Commit ffa99eb9 authored by Mahmoud Aglan's avatar Mahmoud Aglan

fix: daily reward collect button — use service key for profile PATCH

The PATCH to profiles was using user token which fails due to RLS.
Now uses SUPABASE_SERVICE_KEY. Also fixed system_config query auth.
Co-Authored-By: 's avatarClaude Opus 4.6 <noreply@anthropic.com>
parent 2e195ca1
......@@ -34,7 +34,7 @@ if ($method === 'POST') {
$streak = ($lastClaim === $yesterday) ? ($profile['daily_streak'] ?? 0) + 1 : 1;
// Load reward config from system_config
$cfgRes = supabase_rest('GET', 'system_config?select=key,value&key=in.(daily_reward_base,daily_reward_streak_bonus)');
$cfgRes = supabase_rest('GET', 'system_config?select=key,value&key=in.(daily_reward_base,daily_reward_streak_bonus)', [], SUPABASE_SERVICE_KEY);
$rewardBase = 50;
$rewardBonus = 10;
if (!empty($cfgRes['data'])) {
......@@ -69,7 +69,7 @@ if ($method === 'POST') {
$profileUpdate['coins'] = $newCoins;
}
supabase_rest('PATCH', "profiles?id=eq.{$profile['id']}", $profileUpdate, $token);
supabase_rest('PATCH', "profiles?id=eq.{$profile['id']}", $profileUpdate, SUPABASE_SERVICE_KEY);
// Log economy_transaction for daily reward coins
supabase_rest('POST', 'economy_transactions', [
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment