From ec233f7b37ca45c59863e790aee72f811ec654f3 Mon Sep 17 00:00:00 2001 From: Huang Xin Date: Mon, 15 Sep 2025 04:08:22 +0800 Subject: [PATCH] fix(sync): resolve issue where invalid tokens were occasionally used with the storage API (#2041) --- apps/readest-app/src/pages/api/storage/delete.ts | 4 ++-- apps/readest-app/src/pages/api/storage/download.ts | 4 ++-- apps/readest-app/src/pages/api/storage/upload.ts | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/apps/readest-app/src/pages/api/storage/delete.ts b/apps/readest-app/src/pages/api/storage/delete.ts index b89d66bd..c29f95bf 100644 --- a/apps/readest-app/src/pages/api/storage/delete.ts +++ b/apps/readest-app/src/pages/api/storage/delete.ts @@ -1,6 +1,6 @@ import type { NextApiRequest, NextApiResponse } from 'next'; import { corsAllMethods, runMiddleware } from '@/utils/cors'; -import { createSupabaseClient } from '@/utils/supabase'; +import { createSupabaseAdminClient } from '@/utils/supabase'; import { validateUserAndToken } from '@/utils/access'; import { deleteObject } from '@/utils/object'; @@ -23,7 +23,7 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse) return res.status(400).json({ error: 'Missing or invalid fileKey' }); } - const supabase = createSupabaseClient(token); + const supabase = createSupabaseAdminClient(); const { data: fileRecord, error: fileError } = await supabase .from('files') .select('user_id, id') diff --git a/apps/readest-app/src/pages/api/storage/download.ts b/apps/readest-app/src/pages/api/storage/download.ts index 93e47003..00d04ee2 100644 --- a/apps/readest-app/src/pages/api/storage/download.ts +++ b/apps/readest-app/src/pages/api/storage/download.ts @@ -1,5 +1,5 @@ import type { NextApiRequest, NextApiResponse } from 'next'; -import { createSupabaseClient } from '@/utils/supabase'; +import { createSupabaseAdminClient } from '@/utils/supabase'; import { corsAllMethods, runMiddleware } from '@/utils/cors'; import { getDownloadSignedUrl } from '@/utils/object'; import { validateUserAndToken } from '@/utils/access'; @@ -24,7 +24,7 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse) } // Verify the file belongs to the user - const supabase = createSupabaseClient(token); + const supabase = createSupabaseAdminClient(); const result = await supabase .from('files') .select('user_id, file_key') diff --git a/apps/readest-app/src/pages/api/storage/upload.ts b/apps/readest-app/src/pages/api/storage/upload.ts index f21bec3a..3ef1b15c 100644 --- a/apps/readest-app/src/pages/api/storage/upload.ts +++ b/apps/readest-app/src/pages/api/storage/upload.ts @@ -1,5 +1,5 @@ import type { NextApiRequest, NextApiResponse } from 'next'; -import { createSupabaseClient } from '@/utils/supabase'; +import { createSupabaseAdminClient } from '@/utils/supabase'; import { corsAllMethods, runMiddleware } from '@/utils/cors'; import { getStoragePlanData, @@ -32,7 +32,7 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse) } const fileKey = `${user.id}/${fileName}`; - const supabase = createSupabaseClient(token); + const supabase = createSupabaseAdminClient(); const { data: existingRecord, error: fetchError } = await supabase .from('files') .select('*')