Commit 793ff97e authored by Mahmoud Aglan's avatar Mahmoud Aglan

fix: use service key for tournaments and leaderboard queries (RLS bypass)

Co-Authored-By: 's avatarClaude Opus 4.6 <noreply@anthropic.com>
parent b9932348
...@@ -18,6 +18,6 @@ if (!in_array($mode, $validModes)) { ...@@ -18,6 +18,6 @@ if (!in_array($mode, $validModes)) {
} }
$orderField = 'elo_' . $mode; $orderField = 'elo_' . $mode;
$res = supabase_rest('GET', "profiles?select=id,username,display_name,elo_blitz,elo_rapid,elo_bullet&order={$orderField}.desc&limit=50", [], $token); $res = supabase_rest('GET', "profiles?select=id,username,display_name,elo_blitz,elo_rapid,elo_bullet&order={$orderField}.desc&limit=50", [], SUPABASE_SERVICE_KEY);
echo json_encode(['players' => $res['data'] ?? []]); echo json_encode(['players' => $res['data'] ?? []]);
...@@ -17,7 +17,7 @@ if ($method === 'GET') { ...@@ -17,7 +17,7 @@ if ($method === 'GET') {
$id = $_GET['id'] ?? null; $id = $_GET['id'] ?? null;
if ($id) { if ($id) {
$res = supabase_rest('GET', "tournaments?id=eq.{$id}&select=*", [], $token); $res = supabase_rest('GET', "tournaments?id=eq.{$id}&select=*", [], SUPABASE_SERVICE_KEY);
$tournament = ($res['status'] === 200 && !empty($res['data'])) ? $res['data'][0] : null; $tournament = ($res['status'] === 200 && !empty($res['data'])) ? $res['data'][0] : null;
$standings = []; $standings = [];
...@@ -32,7 +32,7 @@ if ($method === 'GET') { ...@@ -32,7 +32,7 @@ if ($method === 'GET') {
echo json_encode(['tournament' => $tournament, 'standings' => $standings]); echo json_encode(['tournament' => $tournament, 'standings' => $standings]);
} else { } else {
$res = supabase_rest('GET', 'tournaments?select=*&order=created_at.desc&limit=30', [], $token); $res = supabase_rest('GET', 'tournaments?select=*&order=created_at.desc&limit=30', [], SUPABASE_SERVICE_KEY);
echo json_encode(['tournaments' => $res['data'] ?? []]); echo json_encode(['tournaments' => $res['data'] ?? []]);
} }
} elseif ($method === 'POST') { } elseif ($method === 'POST') {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment