feat: allow cron-secret to invoke company-coverage scan with service role
This commit is contained in:
@@ -1,5 +1,6 @@
|
|||||||
import { NextRequest, NextResponse } from 'next/server';
|
import { NextRequest, NextResponse } from 'next/server';
|
||||||
import { createClient } from '@/lib/supabase/server';
|
import { createClient } from '@/lib/supabase/server';
|
||||||
|
import { createAdminClient } from '@/lib/supabase/admin';
|
||||||
import { hybridAI } from '@/lib/ai/hybridRouter';
|
import { hybridAI } from '@/lib/ai/hybridRouter';
|
||||||
|
|
||||||
// ─── Pen name rotation ────────────────────────────────────────────────────────
|
// ─── Pen name rotation ────────────────────────────────────────────────────────
|
||||||
@@ -110,7 +111,12 @@ export async function GET(request: NextRequest) {
|
|||||||
// ─── POST ─────────────────────────────────────────────────────────────────────
|
// ─── POST ─────────────────────────────────────────────────────────────────────
|
||||||
export async function POST(request: NextRequest) {
|
export async function POST(request: NextRequest) {
|
||||||
try {
|
try {
|
||||||
const supabase = await createClient();
|
// Cron bypass: scheduled scans send x-cron-secret and run with service-role
|
||||||
|
// privileges (RLS bypass) so the scan can read/write admin-protected tables.
|
||||||
|
const cronSecret = request.headers.get('x-cron-secret');
|
||||||
|
const isCron =
|
||||||
|
!!process.env.CRON_SECRET && cronSecret === process.env.CRON_SECRET;
|
||||||
|
const supabase = isCron ? createAdminClient() : await createClient();
|
||||||
const body = await request.json();
|
const body = await request.json();
|
||||||
const { action } = body;
|
const { action } = body;
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user