Edge Functions

Supabase Edge Functions handle server-side logic in CHRIS.

Overview

Edge Functions are located in supabase/functions/ and run on Deno Deploy.

create-employee

Creates a new employee by setting up both the auth user and profile.

Endpoint

POST /functions/v1/create-employee

Headers

Authorization: Bearer <ADMIN_JWT_TOKEN>
Content-Type: application/json

Request Body

{
  "email": "john.doe@company.com",
  "full_name": "John Doe",
  "role": "employee",
  "team_id": "optional-team-uuid",
  "employment_start_date": "2025-02-01",
  "annual_entitlement_days": 20
}

Parameters

Response

Success (201):

{
  "success": true,
  "user_id": "new-user-uuid",
  "message": "Employee created successfully"
}

Error (400):

{
  "success": false,
  "error": "Email already exists"
}

Behavior

1. Validates admin JWT token
2. Creates user in Supabase Auth
3. Creates profile record
4. Assigns role in user_roles
5. Sends welcome email (if SMTP configured)

send-notification-email

Sends emails using SMTP settings from company_settings.

Endpoint

POST /functions/v1/send-notification-email

Headers

Authorization: Bearer <JWT_TOKEN>
Content-Type: application/json

Request Body

{
  "to": ["recipient@company.com"],
  "subject": "Leave Request Approved",
  "html": "<h1>Your leave has been approved</h1>",
  "text": "Your leave has been approved"
}

Parameters

Response

Success (200):

{
  "success": true,
  "message": "Email sent successfully"
}

Error (500):

{
  "success": false,
  "error": "SMTP connection failed"
}

Behavior

1. Validates JWT token
2. Retrieves SMTP settings from company_settings
3. Checks if email rerouting is enabled
4. Sends email via configured SMTP server
5. Returns success/failure status

Email Rerouting

When email_reroute_enabled is true in company_settings:

• All emails go to email_reroute_addresses instead
• Original recipients are ignored
• Useful for testing

reset-employee-password

Initiates password reset for an employee.

Endpoint

POST /functions/v1/reset-employee-password

Headers

Authorization: Bearer <ADMIN_JWT_TOKEN>
Content-Type: application/json

Request Body

{
  "user_id": "employee-user-uuid"
}

Parameters

Response

Success (200):

{
  "success": true,
  "message": "Password reset email sent"
}

Error (403):

{
  "success": false,
  "error": "Admin access required"
}

Behavior

1. Validates admin JWT token
2. Looks up employee email
3. Generates password reset link
4. Sends reset email to employee

Calling from Frontend

Use the Supabase client to invoke Edge Functions:

import { supabase } from '@/integrations/supabase/client';

// Create employee
const { data, error } = await supabase.functions.invoke('create-employee', {
  body: {
    email: 'new.employee@company.com',
    full_name: 'New Employee',
    role: 'employee'
  }
});

// Send notification
const { data, error } = await supabase.functions.invoke('send-notification-email', {
  body: {
    to: ['manager@company.com'],
    subject: 'New Leave Request',
    html: '<p>A new leave request requires your approval.</p>'
  }
});

// Reset password
const { data, error } = await supabase.functions.invoke('reset-employee-password', {
  body: {
    user_id: 'employee-uuid'
  }
});

Development

Local Development

# Start Supabase locally
npx supabase start

# Serve functions locally
npx supabase functions serve

Deploy Functions

# Deploy all functions
npx supabase functions deploy

# Deploy specific function
npx supabase functions deploy send-notification-email

View Logs

In Supabase Dashboard:

1. Go to Edge Functions
2. Select the function
3. Click Logs tab

Or via CLI:

npx supabase functions logs send-notification-email

Environment Variables

Edge Functions can access these secrets:

Set secrets via dashboard or CLI:

npx supabase secrets set MY_SECRET=value

Error Handling

All functions follow consistent error responses:

{
  "success": false,
  "error": "Error message here",
  "details": "Optional additional details"
}

HTTP status codes: