SSP

Development

Description

Internal production tracking system built for Electro CyR, managing field operations, work orders, and team activity with advanced security features.

Details

  • OTP email authentication via Supabase Auth with httpOnly secure cookies
  • Modular role-based access control with granular permissions per user type
  • IP binding to prevent concurrent sessions from different devices
  • OTP attempt limiting with progressive blocking system
  • Single session per user enforced via active_sessions table with auto-cleanup
  • TabTracker with BroadcastChannel for cross-tab session synchronization
  • Role injected via JWT app_metadata to prevent cookie manipulation
  • CSP headers with report-only in development and enforced in production
  • Server-side route protection via Next.js 16 proxy middleware
  • RLS policies on all database tables for row-level data isolation

Technologies

Next.js 16TypeScriptTailwind CSS v4SupabasePostgreSQLVercel

Lines of code

9,250

SSP — Lautaro Boffi