fix: API authentication with RLS policies for stores query #20

- Fixed Edge Function to pass user's access token to Supabase client
- This ensures RLS policies work correctly with auth.uid()
- Resolves issue where newly added shops weren't visible on dashboard

supabase/functions/api/index.ts

@@ -15,10 +15,6 @@ serve(async (req) => {
     const url = new URL(req.url)
     const path = url.pathname.replace('/api/', '')
 
-    const supabaseUrl = Deno.env.get('SUPABASE_URL')!
-    const supabaseKey = Deno.env.get('SUPABASE_ANON_KEY')!
-    const supabase = createClient(supabaseUrl, supabaseKey)
-
     // Get user from authorization header
     const authHeader = req.headers.get('authorization')
     if (!authHeader) {
@@ -29,6 +25,19 @@ serve(async (req) => {
     }
 
     const token = authHeader.replace('Bearer ', '')
+
+    // Create Supabase client with the user's token for proper RLS
+    const supabaseUrl = Deno.env.get('SUPABASE_URL')!
+    const supabaseKey = Deno.env.get('SUPABASE_ANON_KEY')!
+    const supabase = createClient(supabaseUrl, supabaseKey, {
+      global: {
+        headers: {
+          Authorization: authHeader
+        }
+      }
+    })
+
+    // Verify the token and get user
     const { data: { user }, error: userError } = await supabase.auth.getUser(token)
 
     if (userError || !user) {