- Applied strict RLS and auth validation to tracking/credit services
- Set Service Worker to Network First to fix mobile session/loading issues
- Expanded Gemini analysis summary to show distilled/bottled/batch info
- Updated SQL schema document with hardening policies
The admin_users policy was checking if user is admin by querying
the same table, causing infinite recursion. Changed to allow users
to view their own admin record directly using auth.uid() = user_id.
This fixes the error: 'infinite recursion detected in policy for
relation admin_users'
- Added database schema for API tracking system:
* api_usage table - tracks all Google Search and Gemini AI calls
* user_credits table - prepared for future credits system
* admin_users table - controls admin dashboard access
- Created comprehensive tracking service (track-api-usage.ts):
* trackApiUsage() - records API calls with success/failure
* checkDailyLimit() - enforces 80 Google Search calls/day limit
* getUserApiStats() - per-user statistics
* getGlobalApiStats() - app-wide statistics (admin only)
* checkIsAdmin() - server-side authorization
- Integrated tracking into discover-whiskybase.ts:
* Pre-call limit checking with friendly error messages
* Post-call usage tracking for success and failures
* User authentication verification
- Built admin dashboard at /admin:
* Global statistics cards (total, today, by API type)
* Top 10 users by API usage
* Recent activity log with 50 latest calls
* Color-coded status indicators
* Secure access with RLS policies
- Features:
* Daily limit resets at midnight Europe/Berlin timezone
* Graceful error handling (allows on tracking failure)
* Comprehensive indexes for fast queries
* Ready for future credits/monetization system
