From 1aefd3d9a138f349af7fb0d5808644b07b753844 Mon Sep 17 00:00:00 2001
From: patrickwebsdev <contacto@patricioalmada.com.ar>
Date: Sat, 9 Nov 2024 01:33:50 -0300
Subject: [PATCH 1/5] security fix: policy post limit per minute

---
 .../migrations/20241109043158_limit_post_per_minute.sql   | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 supabase/migrations/20241109043158_limit_post_per_minute.sql

diff --git a/supabase/migrations/20241109043158_limit_post_per_minute.sql b/supabase/migrations/20241109043158_limit_post_per_minute.sql
new file mode 100644
index 00000000..a0066b19
--- /dev/null
+++ b/supabase/migrations/20241109043158_limit_post_per_minute.sql
@@ -0,0 +1,8 @@
+create policy "limit_post_per_minute"
+on "public"."help_requests"
+as restrictive
+for insert
+to authenticated
+with check ((NOT (EXISTS ( SELECT 1
+   FROM help_requests help_requests_1
+  WHERE ((help_requests_1.user_id = auth.uid()) AND (help_requests_1.created_at > (now() - '00:01:00'::interval)))))));
\ No newline at end of file

From d56e10680b941613616b127d227e9bb438eb61ba Mon Sep 17 00:00:00 2001
From: patrickwebsdev <contacto@patricioalmada.com.ar>
Date: Sat, 9 Nov 2024 03:09:54 -0300
Subject: [PATCH 2/5] security: now only authenticated users can post

---
 src/app/auth/page.tsx                         | 15 +++++++
 src/app/ofrecer-ayuda/page.tsx                | 19 +++++++-
 .../_components/Form/FormContainer.tsx        |  3 +-
 .../_components/Form/FormRenderer.tsx         | 40 +++++++++--------
 src/app/solicitar-ayuda/page.tsx              | 22 ++++++++--
 src/app/solicitudes/editar/[id]/page.tsx      |  8 ----
 src/components/OfferHelp.js                   | 43 +++++++++++--------
 src/components/layout/Sidebar.tsx             |  6 ++-
 src/lib/supabase/middleware.ts                | 13 ++++++
 ...4846_limit_post_to_authenticated_users.sql | 41 ++++++++++++++++++
 10 files changed, 160 insertions(+), 50 deletions(-)
 create mode 100644 supabase/migrations/20241109054846_limit_post_to_authenticated_users.sql

diff --git a/src/app/auth/page.tsx b/src/app/auth/page.tsx
index 887b4689..0796c335 100644
--- a/src/app/auth/page.tsx
+++ b/src/app/auth/page.tsx
@@ -3,6 +3,7 @@ import { Suspense, useEffect } from 'react';
 import Login from '../../components/auth/Login';
 import { useRouter, useSearchParams } from 'next/navigation';
 import { authService } from '@/lib/service';
+import { AlertTriangle } from 'lucide-react';
 
 export default function AUthPage() {
   return (
@@ -28,6 +29,20 @@ function Auth() {
 
   return (
     <section className="mx-6 lg:m-16">
+      <div className="bg-red-100 border-l-4 border-red-500 p-4 rounded mb-4">
+        <div className="flex items-start">
+          <AlertTriangle className="h-5 w-5 text-red-500 mt-0.5 mr-2" />
+          <div>
+            <h2 className="text-red-800 font-bold">
+              POR MOTIVOS DE SEGURIDAD HEMOS DESHABILITADO LAS PUBLICACIONES ANONIMAS
+            </h2>
+            <p className="text-red-700 text-sm mt-1">Ahora debes registrarte para crear una publicacion.</p>
+            <p className="text-red-900 text-sm mt-1 font-medium">
+              Por dificultades tecnicas, por favor escríbenos a info@ajudadana.es
+            </p>
+          </div>
+        </div>
+      </div>
       <Login onSuccessCallback={() => router.push(redirect)} redirectUrl={redirect} />
     </section>
   );
diff --git a/src/app/ofrecer-ayuda/page.tsx b/src/app/ofrecer-ayuda/page.tsx
index 63783a6b..c2f4a3a6 100644
--- a/src/app/ofrecer-ayuda/page.tsx
+++ b/src/app/ofrecer-ayuda/page.tsx
@@ -1,5 +1,22 @@
+'use client';
 import OfferHelp from '@/components/OfferHelp';
+import { supabase } from '@/lib/supabase/client';
+import { useEffect, useState } from 'react';
 
 export default function OfrecerAyuda() {
-  return <OfferHelp />;
+  const [session, setSession] = useState(null);
+
+  useEffect(() => {
+    supabase.auth.getSession().then(({ data: { session } }: any) => {
+      setSession(session);
+    });
+  }, []);
+
+  return session ? (
+    <OfferHelp sessionProp={session} />
+  ) : (
+    <div className="flex justify-center items-center min-h-screen">
+      <div className="animate-spin rounded-full h-12 w-12 border-b-2 border-blue-500"></div>
+    </div>
+  );
 }
diff --git a/src/app/solicitar-ayuda/_components/Form/FormContainer.tsx b/src/app/solicitar-ayuda/_components/Form/FormContainer.tsx
index 43971f3c..a70fc9a3 100644
--- a/src/app/solicitar-ayuda/_components/Form/FormContainer.tsx
+++ b/src/app/solicitar-ayuda/_components/Form/FormContainer.tsx
@@ -28,9 +28,8 @@ const mapHelpToEnum = (helpTypeMap: FormData['tiposDeAyuda']): Enums['help_type_
     [] as Enums['help_type_enum'][],
   );
 
-export function FormContainer() {
+export function FormContainer({ session }: any) {
   const router = useRouter();
-  const session = useSession();
 
   const userId = session.user?.id;
 
diff --git a/src/app/solicitar-ayuda/_components/Form/FormRenderer.tsx b/src/app/solicitar-ayuda/_components/Form/FormRenderer.tsx
index b0968a8e..7136122a 100644
--- a/src/app/solicitar-ayuda/_components/Form/FormRenderer.tsx
+++ b/src/app/solicitar-ayuda/_components/Form/FormRenderer.tsx
@@ -72,23 +72,29 @@ export function FormRenderer({
             </div>
             <PhoneInput phoneNumber={formData.contacto} onChange={handlePhoneChange} required />
           </div>
-          <div>
-            <label className="block text-sm font-medium text-gray-700 mb-1">
-              Correo electrónico <span className="text-red-500">*</span>
-            </label>
-            <input
-              type="email"
-              name="email"
-              value={formData.email}
-              onChange={handleEmailChange}
-              className="w-full p-2 border rounded focus:ring-2 focus:ring-green-500 focus:border-green-500"
-            />
-            <p className="mt-1 text-sm text-gray-500">
-              {isUserLoggedIn
-                ? 'Se utilizará para que puedas eliminar o editar la información de tu solicitud'
-                : 'Se utilizará para que puedas actualizar tu solicitud y marcarla como completada. Para realizar cambios, deberás registrarte con el mismo email'}
-            </p>
-          </div>
+          {/*
+          MANTENIDO EN CASO DE RE UTILIZAR EN EL FUTURO
+          ACTUALMENTE NO APARECERA DE NINGUNA FORMA
+          */}
+          {!isUserLoggedIn && (
+            <div>
+              <label className="block text-sm font-medium text-gray-700 mb-1">
+                Correo electrónico <span className="text-red-500">*</span>
+              </label>
+              <input
+                type="email"
+                name="email"
+                value={formData.email}
+                onChange={handleEmailChange}
+                className="w-full p-2 border rounded focus:ring-2 focus:ring-green-500 focus:border-green-500"
+              />
+              <p className="mt-1 text-sm text-gray-500">
+                {isUserLoggedIn
+                  ? 'Se utilizará para que puedas eliminar o editar la información de tu solicitud'
+                  : 'Se utilizará para que puedas actualizar tu solicitud y marcarla como completada. Para realizar cambios, deberás registrarte con el mismo email'}
+              </p>
+            </div>
+          )}
           <div>
             <label className="block text-sm font-medium text-gray-700 mb-1">
               Ubicación exacta <span className="text-red-500">*</span>
diff --git a/src/app/solicitar-ayuda/page.tsx b/src/app/solicitar-ayuda/page.tsx
index 65f5144a..62e345ea 100644
--- a/src/app/solicitar-ayuda/page.tsx
+++ b/src/app/solicitar-ayuda/page.tsx
@@ -1,9 +1,19 @@
-import { AlertTriangle } from 'lucide-react';
+'use client';
+import { useEffect, useState } from 'react';
 import Image from 'next/image';
-import { Form } from './_components/Form';
 import { CallCenterLink } from '@/components/CallCenterLink';
+import { AlertTriangle } from 'lucide-react';
+import { supabase } from '@/lib/supabase/client';
+import { Form } from './_components/Form';
 
 export default function SolicitarAyuda() {
+  const [session, setSession] = useState(null);
+
+  useEffect(() => {
+    supabase.auth.getSession().then(({ data: { session } }: any) => {
+      setSession(session);
+    });
+  }, []);
   return (
     <div className="space-y-6">
       {/* Banner de emergencia */}
@@ -55,7 +65,13 @@ export default function SolicitarAyuda() {
           </div>
         </div>
       </div>
-      <Form />
+      {session ? (
+        <Form session={session} />
+      ) : (
+        <div className="flex justify-center items-center min-h-screen">
+          <div className="animate-spin rounded-full h-12 w-12 border-b-2 border-blue-500"></div>
+        </div>
+      )}
     </div>
   );
 }
diff --git a/src/app/solicitudes/editar/[id]/page.tsx b/src/app/solicitudes/editar/[id]/page.tsx
index d5d4fc0e..5600012e 100644
--- a/src/app/solicitudes/editar/[id]/page.tsx
+++ b/src/app/solicitudes/editar/[id]/page.tsx
@@ -1,15 +1,7 @@
 import RequestHelp from '@/components/RequestHelp';
-import Unauthorized from '@/components/Unauthorized';
 import { helpRequestService } from '@/lib/service';
-import { createClient } from '@/lib/supabase/server';
-
 export default async function EditarSolicitud({ params }: { params: Promise<{ id: string }> }) {
   const { id } = await params;
-  const supabase = await createClient();
-  const { data: session } = await supabase.auth.getUser();
-  if (session.user === null) {
-    return <Unauthorized />;
-  }
   const request = await helpRequestService.getOne(Number(id));
 
   return (
diff --git a/src/components/OfferHelp.js b/src/components/OfferHelp.js
index 524b4495..750143df 100644
--- a/src/components/OfferHelp.js
+++ b/src/components/OfferHelp.js
@@ -23,16 +23,19 @@ export default function OfferHelp({
   id = 0,
   redirect = '/casos-activos/ofertas',
   submitType = 'create',
+  sessionProp,
 }) {
   const { towns } = useTowns();
-  const session = useSession();
+  const session = sessionProp || useSession();
 
   const router = useRouter();
 
   const userId = session.user?.id;
 
+  const isLoggedIn = Boolean(session?.user);
+
   const [formData, setFormData] = useState({
-    nombre: data.name || session?.user?.user_metadata?.full_name || '',
+    nombre: data.name || session?.user?.user_metadata?.full_name || session?.user?.user_metadata?.nombre || '',
     telefono: data.contact_info || session?.user?.user_metadata?.telefono || '',
     email: data.additional_info?.email || session?.user?.user_metadata?.email || '',
     ubicacion: data.location || '',
@@ -201,7 +204,7 @@ export default function OfferHelp({
 
       {/* Formulario */}
 
-      <div className="space-y-6 max-h-[65vh] overflow-y-auto p-2">
+      <div className="space-y-6 overflow-y-auto p-2">
         {/* Datos personales */}
         <div className="grid md:grid-cols-2 gap-4">
           <div>
@@ -218,21 +221,25 @@ export default function OfferHelp({
           </div>
           <PhoneInput phoneNumber={formData.telefono} onChange={handlePhoneChange} required />
         </div>
-
-        {submitType === 'create' && (
-          <div>
-            <label className="block text-sm font-medium text-gray-700 mb-1" htmlFor="userEmail">
-              Correo electrónico
-            </label>
-            <input
-              id="userEmail"
-              type="email"
-              value={formData.email}
-              onChange={(e) => setFormData({ ...formData, email: e.target.value })}
-              className="w-full p-2 border rounded focus:ring-2 focus:ring-green-500 focus:border-green-500"
-            />
-          </div>
-        )}
+        {/*
+          MANTENIDO EN CASO DE RE UTILIZAR EN EL FUTURO
+          ACTUALMENTE NO APARECERA DE NINGUNA FORMA
+        */}
+        {submitType === 'create' ||
+          (isLoggedIn && (
+            <div>
+              <label className="block text-sm font-medium text-gray-700 mb-1" htmlFor="userEmail">
+                Correo electrónico
+              </label>
+              <input
+                id="userEmail"
+                type="email"
+                value={formData.email}
+                onChange={(e) => setFormData({ ...formData, email: e.target.value })}
+                className="w-full p-2 border rounded focus:ring-2 focus:ring-green-500 focus:border-green-500"
+              />
+            </div>
+          ))}
         {submitType === 'edit' && (
           <div>
             <label htmlFor="status" className="block text-sm font-medium text-gray-700 mb-1">
diff --git a/src/components/layout/Sidebar.tsx b/src/components/layout/Sidebar.tsx
index ed83d57b..212bcb3a 100644
--- a/src/components/layout/Sidebar.tsx
+++ b/src/components/layout/Sidebar.tsx
@@ -70,6 +70,7 @@ export default function Sidebar({ isOpen, toggleAction }: SidebarProps) {
       title: 'Mis solicitudes',
       description: 'Edita o elimina tus solicitudes',
       path: '/solicitudes',
+      isLogged: true,
       color: 'text-red-500',
       hide: !hasRequests,
     },
@@ -78,6 +79,7 @@ export default function Sidebar({ isOpen, toggleAction }: SidebarProps) {
       title: 'Mis ofertas',
       description: 'Edita o elimina tus ofertas',
       path: '/ofertas',
+      isLogged: true,
       color: 'text-green-500',
       hide: !hasOffers,
     },
@@ -93,6 +95,7 @@ export default function Sidebar({ isOpen, toggleAction }: SidebarProps) {
       title: 'Solicitar Ayuda',
       description: 'Si necesitas asistencia',
       path: '/solicitar-ayuda',
+      isLogged: true,
       color: 'text-red-600',
     },
     {
@@ -100,6 +103,7 @@ export default function Sidebar({ isOpen, toggleAction }: SidebarProps) {
       title: 'Ofrecer Ayuda',
       description: 'Si puedes ayudar a otros',
       path: '/ofrecer-ayuda',
+      isLogged: true,
       color: 'text-green-600',
     },
     {
@@ -208,7 +212,7 @@ export default function Sidebar({ isOpen, toggleAction }: SidebarProps) {
                   <button
                     key={item.path}
                     onClick={() => {
-                      router.push(item.path);
+                      router.push(item?.isLogged && !userId ? '/auth?redirect=' + item.path : item.path);
                       if (window.innerWidth < 768) toggleAction();
                     }}
                     className={`w-full text-left transition-colors ${
diff --git a/src/lib/supabase/middleware.ts b/src/lib/supabase/middleware.ts
index 03a11751..a0bbaf3f 100644
--- a/src/lib/supabase/middleware.ts
+++ b/src/lib/supabase/middleware.ts
@@ -36,6 +36,19 @@ export async function updateSession(request: NextRequest) {
     return NextResponse.redirect(url);
   }
 
+  const {
+    data: { user },
+  } = await supabase.auth.getUser()
+
+  if (
+    !user &&
+    request.nextUrl.pathname.startsWith('/solicitudes/editar') ||
+    !user &&
+    request.nextUrl.pathname.startsWith('/ofertas/editar')
+  ) {
+    url.pathname = '/auth'
+    return NextResponse.redirect(url)
+  }
   // IMPORTANT: You *must* return the supabaseResponse object as it is. If you're
   // creating a new response object with NextResponse.next() make sure to:
   // 1. Pass the request in it, like so:
diff --git a/supabase/migrations/20241109054846_limit_post_to_authenticated_users.sql b/supabase/migrations/20241109054846_limit_post_to_authenticated_users.sql
new file mode 100644
index 00000000..fb9973a7
--- /dev/null
+++ b/supabase/migrations/20241109054846_limit_post_to_authenticated_users.sql
@@ -0,0 +1,41 @@
+drop policy "Enable insert access" on "public"."help_requests";
+
+drop policy "Enable insert for all users" on "public"."help_requests";
+
+drop policy "Enable insert for anonymous users" on "public"."help_requests";
+
+drop policy "Enable_update_for_users_based_on_email" on "public"."help_requests";
+
+create policy "Enable insert access"
+on "public"."help_requests"
+as permissive
+for insert
+to authenticated
+with check (true);
+
+
+create policy "Enable insert for all users"
+on "public"."help_requests"
+as permissive
+for insert
+to authenticated
+with check (true);
+
+
+create policy "Enable insert for anonymous users"
+on "public"."help_requests"
+as permissive
+for insert
+to authenticated
+with check (true);
+
+
+create policy "Enable_update_for_users_based_on_email"
+on "public"."help_requests"
+as permissive
+for update
+to authenticated
+using (((auth.uid() IS NOT NULL) AND ((additional_info ->> 'email'::text) = auth.email())));
+
+
+

From 9dd86f9f603f476ececc83f0a28a8889c37c9c61 Mon Sep 17 00:00:00 2001
From: patrickwebsdev <contacto@patricioalmada.com.ar>
Date: Sat, 9 Nov 2024 03:29:02 -0300
Subject: [PATCH 3/5] fix: React Hook "useSession" is called conditionally.
 React Hooks must be called in the exact same order in every component render.
  react-hooks/rules-of-hooks

---
 src/components/OfferHelp.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/components/OfferHelp.js b/src/components/OfferHelp.js
index 750143df..2fa76e8c 100644
--- a/src/components/OfferHelp.js
+++ b/src/components/OfferHelp.js
@@ -26,7 +26,8 @@ export default function OfferHelp({
   sessionProp,
 }) {
   const { towns } = useTowns();
-  const session = sessionProp || useSession();
+  const sessionProvider = useSession();
+  const session = sessionProp || sessionProvider;
 
   const router = useRouter();
 

From d24699d8f07aabe0468e4a2e01e793b9e316beb7 Mon Sep 17 00:00:00 2001
From: patrickwebsdev <contacto@patricioalmada.com.ar>
Date: Sat, 9 Nov 2024 03:33:33 -0300
Subject: [PATCH 4/5] fix: missing sessionProp

---
 src/components/OfferHelp.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/components/OfferHelp.js b/src/components/OfferHelp.js
index 2fa76e8c..4c49c319 100644
--- a/src/components/OfferHelp.js
+++ b/src/components/OfferHelp.js
@@ -23,7 +23,7 @@ export default function OfferHelp({
   id = 0,
   redirect = '/casos-activos/ofertas',
   submitType = 'create',
-  sessionProp,
+  sessionProp = undefined,
 }) {
   const { towns } = useTowns();
   const sessionProvider = useSession();

From 7d704fd6c47fccc10b6e636bbd2885c5937263e4 Mon Sep 17 00:00:00 2001
From: patrickwebsdev <contacto@patricioalmada.com.ar>
Date: Sat, 9 Nov 2024 03:52:55 -0300
Subject: [PATCH 5/5] fix: code quality checks

---
 src/lib/supabase/middleware.ts | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/src/lib/supabase/middleware.ts b/src/lib/supabase/middleware.ts
index a0bbaf3f..b689d45a 100644
--- a/src/lib/supabase/middleware.ts
+++ b/src/lib/supabase/middleware.ts
@@ -38,16 +38,14 @@ export async function updateSession(request: NextRequest) {
 
   const {
     data: { user },
-  } = await supabase.auth.getUser()
+  } = await supabase.auth.getUser();
 
   if (
-    !user &&
-    request.nextUrl.pathname.startsWith('/solicitudes/editar') ||
-    !user &&
-    request.nextUrl.pathname.startsWith('/ofertas/editar')
+    (!user && request.nextUrl.pathname.startsWith('/solicitudes/editar')) ||
+    (!user && request.nextUrl.pathname.startsWith('/ofertas/editar'))
   ) {
-    url.pathname = '/auth'
-    return NextResponse.redirect(url)
+    url.pathname = '/auth';
+    return NextResponse.redirect(url);
   }
   // IMPORTANT: You *must* return the supabaseResponse object as it is. If you're
   // creating a new response object with NextResponse.next() make sure to: