Commit 793ff97e authored by Mahmoud Aglan's avatar Mahmoud Aglan

fix: use service key for tournaments and leaderboard queries (RLS bypass)

Co-Authored-By: 's avatarClaude Opus 4.6 <noreply@anthropic.com>
parent b9932348
......@@ -18,6 +18,6 @@ if (!in_array($mode, $validModes)) {
}
$orderField = 'elo_' . $mode;
$res = supabase_rest('GET', "profiles?select=id,username,display_name,elo_blitz,elo_rapid,elo_bullet&order={$orderField}.desc&limit=50", [], $token);
$res = supabase_rest('GET', "profiles?select=id,username,display_name,elo_blitz,elo_rapid,elo_bullet&order={$orderField}.desc&limit=50", [], SUPABASE_SERVICE_KEY);
echo json_encode(['players' => $res['data'] ?? []]);
......@@ -17,7 +17,7 @@ if ($method === 'GET') {
$id = $_GET['id'] ?? null;
if ($id) {
$res = supabase_rest('GET', "tournaments?id=eq.{$id}&select=*", [], $token);
$res = supabase_rest('GET', "tournaments?id=eq.{$id}&select=*", [], SUPABASE_SERVICE_KEY);
$tournament = ($res['status'] === 200 && !empty($res['data'])) ? $res['data'][0] : null;
$standings = [];
......@@ -32,7 +32,7 @@ if ($method === 'GET') {
echo json_encode(['tournament' => $tournament, 'standings' => $standings]);
} else {
$res = supabase_rest('GET', 'tournaments?select=*&order=created_at.desc&limit=30', [], $token);
$res = supabase_rest('GET', 'tournaments?select=*&order=created_at.desc&limit=30', [], SUPABASE_SERVICE_KEY);
echo json_encode(['tournaments' => $res['data'] ?? []]);
}
} elseif ($method === 'POST') {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment