diff --git a/supabase/functions/process-selective-approval/index.ts b/supabase/functions/process-selective-approval/index.ts index cf5889dc..c9b838e8 100644 --- a/supabase/functions/process-selective-approval/index.ts +++ b/supabase/functions/process-selective-approval/index.ts @@ -68,15 +68,46 @@ serve(async (req) => { }); // Verify JWT and get authenticated user + console.log('🔍 [AUTH DEBUG] Attempting getUser()...', { + hasAuthHeader: !!authHeader, + authHeaderLength: authHeader?.length, + authHeaderPrefix: authHeader?.substring(0, 20) + '...', + supabaseUrl, + timestamp: new Date().toISOString() + }); + const { data: { user }, error: authError } = await supabaseAuth.auth.getUser(); + + console.log('🔍 [AUTH DEBUG] getUser() result:', { + hasUser: !!user, + userId: user?.id, + userEmail: user?.email, + hasError: !!authError, + errorMessage: authError?.message, + errorName: authError?.name, + errorStatus: authError?.status, + errorCode: authError?.code + }); + if (authError || !user) { - console.error('Auth verification failed:', authError); + console.error('❌ [AUTH DEBUG] Auth verification failed:', { + error: authError, + errorDetails: JSON.stringify(authError), + authHeaderPresent: !!authHeader, + authHeaderSample: authHeader?.substring(0, 30) + '...' + }); return new Response( - JSON.stringify({ error: 'Invalid authentication token.' }), + JSON.stringify({ + error: 'Invalid authentication token.', + details: authError?.message || 'No user found', + code: authError?.code + }), { status: 401, headers: { ...corsHeaders, 'Content-Type': 'application/json' } } ); } + console.log('✅ [AUTH DEBUG] Authentication successful for user:', user.id); + // SECURITY NOTE: Service role key used later in this function // Reason: Need to bypass RLS to write approved changes to entity tables // (parks, rides, companies, ride_models) which have RLS policies