valknar/sexy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: forward session token in admin SSR load functions

Browse Source 
Admin list queries (users, videos, articles) were using getGraphQLClient
without auth credentials, causing silent 403s on server-side loads. Now
extract session_token cookie and pass it to getAuthClient so the backend
sees the admin session on SSR requests.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Sebastian Krüger
2026-03-06 12:56:47 +01:00
parent ad7ceee5f8
commit ebab3405b1
6 changed files with 24 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
packages/frontend/src/lib/services.ts
View File

@@ -1033,11 +1033,13 @@ const ADMIN_LIST_USERS_QUERY = gql`
export async function adminListUsers(
opts: { role?: string; search?: string; limit?: number; offset?: number } = {},
fetchFn?: typeof globalThis.fetch,
token?: string,
) {
return loggedApiCall(
"adminListUsers",
async () => {
const data = await getGraphQLClient(fetchFn).request<{
const client = token ? getAuthClient(token, fetchFn) : getGraphQLClient(fetchFn);
const data = await client.request<{
adminListUsers: { total: number; items: User[] };
}>(ADMIN_LIST_USERS_QUERY, opts);
return data.adminListUsers;
@@ -1142,9 +1144,10 @@ const ADMIN_LIST_VIDEOS_QUERY = gql`
}
`;
export async function adminListVideos(fetchFn?: typeof globalThis.fetch) {
export async function adminListVideos(fetchFn?: typeof globalThis.fetch, token?: string) {
return loggedApiCall("adminListVideos", async () => {
const data = await getGraphQLClient(fetchFn).request<{ adminListVideos: Video[] }>(
const client = token ? getAuthClient(token, fetchFn) : getGraphQLClient(fetchFn);
const data = await client.request<{ adminListVideos: Video[] }>(
ADMIN_LIST_VIDEOS_QUERY,
);
return data.adminListVideos;
@@ -1318,9 +1321,10 @@ const ADMIN_LIST_ARTICLES_QUERY = gql`
}
`;
export async function adminListArticles(fetchFn?: typeof globalThis.fetch) {
export async function adminListArticles(fetchFn?: typeof globalThis.fetch, token?: string) {
return loggedApiCall("adminListArticles", async () => {
const data = await getGraphQLClient(fetchFn).request<{ adminListArticles: Article[] }>(
const client = token ? getAuthClient(token, fetchFn) : getGraphQLClient(fetchFn);
const data = await client.request<{ adminListArticles: Article[] }>(
ADMIN_LIST_ARTICLES_QUERY,
);
return data.adminListArticles;