fix: support both service role key and JWT token auth in shoprenter-sync #79

supabase/functions/shoprenter-sync/index.ts

@@ -233,7 +233,7 @@ serve(wrapHandler('shoprenter-sync', async (req) => {
   }
 
   try {
-    // Get user from authorization header
+    // Get authorization header
     const authHeader = req.headers.get('authorization')
     if (!authHeader) {
       return new Response(
@@ -244,17 +244,8 @@ serve(wrapHandler('shoprenter-sync', async (req) => {
 
     const token = authHeader.replace('Bearer ', '')
     const supabaseUrl = Deno.env.get('SUPABASE_URL')!
-    const supabaseKey = Deno.env.get('SUPABASE_ANON_KEY')!
-    const supabase = createClient(supabaseUrl, supabaseKey)
-
-    const { data: { user }, error: userError } = await supabase.auth.getUser(token)
-
-    if (userError || !user) {
-      return new Response(
-        JSON.stringify({ error: 'Invalid token' }),
-        { status: 401, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
-      )
-    }
+    const supabaseServiceKey = Deno.env.get('SUPABASE_SERVICE_ROLE_KEY')!
+    const supabaseAnonKey = Deno.env.get('SUPABASE_ANON_KEY')!
 
     // Get storeId from URL path
     const url = new URL(req.url)
@@ -268,12 +259,53 @@ serve(wrapHandler('shoprenter-sync', async (req) => {
       )
     }
 
-    // Verify store belongs to user
-    const { data: store, error: storeError } = await supabase
+    // Check if this is an internal call (service role key) or user call (JWT token)
+    const isInternalCall = token === supabaseServiceKey
+    let userId: string | null = null
+
+    if (isInternalCall) {
+      // Internal call from trigger-sync - use service role key to get store
+      console.log('[ShopRenter] Internal call detected, using service role key')
+      const supabaseAdmin = createClient(supabaseUrl, supabaseServiceKey)
+
+      const { data: store, error: storeError } = await supabaseAdmin
+        .from('stores')
+        .select('id, user_id, store_name, platform_name, store_url, qdrant_sync_enabled, data_access_permissions')
+        .eq('id', storeId)
+        .eq('platform_name', 'shoprenter')
+        .single()
+
+      if (storeError || !store) {
+        return new Response(
+          JSON.stringify({ error: 'Store not found' }),
+          { status: 404, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
+        )
+      }
+
+      userId = store.user_id
+    } else {
+      // User call - validate JWT token
+      console.log('[ShopRenter] User call detected, validating JWT token')
+      const supabase = createClient(supabaseUrl, supabaseAnonKey)
+      const { data: { user }, error: userError } = await supabase.auth.getUser(token)
+
+      if (userError || !user) {
+        return new Response(
+          JSON.stringify({ error: 'Invalid token' }),
+          { status: 401, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
+        )
+      }
+
+      userId = user.id
+    }
+
+    // Now fetch store with proper authorization
+    const supabaseAdmin = createClient(supabaseUrl, supabaseServiceKey)
+    const { data: store, error: storeError } = await supabaseAdmin
       .from('stores')
       .select('id, store_name, platform_name, store_url, qdrant_sync_enabled, data_access_permissions')
       .eq('id', storeId)
-      .eq('user_id', user.id)
+      .eq('user_id', userId)
       .eq('platform_name', 'shoprenter')
       .single()
 
@@ -310,8 +342,7 @@ serve(wrapHandler('shoprenter-sync', async (req) => {
       customers: { synced: 0, errors: 0 }
     }
 
-    const supabaseServiceKey = Deno.env.get('SUPABASE_SERVICE_ROLE_KEY')!
-    const supabaseAdmin = createClient(supabaseUrl, supabaseServiceKey)
+    // supabaseAdmin already created above, reuse it
 
     // Initialize Qdrant collections if enabled
     if (qdrantEnabled) {