Fix: Use admin client for audit logging to ensure logs are written even without user session

2025-12-03 23:09:30 +03:00
parent f1e68f75aa
commit 2ed5b1b48c
1 changed files with 21 additions and 5 deletions
--- a/src/lib/logger.ts
+++ b/src/lib/logger.ts
@@ -1,4 +1,5 @@
 import { createClient } from "@/lib/supabase/server"
+import { createAdminClient } from "@/lib/supabase/admin"

 export async function logAction(
    action: string,
@@ -9,15 +10,30 @@ export async function logAction(
    const supabase = await createClient()
    const { data: { user } } = await supabase.auth.getUser()

-    console.log('Current user for audit log:', user?.id)
-    if (!user) {
-        console.error('No user found for audit log')
+    // Use admin client to bypass RLS policies for insertion
+    const adminClient = await createAdminClient()
+
+    if (!adminClient) {
+        console.error("Admin client not available for logging. Check SUPABASE_SERVICE_ROLE_KEY.")
+        // Fallback to regular client if admin not available (might fail due to RLS)
+        try {
+            const { error } = await supabase.from('audit_logs').insert({
+                user_id: user?.id, // Might fail if user is null and RLS requires auth
+                action,
+                entity_type: entityType,
+                entity_id: entityId,
+                details,
+            })
+            if (error) console.error("Audit log error (fallback):", error)
+        } catch (err) {
+            console.error("Audit log exception (fallback):", err)
+        }
        return
    }

    try {
-        const { error } = await supabase.from('audit_logs').insert({
-            user_id: user.id,
+        const { error } = await adminClient.from('audit_logs').insert({
+            user_id: user?.id || null, // Allow null user_id if action is anonymous/system
            action,
            entity_type: entityType,
            entity_id: entityId,