fix(pitch-deck): allow admin sessions to access investor routes
All checks were successful
Build pitch-deck / build-push-deploy (push) Successful in 1m3s
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / test-go-consent (push) Successful in 30s
CI / test-python-voice (push) Successful in 30s
CI / test-bqas (push) Successful in 34s
All checks were successful
Build pitch-deck / build-push-deploy (push) Successful in 1m3s
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / test-go-consent (push) Successful in 30s
CI / test-python-voice (push) Successful in 30s
CI / test-bqas (push) Successful in 34s
Admins in preview mode can now use /api/chat and other investor endpoints without needing a separate investor login. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
@@ -67,6 +67,17 @@ export async function middleware(request: NextRequest) {
|
||||
}
|
||||
}
|
||||
|
||||
// ----- Allow admins to access investor routes (e.g. /api/chat in preview) -----
|
||||
const adminFallback = request.cookies.get('pitch_admin_session')?.value
|
||||
if (adminFallback && secret) {
|
||||
try {
|
||||
await jwtVerify(adminFallback, new TextEncoder().encode(secret), { audience: ADMIN_AUDIENCE })
|
||||
return NextResponse.next()
|
||||
} catch {
|
||||
// Invalid admin token, fall through to investor auth
|
||||
}
|
||||
}
|
||||
|
||||
// ----- Investor-gated routes (everything else) -----
|
||||
const token = request.cookies.get('pitch_session')?.value
|
||||
|
||||
|
||||
Reference in New Issue
Block a user