Expose public content

maparent · maparent · commit 56bd94d804af · 2026-06-06T12:11:55.000-04:00
diff --git a/apps/website/app/api/content/[space_id]/[resource_id]/route.ts b/apps/website/app/api/content/[space_id]/[resource_id]/route.ts
@@ -1,5 +1,6 @@
 import { NextResponse, NextRequest } from "next/server";
 import { createClient } from "~/utils/supabase/server";
+import { createClientAdmin } from "~/utils/supabase/serverAdmin";
 import { asPostgrestFailure } from "@repo/database/lib/contextFunctions";
 import {
   defaultOptionsHandler,
@@ -51,7 +52,7 @@ export const GET = async (
     );
   }
   const supabase = await createClient();
-  const spaceResponse = await supabase
+  let spaceResponse = await supabase
     .from("Space")
     .select()
     .eq("id", spaceIdN)
@@ -60,12 +61,21 @@ export const GET = async (
     return createApiResponse(request, spaceResponse);
   }
   if (!spaceResponse.data) {
-    // consideration: We may not see it because we don't have access,
-    // so it would be worth re-fetching as superuser to see if I should redirect to login.
-    return createApiResponse(
-      request,
-      asPostgrestFailure("Space not found", "401", 401),
-    );
+    // We may not see it because we don't have access, try as admin
+    const supabaseAdmin = createClientAdmin();
+    spaceResponse = await supabaseAdmin
+      .from("Space")
+      .select()
+      .eq("id", spaceIdN)
+      .maybeSingle();
+    if (spaceResponse.error) {
+      return createApiResponse(request, spaceResponse);
+    }
+    if (!spaceResponse.data)
+      return createApiResponse(
+        request,
+        asPostgrestFailure("Please login", "401", 401),
+      );
   }
   const space: Space = spaceResponse.data;
   const conceptResponse = await supabase
diff --git a/apps/website/app/utils/supabase/serverAdmin.ts b/apps/website/app/utils/supabase/serverAdmin.ts
@@ -0,0 +1,17 @@
+import { createClient } from "@supabase/supabase-js";
+import type { Database } from "@repo/database/dbTypes";
+import { envContents } from "@repo/database/dbDotEnv";
+
+// This is a supabase client with admin rights. Use sparingly.
+export const createClientAdmin = () => {
+  const dbEnv = envContents();
+  const supabaseUrl = dbEnv.SUPABASE_URL;
+  const supabaseKey = dbEnv.SUPABASE_SECRET_KEY;
+
+  if (!supabaseUrl || !supabaseKey) {
+    throw new Error("Missing required Supabase environment variables");
+  }
+
+  // following https://supabase.com/docs/guides/auth/server-side/creating-a-client?queryGroups=environment&environment=server
+  return createClient<Database>(supabaseUrl, supabaseKey);
+};
