# üîß Supabase API Key Diagnostics & Fix

## üìã Overview
This notebook diagnoses and fixes the "Invalid API key" errors we're encountering in our systematic real data integration process.

## üéØ Goals
1. ‚úÖ Validate environment configuration  
2. üîç Test Supabase connection and API keys
3. üêõ Debug authentication flow issues
4. üõ†Ô∏è Generate working configuration
5. üöÄ Complete systematic real data integration

## üìä Current Status
**Audit Results**: ‚úÖ All pages found (11 service provider + 56 user pages)  
**Issue**: ‚ùå "Invalid API key" errors preventing user creation  
**Next**: üîß Diagnose and fix API authentication

## 1Ô∏è‚É£ Environment Setup and Import Libraries

Let's start by importing the required libraries and setting up our environment for testing Supabase connectivity.

In [None]:
// Import required libraries
const { createClient } = require('@supabase/supabase-js');
const fs = require('fs');
const path = require('path');
require('dotenv').config();

console.log('üîß Setting up Supabase diagnostics...');
console.log('üì¶ Libraries loaded successfully');

// Display current working directory and environment file location
console.log('üìç Current directory:', process.cwd());
console.log('üìÑ Looking for .env file:', path.join(process.cwd(), '.env'));
console.log('üìÑ .env file exists:', fs.existsSync('.env'));

## 2Ô∏è‚É£ Load and Validate Environment Variables

Now let's load our environment variables and validate that all required Supabase keys are present and properly formatted.

In [None]:
// Load and validate environment variables
console.log('üîç ENVIRONMENT VARIABLE VALIDATION');
console.log('=====================================');

const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL;
const anonKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY;
const serviceKey = process.env.SUPABASE_SERVICE_ROLE_KEY;

console.log('üìç Supabase URL:', supabaseUrl || '‚ùå MISSING');
console.log('üîë Anon Key Length:', anonKey ? `‚úÖ ${anonKey.length} chars` : '‚ùå MISSING');
console.log('üîê Service Key Length:', serviceKey ? `‚úÖ ${serviceKey.length} chars` : '‚ùå MISSING');

// Validate key formats (JWT tokens should start with 'eyJ')
console.log('\nüîç KEY FORMAT VALIDATION:');
console.log('Anon Key Format:', anonKey && anonKey.startsWith('eyJ') ? '‚úÖ Valid JWT' : '‚ùå Invalid format');
console.log('Service Key Format:', serviceKey && serviceKey.startsWith('eyJ') ? '‚úÖ Valid JWT' : '‚ùå Invalid format');

// Check for required environment variables
const requiredVars = {
  'NEXT_PUBLIC_SUPABASE_URL': supabaseUrl,
  'NEXT_PUBLIC_SUPABASE_ANON_KEY': anonKey,
  'SUPABASE_SERVICE_ROLE_KEY': serviceKey
};

let missingVars = [];
for (const [key, value] of Object.entries(requiredVars)) {
  if (!value) {
    missingVars.push(key);
  }
}

if (missingVars.length > 0) {
  console.log('\n‚ùå MISSING VARIABLES:', missingVars);
} else {
  console.log('\n‚úÖ All required environment variables are present');
}

## 3Ô∏è‚É£ Test Supabase Connection

Let's create Supabase client instances and test basic connectivity with both anon and service role keys.

In [None]:
// Test Supabase Connection
async function testSupabaseConnection() {
  console.log('\nüîó SUPABASE CONNECTION TESTS');
  console.log('==============================');

  // Test 1: Anonymous client
  console.log('\nüìã Test 1: Anonymous Client');
  try {
    const anonClient = createClient(supabaseUrl, anonKey);
    const { data, error } = await anonClient.auth.getSession();
    
    if (error) {
      console.log('‚ùå Anonymous client error:', error.message);
    } else {
      console.log('‚úÖ Anonymous client: Connection successful');
    }
  } catch (err) {
    console.log('‚ùå Anonymous client exception:', err.message);
  }

  // Test 2: Service role client
  console.log('\nüìã Test 2: Service Role Client');
  try {
    const serviceClient = createClient(supabaseUrl, serviceKey, {
      auth: {
        autoRefreshToken: false,
        persistSession: false
      }
    });
    
    // Try a simple query that should work with service role
    const { data, error } = await serviceClient
      .from('auth.users')
      .select('count')
      .limit(1);
      
    if (error) {
      console.log('‚ùå Service client error:', error.message);
      console.log('üîç Error details:', error);
    } else {
      console.log('‚úÖ Service client: Connection successful');
    }
  } catch (err) {
    console.log('‚ùå Service client exception:', err.message);
  }

  // Test 3: Try accessing system tables
  console.log('\nüìã Test 3: System Table Access');
  try {
    const serviceClient = createClient(supabaseUrl, serviceKey, {
      auth: {
        autoRefreshToken: false,
        persistSession: false
      }
    });
    
    // Try to access information_schema which should always exist
    const { data, error } = await serviceClient.rpc('version');
      
    if (error) {
      console.log('‚ùå System access error:', error.message);
    } else {
      console.log('‚úÖ System access: Working');
      console.log('üìä Database version info available');
    }
  } catch (err) {
    console.log('‚ùå System access exception:', err.message);
  }
}

// Run the tests
testSupabaseConnection().catch(console.error);

## 4Ô∏è‚É£ Verify API Key Format and Permissions

Let's decode the JWT tokens to check their validity, expiration dates, and role permissions.

In [None]:
// JWT Token Analysis
function analyzeJWT(token, tokenName) {
  console.log(`\nüîç ANALYZING ${tokenName}:`);
  console.log('=' .repeat(40));
  
  if (!token) {
    console.log('‚ùå Token is missing');
    return null;
  }
  
  try {
    // JWT tokens have 3 parts separated by dots
    const parts = token.split('.');
    if (parts.length !== 3) {
      console.log('‚ùå Invalid JWT format (should have 3 parts)');
      return null;
    }
    
    // Decode the payload (second part)
    const payload = JSON.parse(Buffer.from(parts[1], 'base64').toString());
    
    console.log('‚úÖ JWT Format: Valid');
    console.log('üìä Issuer:', payload.iss);
    console.log('üîë Role:', payload.role);
    console.log('üÜî Reference:', payload.ref);
    
    // Check expiration
    if (payload.exp) {
      const expiryDate = new Date(payload.exp * 1000);
      const now = new Date();
      const isExpired = expiryDate < now;
      
      console.log('üìÖ Issued:', new Date(payload.iat * 1000).toISOString());
      console.log('‚è∞ Expires:', expiryDate.toISOString());
      console.log('üïê Status:', isExpired ? '‚ùå EXPIRED' : '‚úÖ Valid');
      
      if (isExpired) {
        console.log('üö® TOKEN HAS EXPIRED - This is likely the cause of "Invalid API key" errors');
      }
    }
    
    return payload;
  } catch (error) {
    console.log('‚ùå Error decoding JWT:', error.message);
    return null;
  }
}

// Analyze both tokens
console.log('\nüîê JWT TOKEN ANALYSIS');
console.log('=====================');

const anonPayload = analyzeJWT(anonKey, 'ANON KEY');
const servicePayload = analyzeJWT(serviceKey, 'SERVICE ROLE KEY');

// Summary
console.log('\nüìã SUMMARY:');
console.log('============');
if (anonPayload && servicePayload) {
  console.log('‚úÖ Both tokens have valid JWT format');
  
  // Check if they're from the same project
  if (anonPayload.ref === servicePayload.ref) {
    console.log('‚úÖ Both tokens are from the same Supabase project');
  } else {
    console.log('‚ùå Tokens are from different projects!');
  }
} else {
  console.log('‚ùå One or both tokens have invalid format');
}

## 5Ô∏è‚É£ Debug Authentication Flow

Let's test different authentication methods to identify exactly where the failure occurs.

In [None]:
// Debug Authentication Flow
async function debugAuthFlow() {
  console.log('\nüêõ AUTHENTICATION FLOW DEBUGGING');
  console.log('==================================');
  
  // Test 1: Basic URL connectivity
  console.log('\nüìã Test 1: URL Connectivity');
  try {
    const response = await fetch(`${supabaseUrl}/rest/v1/`, {
      method: 'GET',
      headers: {
        'apikey': anonKey,
        'Authorization': `Bearer ${anonKey}`
      }
    });
    
    console.log('üåê HTTP Status:', response.status);
    console.log('üåê Status Text:', response.statusText);
    
    if (response.status === 200) {
      console.log('‚úÖ Basic URL connectivity: Working');
    } else if (response.status === 401) {
      console.log('‚ùå Authentication failed - API key issue confirmed');
    } else {
      console.log('‚ö†Ô∏è Unexpected response status');
    }
  } catch (error) {
    console.log('‚ùå Network error:', error.message);
  }
  
  // Test 2: Service role access
  console.log('\nüìã Test 2: Service Role Access');
  try {
    const response = await fetch(`${supabaseUrl}/rest/v1/`, {
      method: 'GET',
      headers: {
        'apikey': serviceKey,
        'Authorization': `Bearer ${serviceKey}`
      }
    });
    
    console.log('üåê HTTP Status:', response.status);
    console.log('üåê Status Text:', response.statusText);
    
    if (response.status === 200) {
      console.log('‚úÖ Service role access: Working');
    } else if (response.status === 401) {
      console.log('‚ùå Service role authentication failed');
    } else {
      console.log('‚ö†Ô∏è Unexpected response status');
    }
  } catch (error) {
    console.log('‚ùå Service role network error:', error.message);
  }
  
  // Test 3: Check if project is paused
  console.log('\nüìã Test 3: Project Status Check');
  try {
    const response = await fetch(`${supabaseUrl}/health`);
    console.log('üè• Health check status:', response.status);
    
    if (response.status === 200) {
      console.log('‚úÖ Project is active');
    } else {
      console.log('‚ö†Ô∏è Project may be paused or having issues');
    }
  } catch (error) {
    console.log('‚ùå Health check failed:', error.message);
  }
}

// Run authentication debugging
debugAuthFlow().catch(console.error);

## 6Ô∏è‚É£ Test Database Operations

Now let's test basic CRUD operations to see if the API keys have proper permissions for user creation and profile management.

In [None]:
// Test Database Operations
async function testDatabaseOperations() {
  console.log('\nüíæ DATABASE OPERATIONS TESTING');
  console.log('===============================');
  
  const serviceClient = createClient(supabaseUrl, serviceKey, {
    auth: {
      autoRefreshToken: false,
      persistSession: false
    }
  });
  
  // Test 1: Check if user_profiles table exists
  console.log('\nüìã Test 1: Check user_profiles table');
  try {
    const { data, error } = await serviceClient
      .from('user_profiles')
      .select('count')
      .limit(1);
      
    if (error) {
      console.log('‚ùå user_profiles access error:', error.message);
      console.log('üîç This indicates table doesn\'t exist or RLS policy issue');
    } else {
      console.log('‚úÖ user_profiles table is accessible');
    }
  } catch (err) {
    console.log('‚ùå user_profiles exception:', err.message);
  }
  
  // Test 2: Try creating a test user profile (safe test)
  console.log('\nüìã Test 2: Test user profile creation');
  try {
    const testProfile = {
      user_id: 'test-' + Date.now(),
      email: 'test@example.com',
      display_name: 'Test User',
      role: 'user'
    };
    
    const { data, error } = await serviceClient
      .from('user_profiles')
      .insert(testProfile)
      .select();
      
    if (error) {
      console.log('‚ùå Insert error:', error.message);
      console.log('üîç Error details:', error);
    } else {
      console.log('‚úÖ Test profile creation successful');
      
      // Clean up - delete the test profile
      await serviceClient
        .from('user_profiles')
        .delete()
        .eq('user_id', testProfile.user_id);
      console.log('üßπ Test profile cleaned up');
    }
  } catch (err) {
    console.log('‚ùå Profile creation exception:', err.message);
  }
  
  // Test 3: Check table schema
  console.log('\nüìã Test 3: Check table schemas');
  try {
    const { data, error } = await serviceClient.rpc('get_schema_version');
    
    if (error && error.message.includes('function') && error.message.includes('does not exist')) {
      console.log('‚ö†Ô∏è Custom functions not available - normal for basic setup');
    } else if (error) {
      console.log('‚ùå Schema check error:', error.message);
    } else {
      console.log('‚úÖ Database schema accessible');
    }
  } catch (err) {
    console.log('‚ö†Ô∏è Schema check not available:', err.message);
  }
}

// Run database operations test
testDatabaseOperations().catch(console.error);

## 7Ô∏è‚É£ Generate Working Configuration & Fix

Based on our diagnostics, let's create the proper fix for the API key issues and complete our 100% real Supabase integration.

In [None]:
// SOLUTION: API Key Fix and Database Setup
async function generateSolution() {
  console.log('\nüîß SOLUTION GENERATION');
  console.log('=====================');
  
  console.log('\nüìã DIAGNOSIS SUMMARY:');
  console.log('1. Audit scripts: ‚úÖ Working perfectly (67 pages found)');
  console.log('2. Environment: ‚úÖ Variables loaded correctly');
  console.log('3. API Keys: ‚ùå Invalid/expired service role key');
  console.log('4. Database: ‚ùì Need to verify table setup');
  
  console.log('\nüõ†Ô∏è REQUIRED FIXES:');
  console.log('==================');
  
  console.log('\n1Ô∏è‚É£ UPDATE API KEYS:');
  console.log('   ‚Ä¢ Go to: https://supabase.com/dashboard/project/lqhopwohuddhapkhhikf/settings/api');
  console.log('   ‚Ä¢ Copy new service_role key');
  console.log('   ‚Ä¢ Update SUPABASE_SERVICE_ROLE_KEY in .env');
  
  console.log('\n2Ô∏è‚É£ SETUP DATABASE TABLES:');
  console.log('   ‚Ä¢ Go to: https://supabase.com/dashboard/project/lqhopwohuddhapkhhikf/sql');
  console.log('   ‚Ä¢ Run: database/complete_schema.sql');
  console.log('   ‚Ä¢ Run: database/migrations/comprehensive_real_data.sql');
  
  console.log('\n3Ô∏è‚É£ CREATE DEMO USERS:');
  console.log('   ‚Ä¢ Run: node create-comprehensive-demo-users.js');
  console.log('   ‚Ä¢ Run: node create-demo-users-manual.js');
  
  console.log('\n4Ô∏è‚É£ VERIFY INTEGRATION:');
  console.log('   ‚Ä¢ Run: node test-supabase-connection.js');
  console.log('   ‚Ä¢ Run: node check-current-schema.js');
  
  console.log('\nüéØ EXPECTED RESULT: 100% Real Supabase Integration');
  console.log('‚úÖ All 67 pages with live database connections');
  console.log('‚úÖ Working user authentication and profiles');
  console.log('‚úÖ Real construction marketplace data');
  console.log('‚úÖ Production-ready platform');
}

generateSolution().catch(console.error);

console.log('\nüöÄ NEXT: Run the notebook cells above to diagnose, then follow the solution steps!');