fix bug in auth;

Oreolion · Oreolion · commit efc90c33cb4c · 2026-02-23T10:55:04.000-08:00
diff --git a/app/api/stories/feed/route.ts b/app/api/stories/feed/route.ts
@@ -0,0 +1,42 @@
+// app/api/stories/feed/route.ts
+import { NextRequest, NextResponse } from "next/server";
+import { createSupabaseAdminClient } from "@/app/utils/supabase/supabaseAdmin";
+
+/**
+ * GET /api/stories/feed — Fetch public stories feed with author info (bypasses RLS)
+ * No auth required — this is public content.
+ */
+export async function GET(req: NextRequest) {
+  try {
+    const admin = createSupabaseAdminClient();
+
+    const { data, error } = await admin
+      .from("stories")
+      .select(
+        `
+        id, numeric_id, title, content, created_at, likes, comments_count, shares,
+        has_audio, audio_url, mood, tags, paywall_amount, teaser, is_public,
+        author:users!stories_author_wallet_fkey (
+          id, name, username, avatar, wallet_address, followers_count, badges
+        )
+      `
+      )
+      .order("created_at", { ascending: false });
+
+    if (error) {
+      console.error("[API /stories/feed] fetch error:", error);
+      return NextResponse.json(
+        { error: "Failed to fetch feed" },
+        { status: 500 }
+      );
+    }
+
+    return NextResponse.json({ stories: data || [] });
+  } catch (err: unknown) {
+    console.error("[API /stories/feed] unexpected error:", err);
+    return NextResponse.json(
+      { error: "Internal server error" },
+      { status: 500 }
+    );
+  }
+}
diff --git a/app/api/stories/route.ts b/app/api/stories/route.ts
@@ -1,7 +1,7 @@
 // app/api/stories/route.ts
 import { NextRequest, NextResponse } from "next/server";
 import { createSupabaseAdminClient } from "@/app/utils/supabase/supabaseAdmin";
-import { validateAuthOrReject, isAuthError } from "@/lib/auth";
+import { validateAuthOrReject, isAuthError, resolveUserId } from "@/lib/auth";
 
 /**
  * GET /api/stories — Fetch authenticated user's own stories (bypasses RLS)
@@ -10,14 +10,15 @@ export async function GET(req: NextRequest) {
   try {
     const authResult = await validateAuthOrReject(req);
     if (isAuthError(authResult)) return authResult;
-    const authenticatedUserId = authResult;
+    // Resolve JWT user ID → users table ID (wallet users may differ)
+    const userId = await resolveUserId(authResult);
 
     const admin = createSupabaseAdminClient();
 
     const { data, error } = await admin
       .from("stories")
       .select("*")
-      .eq("author_id", authenticatedUserId)
+      .eq("author_id", userId)
       .order("story_date", { ascending: false });
 
     if (error) {
diff --git a/app/social/SocialPageClient.tsx b/app/social/SocialPageClient.tsx
@@ -114,31 +114,41 @@ export default function SocialPage() {
 
   // --- Fetch Data ---
   useEffect(() => {
-    if (!supabase) {
-      setIsLoading(false);
-      return;
-    }
-
     const fetchSupabaseData = async () => {
       setIsLoading(true);
       try {
-        // 1. Fetch ALL stories (public feed)
-        const { data, error } = await supabase
-          .from("stories")
-          .select(
+        // 1. Fetch ALL stories via API route (bypasses RLS, uses admin client)
+        let data: any[] = [];
+        try {
+          const res = await fetch("/api/stories/feed");
+          if (res.ok) {
+            const json = await res.json();
+            data = json.stories || [];
+          }
+        } catch {
+          // API route failed — try direct Supabase as fallback
+        }
+
+        // Fallback: direct Supabase query (may fail for wallet users due to RLS)
+        if (data.length === 0 && supabase) {
+          const { data: directData, error } = await supabase
+            .from("stories")
+            .select(
+              `
+              id, numeric_id, title, content, created_at, likes, comments_count, shares, has_audio, audio_url, mood, tags, paywall_amount, teaser,
+              author:users!stories_author_wallet_fkey (
+                id, name, username, avatar, wallet_address, followers_count, badges
+              )
             `
-            id, numeric_id, title, content, created_at, likes, comments_count, shares, has_audio, audio_url, mood, tags, paywall_amount, teaser,
-            author:users!stories_author_wallet_fkey (
-              id, name, username, avatar, wallet_address, followers_count, badges
             )
-          `
-          )
-          .order("created_at", { ascending: false });
+            .order("created_at", { ascending: false });
 
-        if (error) throw error;
+          if (error) throw error;
+          data = directData || [];
+        }
 
-        // 2. Filter out stories with missing authors (data integrity)
-        const validStories = (data?.filter((s) => s.author) as any[]) || [];
+        // 2. Filter out stories with missing authors (data integrity) and non-public
+        const validStories = (data?.filter((s: any) => s.author) as any[]) || [];
 
         // 3. Collect unique author wallet addresses for follow status check
         const authorWallets = [
@@ -232,7 +242,7 @@ export default function SocialPage() {
     };
 
     fetchSupabaseData();
-  }, [supabase, address]);
+  }, [address]);
 
   // --- Event Handlers ---
 
