SSP

Description

Internal production tracking system built for Electro CyR, managing field operations, work orders, and team activity with advanced security features.

Details

• —OTP email authentication via Supabase Auth with httpOnly secure cookies
• —Modular role-based access control with granular permissions per user type
• —IP binding to prevent concurrent sessions from different devices
• —OTP attempt limiting with progressive blocking system
• —Single session per user enforced via active_sessions table with auto-cleanup
• —TabTracker with BroadcastChannel for cross-tab session synchronization
• —Role injected via JWT app_metadata to prevent cookie manipulation
• —CSP headers with report-only in development and enforced in production
• —Server-side route protection via Next.js 16 proxy middleware
• —RLS policies on all database tables for row-level data isolation