSTGRES_USER: postgres
-    #       POSTGRES_PASSWORD: postgres
-    #       POSTGRES_DB: test_db
-    #     ports:
-    #       - 5432:5432
-    #     options: >-
-    #       --health-cmd pg_isready
-    #       --health-interval 10s
-    #       --health-timeout 5s
-    #       --health-retries 5

docs/setup.md

@@ -8,99 +8,114 @@
 
 - [Node.js](https://nodejs.org/) v18+
 - [Git](https://git-scm.com/)
-- A [Supabase](https://supabase.com/) account (free tier is sufficient)
+- A [Supabase](https://supabase.com) account (free tier is sufficient)
 
 ---
 
 ## 1. Create a Supabase Project
 
-1. Go to [supabase.com](https://supabase.com/) and sign in
+1. Go to [supabase.com](https://supabase.com) and sign in
 2. Click **New project**
-3. Fill in:
-   - **Name** — anything you like (e.g. `template-dev`)
-   - **Database password** — generate a strong one and save it somewhere safe
-   - **Region** — pick the closest to you
-4. Click **Create new project** and wait ~1 minute for provisioning
+3. Choose your organisation, give the project a name, set a database
+   password (save it somewhere safe), and pick the region closest to you
+4. Wait for the project to finish provisioning (~1 minute)
 
 ---
 
-## 2. Get Your API Keys
+## 2. Apply the Database Schema
 
-1. In your project dashboard go to **Settings → API**
-2. Copy the following — you'll need them for your `.env` files:
+The `public.users` table, `app_role` enum, RLS policies, and auth
+triggers all need to be created before the app can run.
 
-| Key                   | Where to find it                  | Used in                       |
-| --------------------- | --------------------------------- | ----------------------------- |
-| **Project URL**       | "Project URL" field               | `client/.env` + `server/.env` |
-| **anon / public key** | "Project API keys → anon public"  | `client/.env` only            |
-| **service_role key**  | "Project API keys → service_role" | `server/.env` only            |
+The migration SQL is saved in the repo at
+`supabase/migrations/01_users_table.sql`.
 
-> **Never** put the `service_role` key in the client. It bypasses all RLS policies.
+**Option A — Supabase Dashboard SQL Editor (easiest)**
+
+1. In your project dashboard go to **SQL Editor**
+2. Click **New query**
+3. Paste the contents of `supabase/migrations/01_users_table.sql`
+4. Click **Run**
+
+**Option B — Supabase CLI**
+
+```bash
+supabase login
+supabase link --project-ref <your-project-ref>
+supabase db push
+```
 
 ---
 
-## 3. Run the Database Migration
+## 3. Get Your API Keys
 
-1. In your Supabase dashboard go to **SQL Editor**
-2. Click **New query**
-3. Copy the contents of `supabase/migrations/01_users_table.sql` from this repo
-4. Click **Run**
+1. In your Supabase project go to **Settings → API**
+2. Copy the following values — you will need them for your `.env` files:
 
-This creates the `public.users` table, the `app_role` enum, all RLS policies,
-and the triggers that auto-create profile rows on signup.
+| Key                   | Where to find it                                    | Used in                                          |
+| --------------------- | --------------------------------------------------- | ------------------------------------------------ |
+| **Project URL**       | Settings → API → Project URL                        | `client/.env` + `server/.env`                    |
+| **Anon / public key** | Settings → API → Project API keys → `anon` `public` | `client/.env`                                    |
+| **Service role key**  | Settings → API → Project API keys → `service_role`  | `server/.env` only — never expose to the browser |
+
+> The service role key bypasses Row Level Security. Keep it in
+> `server/.env` only and never commit it or send it to the client.
 
 ---
 
 ## 4. Configure `.env` Files
 
 ```bash
-cp client/.env.example client/.env
 cp server/.env.example server/.env
-```
-
-**`client/.env`:**
-
-```env
-VITE_SUPABASE_URL=https://your-project-ref.supabase.co
-VITE_SUPABASE_ANON_KEY=your-anon-key-here
+cp client/.env.example client/.env
 ```
 
 **`server/.env`:**
 
 ```env
 NODE_ENV=development
 SERVER_PORT=3000
-SUPABASE_URL=https://your-project-ref.supabase.co
-SUPABASE_SERVICE_ROLE_KEY=your-service-role-key-here
+
+SUPABASE_URL=https://<your-project-ref>.supabase.co
+SUPABASE_SERVICE_ROLE_KEY=<your-service-role-key>
+
 CORS_ALLOWED_ORIGINS=http://localhost:5173
 ```
 
----
-
-## 5. Install Dependencies
+**`client/.env`:**
 
-```bash
-# From the project root
-npm run install:all
+```env
+VITE_SUPABASE_URL=https://<your-project-ref>.supabase.co
+VITE_SUPABASE_ANON_KEY=<your-anon-key>
 ```
 
 ---
 
-## 6. Seed Initial Data
+## 5. Seed the Database (Optional)
+
+To create the four default test accounts (Bryan, Odin, Damon, Boss),
+run the seed script after your schema is applied:
 
 ```bash
 cd server
-npm run db:seed
+node src/db/seed.js
 ```
 
-This creates four accounts (password: `testpass123`):
+This uses the Supabase Admin API to create auth users and public.users
+rows via the existing DB trigger. All accounts use the password
+`testpass123`.
 
-| Username | Role        |
-| -------- | ----------- |
-| Bryan    | USER        |
-| Odin     | ADMIN       |
-| Damon    | USER        |
-| Boss     | SUPER_ADMIN |
+See [Issue #17](https://github.com/[REPO_AUTHOR]/[REPO_NAME]/issues/17)
+for the full seed implementation.
+
+---
+
+## 6. Install Dependencies
+
+```bash
+# From the project root
+npm run install:all
+```
 
 ---
 
@@ -117,10 +132,10 @@ Or in VS Code: **Terminal → Run Task → 🚀 Dev: Start All**
 
 ## Troubleshooting
 
-| Problem                                                   | Fix                                                                                                                 |
-| --------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------- |
-| `Missing VITE_SUPABASE_URL` error on client start         | Check `client/.env` exists and has the correct Project URL                                                          |
-| `Missing SUPABASE_SERVICE_ROLE_KEY` error on server start | Check `server/.env` exists and has the service role key                                                             |
-| RLS error / empty results when querying users             | Verify the migration in Step 3 ran without errors in the SQL Editor                                                 |
-| Seed script fails with "User already exists"              | Go to Supabase Dashboard → Authentication → Users and delete existing users, then re-run                            |
-| CORS error in browser                                     | Ensure `CORS_ALLOWED_ORIGINS` in `server/.env` matches your Vite dev URL exactly (default: `http://localhost:5173`) |
+| Problem                                                        | Fix                                                                                                                |
+| -------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------ |
+| `Missing Supabase environment variables` error on server start | Check that `SUPABASE_URL` and `SUPABASE_SERVICE_ROLE_KEY` are set in `server/.env`                                 |
+| `Missing Supabase environment variables` error in browser      | Check that `VITE_SUPABASE_URL` and `VITE_SUPABASE_ANON_KEY` are set in `client/.env`                               |
+| Login returns "Invalid login credentials"                      | The user may not exist yet — run the seed script or sign up manually                                               |
+| User row missing after signup                                  | Check that the `handle_new_user` trigger is applied — re-run the migration SQL if needed                           |
+| CORS error in browser                                          | Ensure `CORS_ALLOWED_ORIGINS` in `server/.env` matches your Vite dev server URL (default: `http://localhost:5173`) |

server/.gitignore

@@ -1,5 +1,2 @@
 node_modules
-# Keep environment variables out of version control
 .env
-
-/generated/prisma

server/package.json

@@ -14,12 +14,12 @@
     "test:watch": "vitest",
     "test:coverage": "vitest run --coverage",
     "test:ui": "vitest --ui",
-    "=== DATABASE ===": "",
-    "db:seed": "node src/db/seed.js"
+    "=== CODE QUALITY ===": "",
+    "lint": "eslint .",
+    "lint:fix": "eslint . --fix"
   },
   "dependencies": {
-    "@supabase/supabase-js": "^2.45.0",
-    "cookie-parser": "^1.4.7",
+    "@supabase/supabase-js": "^2.49.8",
     "cors": "^2.8.6",
     "dotenv": "^16.6.1",
     "express": "^4.22.1"