feat: allow cron-secret to invoke company-coverage scan with service role

This commit is contained in:
claude-code
2026-05-16 15:01:30 +00:00
parent 39311a4401
commit 82ae43ccf5

View File

@@ -1,5 +1,6 @@
import { NextRequest, NextResponse } from 'next/server';
import { createClient } from '@/lib/supabase/server';
import { createAdminClient } from '@/lib/supabase/admin';
import { hybridAI } from '@/lib/ai/hybridRouter';
// ─── Pen name rotation ────────────────────────────────────────────────────────
@@ -110,7 +111,12 @@ export async function GET(request: NextRequest) {
// ─── POST ─────────────────────────────────────────────────────────────────────
export async function POST(request: NextRequest) {
try {
const supabase = await createClient();
// Cron bypass: scheduled scans send x-cron-secret and run with service-role
// privileges (RLS bypass) so the scan can read/write admin-protected tables.
const cronSecret = request.headers.get('x-cron-secret');
const isCron =
!!process.env.CRON_SECRET && cronSecret === process.env.CRON_SECRET;
const supabase = isCron ? createAdminClient() : await createClient();
const body = await request.json();
const { action } = body;