Merge branch 'main' of https://huggingface.co/spaces/gaurv007/ClauseGuard

web/app/api/admin/route.ts

@@ -1,14 +1,23 @@
 import { NextRequest, NextResponse } from "next/server";
 import { createClient } from "@/lib/supabase/server";
 
-const ADMIN_EMAILS = ["ankygaur9972@gmail.com"];
-
+// No hardcoded emails — admin access is determined by profiles.role in the database
 async function checkAdmin() {
   const supabase = await createClient();
   const { data: { user } } = await supabase.auth.getUser();
-  if (!user || !ADMIN_EMAILS.includes(user.email || "")) {
+  if (!user) return { supabase: null, user: null, error: true };
+
+  // Check role from database
+  const { data: profile } = await supabase
+    .from("profiles")
+    .select("role")
+    .eq("id", user.id)
+    .single();
+
+  if (profile?.role !== "admin") {
     return { supabase: null, user: null, error: true };
   }
+
   return { supabase, user, error: false };
 }
 
@@ -30,7 +39,6 @@ export async function GET(req: NextRequest) {
       const { count: totalApiKeys } = await supabase.from("api_keys").select("id", { count: "exact", head: true }).eq("is_active", true);
       const { count: bannedUsers } = await supabase.from("profiles").select("id", { count: "exact", head: true }).eq("is_banned", true);
 
-      // Scans today
       const today = new Date();
       today.setHours(0, 0, 0, 0);
       const { count: scansToday } = await supabase.from("analyses").select("id", { count: "exact", head: true }).gte("created_at", today.toISOString());

web/app/api/me/route.ts

@@ -0,0 +1,59 @@
+import { NextRequest, NextResponse } from "next/server";
+import { createClient } from "@/lib/supabase/server";
+
+/**
+ * GET /api/me
+ * Returns the current user's profile from DB.
+ * Used by client components (analyze page, etc.) to determine plan, role, usage.
+ * No hardcoded emails — everything comes from the database.
+ */
+export async function GET(req: NextRequest) {
+  try {
+    const supabase = await createClient();
+    const { data: { user } } = await supabase.auth.getUser();
+
+    if (!user) {
+      return NextResponse.json({
+        authenticated: false,
+        plan: "free",
+        role: "user",
+        isAdmin: false,
+        analyses_this_month: 0,
+      });
+    }
+
+    const { data: profile } = await supabase
+      .from("profiles")
+      .select("plan, role, is_banned, analyses_this_month, full_name, email")
+      .eq("id", user.id)
+      .single();
+
+    const plan = profile?.plan || "free";
+    const role = profile?.role || "user";
+
+    return NextResponse.json({
+      authenticated: true,
+      id: user.id,
+      email: profile?.email || user.email,
+      full_name: profile?.full_name || "",
+      plan,
+      role,
+      isAdmin: role === "admin",
+      is_banned: profile?.is_banned || false,
+      analyses_this_month: profile?.analyses_this_month || 0,
+      // Admins get unlimited everything
+      scan_limit: role === "admin" ? Infinity : plan === "free" ? 10 : Infinity,
+      can_upload: role === "admin" || plan !== "free",
+      can_compare: role === "admin" || plan !== "free",
+      can_export_pdf: role === "admin" || plan !== "free",
+    });
+  } catch (error) {
+    return NextResponse.json({
+      authenticated: false,
+      plan: "free",
+      role: "user",
+      isAdmin: false,
+      analyses_this_month: 0,
+    });
+  }
+}

web/app/dashboard-pages/analyze/page.tsx

@@ -1,6 +1,6 @@
 "use client";
 
-import { useState, useRef } from "react";
+import { useState, useRef, useEffect } from "react";
 import {
   ScanText, ScanLine, TriangleAlert, CircleAlert, CircleCheck, Info,
   FileDown, ChevronDown, ChevronUp, Copy, Check, Upload, FileText,
@@ -165,11 +165,28 @@ export default function AnalyzePage() {
   const [copied, setCopied] = useState(false);
   const [scanCount, setScanCount] = useState(0);
   const [userPlan, setUserPlan] = useState("free");
+  const [userRole, setUserRole] = useState("user");
+  const [scanLimit, setScanLimit] = useState(10);
+  const [canUpload, setCanUpload] = useState(false);
   const [showUpgrade, setShowUpgrade] = useState(false);
   const fileInputRef = useRef<HTMLInputElement>(null);
 
-  const FREE_LIMIT = 10;
-  const canScan = userPlan !== "free" || scanCount < FREE_LIMIT;
+  // Fetch user profile from DB on mount — no hardcoded emails or plans
+  useEffect(() => {
+    fetch("/api/me")
+      .then(res => res.json())
+      .then(data => {
+        setUserPlan(data.plan || "free");
+        setUserRole(data.role || "user");
+        setScanCount(data.analyses_this_month || 0);
+        setScanLimit(data.scan_limit === Infinity || data.scan_limit > 9999 ? Infinity : (data.scan_limit || 10));
+        setCanUpload(data.can_upload || false);
+      })
+      .catch(() => {});
+  }, []);
+
+  const isAdmin = userRole === "admin";
+  const canScan = isAdmin || userPlan !== "free" || scanCount < scanLimit;
 
   async function handleAnalyze() {
     if (!text || text.trim().length < 50) { setError("Enter at least 50 characters."); return; }
@@ -187,7 +204,7 @@ export default function AnalyzePage() {
   async function handleFileUpload(e: React.ChangeEvent<HTMLInputElement>) {
     const file = e.target.files?.[0];
     if (!file) return;
-    if (userPlan === "free") { setShowUpgrade(true); return; }
+    if (!canUpload) { setShowUpgrade(true); return; }
     setLoading(true); setError("");
     try {
       const formData = new FormData(); formData.append("file", file);
@@ -255,10 +272,10 @@ export default function AnalyzePage() {
               <div className="w-10 h-10 rounded-xl bg-amber-50 flex items-center justify-center"><Lock className="w-5 h-5 text-amber-600" /></div>
               <button onClick={() => setShowUpgrade(false)} className="p-1 hover:bg-zinc-100 rounded-md"><X className="w-4 h-4 text-zinc-400" /></button>
             </div>
-            <h3 className="mt-4 text-lg font-semibold">{userPlan === "free" && scanCount >= FREE_LIMIT ? "Free limit reached" : "Pro feature"}</h3>
+            <h3 className="mt-4 text-lg font-semibold">{scanCount >= scanLimit ? "Scan limit reached" : "Pro feature"}</h3>
             <p className="mt-1.5 text-sm text-zinc-500 leading-relaxed">
-              {userPlan === "free" && scanCount >= FREE_LIMIT
-                ? `You have used all ${FREE_LIMIT} free scans. Upgrade to Pro for unlimited scans and full analysis.`
+              {scanCount >= scanLimit
+                ? "You have used all your free scans. Upgrade to Pro for unlimited scans and full analysis."
                 : "File upload is available on the Pro plan."}
             </p>
             <div className="mt-5 flex gap-2">
@@ -279,8 +296,8 @@ export default function AnalyzePage() {
             </h1>
             <p className="mt-1 text-xs sm:text-sm text-zinc-500 max-w-xl">Paste text or upload a file. Get 41-category clause detection, risk scoring, ML NER, NLI contradictions, compliance checks, and obligation tracking.</p>
           </div>
-          {userPlan === "free" && (
-            <span className="self-start text-xs text-zinc-400 border border-zinc-200 px-2.5 py-1 rounded-md whitespace-nowrap">{scanCount}/{FREE_LIMIT} free scans</span>
+          {userPlan === "free" && !isAdmin && (
+            <span className="self-start text-xs text-zinc-400 border border-zinc-200 px-2.5 py-1 rounded-md whitespace-nowrap">{scanCount}/{scanLimit === Infinity ? "\u221E" : scanLimit} scans</span>
           )}
         </div>
 

web/components/nav.tsx

@@ -13,19 +13,28 @@ const links = [
   { href: "/dashboard-pages/compare", label: "Compare", icon: GitCompare },
 ];
 
-const ADMIN_EMAILS = ["ankygaur9972@gmail.com"];
-
 export function Nav() {
   const [open, setOpen] = useState(false);
   const [userEmail, setUserEmail] = useState<string | null>(null);
+  const [userRole, setUserRole] = useState<string | null>(null);
   const pathname = usePathname();
   const isDashboard = pathname?.startsWith("/dashboard");
-  const isAdmin = userEmail && ADMIN_EMAILS.includes(userEmail);
+  const isAdmin = userRole === "admin";
 
   useEffect(() => {
     const supabase = createClient();
-    supabase.auth.getUser().then(({ data }) => {
-      setUserEmail(data.user?.email || null);
+    supabase.auth.getUser().then(async ({ data }) => {
+      const user = data.user;
+      setUserEmail(user?.email || null);
+      if (user) {
+        // Fetch role from database — no hardcoded emails
+        const { data: profile } = await supabase
+          .from("profiles")
+          .select("role")
+          .eq("id", user.id)
+          .single();
+        setUserRole(profile?.role || "user");
+      }
     });
   }, []);
 

web/lib/admin-guard.ts

@@ -1,20 +1,13 @@
 import { createClient } from "@/lib/supabase/server";
 import { redirect } from "next/navigation";
 
-const ADMIN_EMAILS = ["ankygaur9972@gmail.com"];
-
 export async function requireAdmin() {
   const supabase = await createClient();
   const { data: { user } } = await supabase.auth.getUser();
 
   if (!user) redirect("/auth/login");
 
-  // Check email first (fast)
-  if (!ADMIN_EMAILS.includes(user.email || "")) {
-    redirect("/dashboard-pages/dashboard");
-  }
-
-  // Double check role in DB
+  // Check role from database — no hardcoded emails
   const { data: profile } = await supabase
     .from("profiles")
     .select("role")

web/lib/supabase/schema.sql

@@ -1,4 +1,4 @@
--- ClauseGuard — Full Database Schema v2.0
+-- ClauseGuard — Full Database Schema v3.0
 -- Tables ordered by dependency (no forward references)
 
 -- ─── 1. Teams (no dependencies) ───
@@ -42,7 +42,7 @@ CREATE TABLE IF NOT EXISTS public.team_invites (
   UNIQUE(team_id, email)
 );
 
--- ─── 4. Analyses (depends on profiles, teams) — v2.0 with full analysis data ───
+-- ─── 4. Analyses (depends on profiles, teams) ───
 CREATE TABLE IF NOT EXISTS public.analyses (
   id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
   user_id UUID REFERENCES public.profiles ON DELETE CASCADE NOT NULL,
@@ -115,6 +115,8 @@ CREATE INDEX IF NOT EXISTS idx_team_invites_email ON public.team_invites(email);
 CREATE INDEX IF NOT EXISTS idx_custom_rules_user_id ON public.custom_rules(user_id);
 CREATE INDEX IF NOT EXISTS idx_custom_rules_team_id ON public.custom_rules(team_id);
 CREATE INDEX IF NOT EXISTS idx_admin_logs_created ON public.admin_logs(created_at DESC);
+CREATE INDEX IF NOT EXISTS idx_profiles_role ON public.profiles(role);
+CREATE INDEX IF NOT EXISTS idx_profiles_email ON public.profiles(email);
 
 -- ─── Row Level Security ───
 ALTER TABLE public.profiles ENABLE ROW LEVEL SECURITY;
@@ -184,9 +186,11 @@ CREATE TRIGGER on_auth_user_created
   AFTER INSERT ON auth.users
   FOR EACH ROW EXECUTE FUNCTION public.handle_new_user();
 
--- ─── Set admin ───
+-- ─── Set owner as admin with full access ───
 -- Run this AFTER your first signup with your email:
--- UPDATE public.profiles SET role = 'admin' WHERE email = 'your-email@example.com';
+UPDATE public.profiles
+SET role = 'admin', plan = 'pro'
+WHERE email = 'ankygaur9972@gmail.com';
 
 -- ─── Monthly reset function ───
 CREATE OR REPLACE FUNCTION public.reset_monthly_usage()