Fix setup wizard middleware and env gate#20
Merged
Conversation
Two fixes for the setup wizard first-run flow: 1. Added /api/setup and /api/admin to middleware public paths so unauthenticated requests reach the route handlers (which manage their own auth via requireAdmin discriminated union). 2. Relaxed envReady gate to not require JWT_SECRET, which is a Supabase-internal concern not exposed in local dev environments.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
/api/setupand/api/adminto middleware public paths so setup wizard API calls work without auth (route handlers manage their own auth viarequireAdmin())envReadygate: no longer requiresJWT_SECRETenv var, which is Supabase-internal and not exposed in local devTest plan