zhi/HarborForge.Backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(schedule-type): accept X-API-Key for CRUD #19

Merged
hzhang merged 1 commits from feat/schedule-type-apikey-auth into main 2026-05-22 18:36:21 +00:00
Conversation 0 Commits 1 Files Changed 1 +6 -6
hzhang commented 2026-05-22 18:36:15 +00:00
Contributor
Copy Link

/schedule-types/ router was the last surface still gated on get_current_user (JWT-only). The companion special-slot router (PR #18) used get_current_user_or_apikey, so admin had to DB-insert the schedule_type and then call API for the special slot — annoying asymmetry.

Swaps all 5 CRUD endpoints (list / create / patch / delete / assign-agent) to get_current_user_or_apikey so the same hzhang admin api_key works for both. /schedule-types/agent/me uses X-Agent-ID headers (not user auth), unchanged. JWT callers unaffected — the OR dependency tries api_key first then falls back to JWT.

🤖 Generated with Claude Code

`/schedule-types/` router was the last surface still gated on `get_current_user` (JWT-only). The companion special-slot router (PR #18) used `get_current_user_or_apikey`, so admin had to DB-insert the schedule_type and then call API for the special slot — annoying asymmetry. Swaps all 5 CRUD endpoints (list / create / patch / delete / assign-agent) to `get_current_user_or_apikey` so the same hzhang admin api_key works for both. `/schedule-types/agent/me` uses `X-Agent-ID` headers (not user auth), unchanged. JWT callers unaffected — the OR dependency tries api_key first then falls back to JWT. 🤖 Generated with [Claude Code](https://claude.com/claude-code)
hzhang added 1 commit 2026-05-22 18:36:16 +00:00
fix(schedule-type): accept X-API-Key for CRUD 8f3c69032f 
The /schedule-types/ router was the last surface still gated on
get_current_user (JWT-only). The companion special-slot router
(PR #18) used get_current_user_or_apikey, so the admin flow was:

  * create a schedule_type → DB direct insert (cli can't reach it)
  * add special slot via API → works

Swaps all 5 CRUD endpoints (list / create / patch / delete /
assign-agent) to get_current_user_or_apikey so the same hzhang
admin api_key that works for special-slot creation now works for
schedule_type creation too. /schedule-types/agent/me already uses
X-Agent-ID headers (not user auth), so no change there.

Existing JWT callers are unaffected — get_current_user_or_apikey
tries api_key first then falls back to JWT.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
hzhang merged commit a1049492e1 into main 2026-05-22 18:36:20 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
nav orion river zhi
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: zhi/HarborForge.Backend#19
Delete Branch "feat/schedule-type-apikey-auth"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?