Commit af58cbf5 authored by Mahmoud Aglan's avatar Mahmoud Aglan

fix: image upload — add apikey header + public URL with anon key

Upload was failing because:
1. Missing 'apikey' header on PUT request to Supabase Storage
2. Public URL needs ?apikey= query param for this Supabase instance

Fixed:
- Added 'apikey: SERVICE_KEY' header to upload curl request
- Public URL now includes anon key: .../branding/slot.ext?apikey=ANON_KEY
- Browser can load the image directly from this URL
- Survives deploys (stored in Supabase Storage, URL in platform_assets)
Co-Authored-By: 's avatarClaude Opus 4.6 <noreply@anthropic.com>
parent badef7ea
...@@ -79,6 +79,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['asset'])) { ...@@ -79,6 +79,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['asset'])) {
curl_setopt($ch, CURLOPT_POSTFIELDS, $fileContent); curl_setopt($ch, CURLOPT_POSTFIELDS, $fileContent);
$mimeTypes = ['svg' => 'image/svg+xml', 'png' => 'image/png', 'jpg' => 'image/jpeg', 'jpeg' => 'image/jpeg', 'webp' => 'image/webp', 'gif' => 'image/gif']; $mimeTypes = ['svg' => 'image/svg+xml', 'png' => 'image/png', 'jpg' => 'image/jpeg', 'jpeg' => 'image/jpeg', 'webp' => 'image/webp', 'gif' => 'image/gif'];
curl_setopt($ch, CURLOPT_HTTPHEADER, [ curl_setopt($ch, CURLOPT_HTTPHEADER, [
'apikey: ' . SUPABASE_SERVICE_KEY,
'Authorization: Bearer ' . SUPABASE_SERVICE_KEY, 'Authorization: Bearer ' . SUPABASE_SERVICE_KEY,
'Content-Type: ' . ($mimeTypes[$ext] ?? 'application/octet-stream'), 'Content-Type: ' . ($mimeTypes[$ext] ?? 'application/octet-stream'),
'x-upsert: true' 'x-upsert: true'
...@@ -89,8 +90,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['asset'])) { ...@@ -89,8 +90,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['asset'])) {
curl_close($ch); curl_close($ch);
if ($httpCode >= 200 && $httpCode < 300) { if ($httpCode >= 200 && $httpCode < 300) {
// Public URL for the uploaded asset // Public URL with anon key for browser access
$publicUrl = SUPABASE_URL . '/storage/v1/object/public/profile-images/' . $fileName; $anonKey = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoiYW5vbiIsImlzcyI6InN1cGFiYXNlIiwiaWF0IjoxNzM1Njg5NjAwLCJleHAiOjE4OTM0NTYwMDB9.31PF6PvP-pSrvRuQwLFptQoejR0W1A7o53lZhEbnz84';
$publicUrl = SUPABASE_URL . '/storage/v1/object/public/profile-images/' . $fileName . '?apikey=' . $anonKey;
$theme['assets'][$slot] = $publicUrl; $theme['assets'][$slot] = $publicUrl;
// Save asset URL to Supabase platform_assets table // Save asset URL to Supabase platform_assets table
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment