# Complete Supabase Removal - Audit & Implementation Plan **Date:** November 9, 2025 **Status:** Ready for Implementation **Approach:** Aggressive (10-11 days) **Scope:** Contact System = YES, Blog = NO --- ## 🎯 EXECUTIVE SUMMARY ### Current State - **Django Backend:** 95% complete, production-ready - **Frontend Migration:** 20% complete, 459+ Supabase references remain - **Sacred Pipeline:** Fully operational - **Critical Features:** All implemented (Reports, Timeline, RideNameHistory) ### What Must Be Done - Implement Contact System backend (6 hours) - Create comprehensive service layer (35 hours) - Migrate authentication to Django JWT (16 hours) - Update all components to use services (25 hours) - Remove Supabase completely (9 hours) **Total Effort:** ~91 hours (10-11 working days) --- ## 📊 AUDIT FINDINGS ### ✅ Backend Complete Features 1. All core entities (Parks, Rides, Companies, Ride Models) 2. RideNameHistory model + API ✅ 3. EntityTimelineEvent model + API ✅ 4. Reports model + API ✅ 5. Sacred Pipeline (Form → Submission → Moderation → Approval) 6. Reviews with helpful votes 7. User ride credits & top lists 8. Photos with CloudFlare integration 9. Complete moderation system 10. pghistory-based versioning 11. Search with PostgreSQL GIN indexes 12. Authentication with JWT 13. Celery for background tasks ### ❌ Missing Backend Features 1. Contact System (required for MVP) 2. Blog Posts (NOT in MVP scope) 3. GDPR features (post-MVP) ### 🔴 Frontend Supabase Dependencies **Total:** 459+ references across codebase **Breakdown by category:** - Authentication: 60+ files using `supabase.auth.*` - Entity queries: 100+ files using `supabase.from()` - Moderation: 20+ files (partially migrated) - Reviews: 15+ files - User profiles: 15+ files - Search: 10+ files - Forms/Submissions: 30+ files (mixed) - Utilities: 50+ files --- ## 🚀 IMPLEMENTATION PLAN ### Phase 1: Backend Contact System (6 hours) **Priority:** CRITICAL - Required for MVP #### Task 1.1: Contact App Setup (2 hours) - Create `django/apps/contact/` app - Implement `ContactSubmission` model with pghistory - Create migration - Register in admin #### Task 1.2: Contact API Endpoints (2 hours) - Create `django/api/v1/endpoints/contact.py` - Implement: - `POST /contact/submit` - Submit contact form - `GET /contact/` - List contacts (moderators only) - `PATCH /contact/{id}/status` - Update status (moderators only) #### Task 1.3: Celery Email Tasks (1.5 hours) - Confirmation email to user - Notification email to admins #### Task 1.4: Integration (30 min) - Add to INSTALLED_APPS - Register routes - Create email templates --- ### Phase 2: Service Layer Foundation (35 hours) **Priority:** CRITICAL - Foundation for all frontend work #### Task 2.1: Base API Client (3 hours) **File:** `src/lib/api/client.ts` - Unified HTTP client - JWT token management - Error handling & retry logic - Request/response interceptors #### Task 2.2: Authentication Service (4 hours) **File:** `src/services/auth/` - Replace ALL `supabase.auth.*` calls - Login, register, logout - OAuth integration - MFA handling - Password reset/update - Session management #### Task 2.3: Users Service (4 hours) **File:** `src/services/users/` - User profiles (CRUD) - Batch user fetching - User search - Block/unblock functionality #### Task 2.4: Parks Service (4 hours) **File:** `src/services/parks/` - Park CRUD via submissions - Filtering & search - Replace ALL `supabase.from('parks')` #### Task 2.5: Rides Service (4 hours) **File:** `src/services/rides/` - Ride CRUD via submissions - Name history integration - Replace ALL `supabase.from('rides')` #### Task 2.6: Companies Service (4 hours) **File:** `src/services/companies/` - Company CRUD via submissions - Type filtering (manufacturers, operators, designers) - Replace ALL `supabase.from('companies')` #### Task 2.7: Reviews Service (3 hours) **File:** `src/services/reviews/` - Review CRUD - Helpful votes - Entity reviews - User reviews #### Task 2.8: Submissions Service (4 hours) **File:** `src/services/submissions/` - Unified submission interface - Moderation actions (claim, approve, reject) - Submission status tracking #### Task 2.9: Timeline Service (2 hours) **File:** `src/services/timeline/` - Timeline event CRUD - Entity timeline fetching #### Task 2.10: Search Service (3 hours) **File:** `src/services/search/` - Global search - Entity-specific search - Advanced filtering #### Task 2.11: Contact Service (2 hours) **File:** `src/services/contact/` - Contact form submission - Contact management (moderators) #### Task 2.12: Photos Service (2 hours) **File:** `src/services/photos/` - Photo upload via CloudFlare - Photo management - Caption updates --- ### Phase 3: Authentication Migration (16 hours) **Priority:** CRITICAL - Blocks most other work #### Task 3.1: Update Auth Context (6 hours) **File:** `src/hooks/useAuth.tsx` - Replace `supabase.auth.onAuthStateChange()` - Replace `supabase.auth.getSession()` - Implement JWT token refresh - Handle auth state from Django #### Task 3.2: Update Auth Components (4 hours) **Files:** Auth pages & components - `src/pages/Auth.tsx` - `src/components/auth/AuthModal.tsx` - `src/components/auth/TOTPSetup.tsx` - `src/components/auth/MFAChallenge.tsx` - `src/components/auth/MFARemovalDialog.tsx` #### Task 3.3: Update Protected Routes (2 hours) - Update auth checks - JWT-based route protection #### Task 3.4: Session Management (2 hours) **File:** `src/lib/authStorage.ts` - JWT token storage - Token refresh logic #### Task 3.5: OAuth Integration (2 hours) **File:** `src/pages/AuthCallback.tsx` - OAuth callback handling - Provider integration --- ### Phase 4: Component Updates (25 hours) **Priority:** HIGH - Makes services usable #### Task 4.1: Park Pages (3 hours) - `src/pages/Parks.tsx` - `src/pages/ParkDetail.tsx` - `src/pages/ParkRides.tsx` - Replace `supabase.from('parks')` with `parksService` #### Task 4.2: Ride Pages (3 hours) - `src/pages/Rides.tsx` - `src/pages/RideDetail.tsx` - `src/pages/RideModelDetail.tsx` - `src/pages/RideModelRides.tsx` - Replace `supabase.from('rides')` with `ridesService` #### Task 4.3: Company Pages (3 hours) - `src/pages/Manufacturers.tsx` - `src/pages/ManufacturerDetail.tsx` - `src/pages/Operators.tsx` - `src/pages/OperatorDetail.tsx` - `src/pages/Designers.tsx` - `src/pages/DesignerDetail.tsx` - Replace `supabase.from('companies')` with `companiesService` #### Task 4.4: User Pages (3 hours) - `src/pages/Profile.tsx` - `src/pages/AdminDashboard.tsx` - Replace user queries with `usersService` #### Task 4.5: Form Components (5 hours) - Entity submission forms - Update to use service layers #### Task 4.6: Moderation Components (4 hours) - Complete migration of moderation queue - Remove ALL remaining Supabase references #### Task 4.7: Review Components (2 hours) - Update review forms and lists - Use `reviewsService` #### Task 4.8: Search Components (2 hours) - Update search components - Use `searchService` --- ### Phase 5: Cleanup & Testing (9 hours) **Priority:** CRITICAL - Ensure complete removal #### Task 5.1: Remove Supabase Dependencies (3 hours) 1. Delete `src/integrations/supabase/` directory 2. Remove from `package.json`: `@supabase/supabase-js` 3. Search and remove ALL remaining Supabase imports 4. Delete `src/lib/supabaseClient.ts` #### Task 5.2: Environment Variables (1 hour) - Remove Supabase env vars - Ensure Django API URL configured #### Task 5.3: Integration Testing (4 hours) Test EVERY flow: - User registration/login - Park CRUD via submissions - Ride CRUD via submissions - Company CRUD via submissions - Reviews CRUD - Moderation queue - Reports system - Contact form - Photo uploads - Search - Timeline events #### Task 5.4: Final Verification (1 hour) - Run: `grep -r "supabase" src/` - Should return 0 results - Verify all pages load - Verify Sacred Pipeline works end-to-end --- ## 📅 EXECUTION TIMELINE ### Week 1 (40 hours) **Days 1-2:** - Backend Contact System (6h) - Base API Client (3h) - Auth Service (4h) - Users Service (4h) **Days 3-5:** - Parks Service (4h) - Rides Service (4h) - Companies Service (4h) - Reviews Service (3h) - Submissions Service (4h) - Timeline Service (2h) - Search Service (3h) - Contact Service (2h) - Photos Service (2h) ### Week 2 (40 hours) **Days 1-2:** - Auth Context Update (6h) - Auth Components Update (4h) - Protected Routes (2h) - Session Management (2h) - OAuth Integration (2h) **Days 3-5:** - Park Pages (3h) - Ride Pages (3h) - Company Pages (3h) - User Pages (3h) - Form Components (5h) - Moderation Components (4h) - Review Components (2h) - Search Components (2h) ### Week 3 (11 hours) **Day 1:** - Remove Supabase Dependencies (3h) - Update Environment Variables (1h) - Integration Testing (4h) **Day 2:** - Final Verification (1h) - Bug fixes (2h) --- ## ⚠️ CRITICAL SUCCESS FACTORS ### 1. No Half Measures When updating a component, remove ALL Supabase references. No mixing of old and new. ### 2. Test As You Go After each service, test basic CRUD before moving on. ### 3. Commit Frequently Small, atomic commits for easy rollback if needed. ### 4. Error Handling Every service method needs proper error handling with user-friendly messages. ### 5. Type Safety Maintain strict TypeScript throughout. No `any` types. ### 6. Sacred Pipeline Integrity NEVER bypass the moderation pipeline. All entity changes must go through submissions. --- ## 🎯 SUCCESS CRITERIA ### Backend - ✅ Contact System fully implemented - ✅ All API endpoints functional - ✅ Celery tasks working - ✅ Migrations applied ### Frontend - ✅ Zero `import ... from '@supabase/supabase-js'` - ✅ Zero `supabase.` calls in codebase - ✅ All pages load without errors - ✅ Authentication works end-to-end - ✅ Sacred Pipeline intact (Form → Submission → Moderation → Approval) - ✅ Contact form works - ✅ All entity CRUD operations work - ✅ Search works - ✅ Photos work - ✅ Reviews work - ✅ Moderation queue works ### Testing - ✅ Can create account - ✅ Can log in/out - ✅ Can submit park/ride/company - ✅ Can moderate submissions - ✅ Can write reviews - ✅ Can search entities - ✅ Can upload photos - ✅ Can submit contact form - ✅ Can view entity history --- ## 📝 NOTES ### Why This Is Aggressive - No staging environment for incremental testing - Must get it right the first time - All changes must be production-ready - Testing happens in production ### Risk Mitigation - Comprehensive service layer abstracts backend - If Django has issues, services can be updated without touching components - Atomic commits allow quick rollback - Each phase has clear success criteria ### Post-Migration After complete removal: - Consider implementing GDPR features (account deletion, data export) - Consider adding Blog system if needed later - Monitor error logs for any missed Supabase references --- ## 🚦 READY TO PROCEED All planning complete. Backend is ready. Plan is aggressive but achievable. **Next Step:** Implement Phase 1 - Backend Contact System --- **Document Version:** 1.0 **Last Updated:** November 9, 2025