fix(pitch-deck): allow admin sessions to access investor routes
All checks were successful
Build pitch-deck / build-push-deploy (push) Successful in 1m3s
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / test-go-consent (push) Successful in 30s
CI / test-python-voice (push) Successful in 30s
CI / test-bqas (push) Successful in 34s
All checks were successful
Build pitch-deck / build-push-deploy (push) Successful in 1m3s
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / test-go-consent (push) Successful in 30s
CI / test-python-voice (push) Successful in 30s
CI / test-bqas (push) Successful in 34s
Admins in preview mode can now use /api/chat and other investor endpoints without needing a separate investor login. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
@@ -67,6 +67,17 @@ export async function middleware(request: NextRequest) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// ----- Allow admins to access investor routes (e.g. /api/chat in preview) -----
|
||||||
|
const adminFallback = request.cookies.get('pitch_admin_session')?.value
|
||||||
|
if (adminFallback && secret) {
|
||||||
|
try {
|
||||||
|
await jwtVerify(adminFallback, new TextEncoder().encode(secret), { audience: ADMIN_AUDIENCE })
|
||||||
|
return NextResponse.next()
|
||||||
|
} catch {
|
||||||
|
// Invalid admin token, fall through to investor auth
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// ----- Investor-gated routes (everything else) -----
|
// ----- Investor-gated routes (everything else) -----
|
||||||
const token = request.cookies.get('pitch_session')?.value
|
const token = request.cookies.get('pitch_session')?.value
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user