From 82ae43ccf5eab8a705b33f06366588b565901f64 Mon Sep 17 00:00:00 2001 From: claude-code Date: Sat, 16 May 2026 15:01:30 +0000 Subject: [PATCH] feat: allow cron-secret to invoke company-coverage scan with service role --- src/app/api/admin/company-coverage/route.ts | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/app/api/admin/company-coverage/route.ts b/src/app/api/admin/company-coverage/route.ts index 043b858..d8712cb 100644 --- a/src/app/api/admin/company-coverage/route.ts +++ b/src/app/api/admin/company-coverage/route.ts @@ -1,5 +1,6 @@ import { NextRequest, NextResponse } from 'next/server'; import { createClient } from '@/lib/supabase/server'; +import { createAdminClient } from '@/lib/supabase/admin'; import { hybridAI } from '@/lib/ai/hybridRouter'; // ─── Pen name rotation ──────────────────────────────────────────────────────── @@ -110,7 +111,12 @@ export async function GET(request: NextRequest) { // ─── POST ───────────────────────────────────────────────────────────────────── export async function POST(request: NextRequest) { try { - const supabase = await createClient(); + // Cron bypass: scheduled scans send x-cron-secret and run with service-role + // privileges (RLS bypass) so the scan can read/write admin-protected tables. + const cronSecret = request.headers.get('x-cron-secret'); + const isCron = + !!process.env.CRON_SECRET && cronSecret === process.env.CRON_SECRET; + const supabase = isCron ? createAdminClient() : await createClient(); const body = await request.json(); const { action } = body;