multitenant-development
Multitenant Development
Quick Start
When working with multitenant features:
- Always verify tenant with
getTenantFromRequest()in APIs and middleware - Never make queries without filtering by
tenant_id - Ensure RLS policies include tenant verification
- Configure tenant-specific assets in
public/tenants/{tenant_slug}/ - Usar
getTenantAssetPath(tenant, assetPath, fallback)para URLs de assets (incluye cache busting?v=por deploy)
Key Files
src/lib/tenant/tenant-service.ts- Main tenant servicesrc/lib/tenant/tenant-assets.ts- URLs de assets con cache busting (Supabase o local)src/middleware.ts- Tenant detectionsrc/components/TenantThemeStyles.tsx- Tenant stylessupabase/migrations/*- RLS migrationsoptimize-pintemas-assets-upload.js- Subir assets de tenants al buckettenant-assets
Common Patterns
API with Tenant Isolation
import { getTenantFromRequest } from '@/lib/tenant/tenant-service';
import { createClient } from '@/lib/supabase/server';
export async function GET(request: NextRequest) {
const tenant = await getTenantFromRequest(request);
if (!tenant) {
return NextResponse.json({ error: 'Tenant not found' }, { status: 404 });
}
const supabase = createClient();
const { data, error } = await supabase
.from('products')
.select('*')
.eq('tenant_id', tenant.id);
if (error) {
return NextResponse.json({ error: error.message }, { status: 500 });
}
return NextResponse.json(data);
}
RLS Policy
CREATE POLICY "tenant_isolation_products" ON products
FOR ALL
USING (
tenant_id = (
SELECT id FROM tenants
WHERE slug = current_setting('app.tenant_slug', true)
)
);
Tenant Assets
Usar getTenantAssetPath() para que las URLs lleven cache busting y se actualicen tras cada deploy:
import { getTenantAssetPath } from '@/lib/tenant/tenant-assets';
const tenant = useTenant();
const logoPath = getTenantAssetPath(tenant, 'logo.svg', '/images/logo/logo.svg');
const primaryColor = tenant.primary_color || '#ea5a17';
- Assets en Supabase: bucket
tenant-assets, rutatenants/{slug}/.... Subir connode optimize-pintemas-assets-upload.js. - Tras cambiar assets: hacer deploy y purgar caché CDN (
npm run cache:purgeo Vercel → Settings → Caches) para que se vean pronto en todos los dispositivos. Verdocs/CACHE_PURGE_ANTES_DEPLOY.md.
Checklist
- Verify tenant in each request
- Include
tenant_idin all queries - Verify RLS policies are active
- Test with multiple tenants
- Verify data isolation
- Configure tenant assets if needed
More from santiagoxor/pintureria-digital
checkout-payments
Specialized skill for working with checkout and payment systems including MercadoPago integration, order management, address validation, and checkout flow. Use when implementing checkout improvements, integrating payment methods, debugging payment issues, or optimizing checkout process.
39authentication
Specialized skill for working with NextAuth.js authentication including session management, JWT tokens, role-based access control, and protected routes. Use when implementing authentication features, securing routes, managing user sessions, or debugging auth issues.
34postgres-best-practices
Postgres performance optimization guidelines from Supabase. Contains rules across 8 categories prioritized by impact. Use when writing SQL queries, designing schemas, implementing indexes, optimizing queries, reviewing database performance, configuring connection pooling, or working with Row-Level Security (RLS).
29testing-qa
Specialized skill for writing and maintaining tests including unit tests, integration tests, E2E tests with Playwright, and accessibility tests. Use when writing tests for new features, debugging failed tests, improving test coverage, or setting up E2E tests.
18error-handling
Specialized skill for implementing proper error handling, logging, user-friendly error messages, and error recovery strategies. Use when implementing error handling in APIs, components, or when debugging error issues.
17lighthouse-audit
Specialized skill for running Lighthouse audits, analyzing Core Web Vitals, identifying performance opportunities, and generating performance reports. Use when auditing performance, analyzing Lighthouse metrics, optimizing Core Web Vitals, or generating performance reports.
17