From 9529dd340e0d8dff2e4bacd6282a298ba477db69 Mon Sep 17 00:00:00 2001
From: "gpt-engineer-app[bot]"
 <159125892+gpt-engineer-app[bot]@users.noreply.github.com>
Date: Sun, 2 Nov 2025 02:39:31 +0000
Subject: [PATCH] Fix admin delete user unauthorized error

---
 supabase/config.toml                          |  3 +++
 supabase/functions/admin-delete-user/index.ts | 15 ++++++++-------
 2 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/supabase/config.toml b/supabase/config.toml
index 54d81fd5..12aa1bea 100644
--- a/supabase/config.toml
+++ b/supabase/config.toml
@@ -1,5 +1,8 @@
 project_id = "ydvtmnrszybqnbcqbdcy"
 
+[functions.admin-delete-user]
+verify_jwt = true
+
 [functions.send-password-added-email]
 verify_jwt = true
 
diff --git a/supabase/functions/admin-delete-user/index.ts b/supabase/functions/admin-delete-user/index.ts
index e3c841e1..bec05753 100644
--- a/supabase/functions/admin-delete-user/index.ts
+++ b/supabase/functions/admin-delete-user/index.ts
@@ -43,16 +43,12 @@ Deno.serve(async (req) => {
       );
     }
 
-    // Create client with user's JWT for permission checks
-    const supabase = createClient(supabaseUrl, Deno.env.get('SUPABASE_ANON_KEY')!, {
-      global: { headers: { authorization: authHeader } }
-    });
-
     // Create admin client for privileged operations
     const supabaseAdmin = createClient(supabaseUrl, supabaseServiceKey);
 
-    // Get current user
-    const { data: { user }, error: userError } = await supabase.auth.getUser();
+    // Get current user - extract token and verify
+    const token = authHeader.replace('Bearer ', '');
+    const { data: { user }, error: userError } = await supabaseAdmin.auth.getUser(token);
     if (userError || !user) {
       edgeLogger.warn('Failed to get user', { 
         requestId: tracking.requestId,
@@ -68,6 +64,11 @@ Deno.serve(async (req) => {
         { status: 401, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
       );
     }
+    
+    // Create client with user's JWT for MFA checks
+    const supabase = createClient(supabaseUrl, Deno.env.get('SUPABASE_ANON_KEY')!, {
+      global: { headers: { Authorization: authHeader } }
+    });
 
     const adminUserId = user.id;