FerreMarket delegates all authentication to Supabase Auth, including session management, credential validation, and password recovery. The React side of this integration lives inDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/ProyectoFerretek/FerreMarket/llms.txt
Use this file to discover all available pages before exploring further.
src/context/AuthContext.tsx, which provides an AuthContextProvider component and a UserAuth hook that together expose every auth method to the rest of the application. Rather than scattering raw supabase.auth.* calls throughout the codebase, every component that needs to sign a user in, out, or perform account operations should use the methods surfaced by UserAuth().
AuthContext Provider
AuthContextProvider is declared in src/context/AuthContext.tsx and wraps the entire application in src/App.tsx. It owns the session state and keeps it synchronised with the Supabase Auth lifecycle via the onAuthStateChange listener.
AuthContextProvider calls supabase.auth.getSession() to restore any existing session from local storage, then registers supabase.auth.onAuthStateChange to react to subsequent sign-in, sign-out, and token-refresh events:
session starts as undefined (not yet resolved) rather than null (confirmed signed-out), consumer components can distinguish the loading state from a confirmed logged-out state — see Session State below.
Available Auth Methods
All methods are returned by theUserAuth() hook and can be destructured directly in any component inside AuthContextProvider.
signInUser(email, password)
supabase.auth.signInWithPassword with the provided credentials. The email is lowercased before the request is sent to ensure case-insensitive matching.
- On success — returns
{ success: true, data }wheredatacontains the SupabaseSessionandUserobjects. - On failure — displays a toast notification (“Error al iniciar sesión. Por favor, verifica tus credenciales.”) and returns
{ success: false, error }.
signUpNewUser(email, password)
create-user Edge Function rather than calling supabase.auth.signUp directly. This server-side approach allows the function to run with admin privileges, bypassing email confirmation requirements and enabling the user to be created without the caller needing elevated permissions on the client.
- On success — returns
{ success: true, data }. Thedata.user.idfield contains the new user’s Supabase Auth UUID, which must be stored asuidin theusuariostable. - On failure — returns
{ success: false, error }.
signOut()
supabase.auth.signOut(), which invalidates the current session token and clears the local session from storage. After sign-out, session is set to null by the onAuthStateChange listener, causing ProtectedRoute to redirect the user to /admin/login. On error, returns { success: false, error } instead of resolving silently.
deleteUser(uid)
delete-user Edge Function with an HTTP DELETE method. The uid parameter must be the Supabase Auth UUID (Usuario.uid), not the internal database ID.
- On success — returns
{ success: true }. - On failure — logs the error and returns
{ success: false, error }.
After calling
deleteUser, you must also call the database-level eliminarUsuario(id) to remove the corresponding row from the usuarios table. deleteUser only removes the Supabase Auth entry — the database record is a separate operation.recoverPassword(email)
send-password-recovery-email Edge Function. The email is lowercased before dispatch.
- On success — returns
{ success: true }. The user receives an email with a temporary password-reset link. - On failure — returns
{ success: false, error }.
session
The current Supabase Session object (or a sentinel value indicating the loading/logged-out state). Exposed directly from context so any component can read the authentication state without calling a function.
Using the UserAuth Hook
Import and destructureUserAuth() inside any component that is a descendant of AuthContextProvider:
Session State
Thesession value follows a three-state lifecycle that maps directly to the application’s auth flow:
| Value | Type | Meaning |
|---|---|---|
undefined | undefined | Loading — getSession() has not yet resolved. Render a spinner or skeleton. |
null | null | Logged out — The session resolved with no active user. Redirect to /admin/login. |
| Session object | Session | Authenticated — A valid Supabase session exists. session.user contains the Auth user data. |
ProtectedRoute relies on this three-state contract to avoid briefly flashing the login redirect during the initial load:
Both
undefined (loading) and null (logged out) are falsy, so ProtectedRoute will redirect to /admin/login during the brief loading window before getSession() resolves. If you need to show a loading state instead of an immediate redirect, check session === undefined explicitly before returning <Navigate />.Supabase Client Initialisation
The Supabase client is created once insrc/lib/supabase/Supabase.tsx and imported wherever direct Supabase access is needed:
.env file (or Vite environment configuration) before starting the development server or building for production:
Supabase Edge Functions
User creation, deletion, and password recovery all route through Supabase Edge Functions rather than the client SDK directly. This design allows the functions to execute with service-role privileges on the server — operations that would otherwise require the secretservice_role key, which must never be exposed to the browser.
The three Edge Functions used by FerreMarket are:
| Function Name | Triggered By | Description |
|---|---|---|
create-user | signUpNewUser() | Creates a new Supabase Auth user with admin privileges. Accepts { email, password }. |
delete-user | deleteUser() | Permanently removes a Supabase Auth user. Accepts { userId } via HTTP DELETE. |
send-password-recovery-email | recoverPassword() | Sends a password-reset email to the specified address. Accepts { email }. |