Commit ffa99eb9 authored by Mahmoud Aglan's avatar Mahmoud Aglan

fix: daily reward collect button — use service key for profile PATCH

The PATCH to profiles was using user token which fails due to RLS.
Now uses SUPABASE_SERVICE_KEY. Also fixed system_config query auth.
Co-Authored-By: 's avatarClaude Opus 4.6 <noreply@anthropic.com>
parent 2e195ca1
...@@ -34,7 +34,7 @@ if ($method === 'POST') { ...@@ -34,7 +34,7 @@ if ($method === 'POST') {
$streak = ($lastClaim === $yesterday) ? ($profile['daily_streak'] ?? 0) + 1 : 1; $streak = ($lastClaim === $yesterday) ? ($profile['daily_streak'] ?? 0) + 1 : 1;
// Load reward config from system_config // Load reward config from system_config
$cfgRes = supabase_rest('GET', 'system_config?select=key,value&key=in.(daily_reward_base,daily_reward_streak_bonus)'); $cfgRes = supabase_rest('GET', 'system_config?select=key,value&key=in.(daily_reward_base,daily_reward_streak_bonus)', [], SUPABASE_SERVICE_KEY);
$rewardBase = 50; $rewardBase = 50;
$rewardBonus = 10; $rewardBonus = 10;
if (!empty($cfgRes['data'])) { if (!empty($cfgRes['data'])) {
...@@ -69,7 +69,7 @@ if ($method === 'POST') { ...@@ -69,7 +69,7 @@ if ($method === 'POST') {
$profileUpdate['coins'] = $newCoins; $profileUpdate['coins'] = $newCoins;
} }
supabase_rest('PATCH', "profiles?id=eq.{$profile['id']}", $profileUpdate, $token); supabase_rest('PATCH', "profiles?id=eq.{$profile['id']}", $profileUpdate, SUPABASE_SERVICE_KEY);
// Log economy_transaction for daily reward coins // Log economy_transaction for daily reward coins
supabase_rest('POST', 'economy_transactions', [ supabase_rest('POST', 'economy_transactions', [
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment