fix(pdf): let PdfService reach the export route past auth middleware #127

Merged

shad0w merged 1 commit from fix/pdf-export-middleware into master

2026-06-24 09:27:36 +00:00

Author	SHA1	Message	Date
Hardik	d1af1e6b12	fix(pdf): let PdfService reach the PO export route past auth middleware All checks were successful PR checks / checks (pull_request) Successful in 49s Details PR checks / integration (pull_request) Successful in 31s Details "Email PO to vendor" (issue #14) relies on PdfService fetching /api/po/<id>/export?...&svc=<token> WITHOUT a user session, authenticating with a `svc` token that matches PDF_SERVICE_TOKEN. The route handler validates that token, but the auth middleware runs first and its matcher doesn't exempt the export route — so every unauthenticated fetch was redirected to /login (307) and the svc bypass never executed. Net effect: the feature could never render a real PDF on any deployed env, even with the service configured. Fix: middleware now lets exactly `/api/po/<id>/export` through when its `svc` query param matches `process.env.PDF_SERVICE_TOKEN` (the route handler still re-validates it — defense in depth). Everything else stays auth-gated. The match lives in a dependency-free, edge-safe, unit-tested helper (lib/pdf-export-auth.ts); middleware already reads server env at runtime via auth()/NEXTAUTH_SECRET, so reading PDF_SERVICE_TOKEN there is consistent. Verified on a running build: correct svc + real PO -> 200, correct svc + bogus PO -> 404 (handler ran), wrong/no svc -> 307 (still gated). 324 unit tests green; tsc clean. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-24 14:55:40 +05:30

Author

SHA1

Message

Date

Hardik

d1af1e6b12

fix(pdf): let PdfService reach the PO export route past auth middleware

PR checks / checks (pull_request) Successful in 49s

Details

PR checks / integration (pull_request) Successful in 31s

Details

"Email PO to vendor" (issue #14) relies on PdfService fetching
/api/po/<id>/export?...&svc=<token> WITHOUT a user session, authenticating
with a `svc` token that matches PDF_SERVICE_TOKEN. The route handler validates
that token, but the auth middleware runs first and its matcher doesn't exempt
the export route — so every unauthenticated fetch was redirected to /login
(307) and the svc bypass never executed. Net effect: the feature could never
render a real PDF on any deployed env, even with the service configured.

Fix: middleware now lets exactly `/api/po/<id>/export` through when its `svc`
query param matches `process.env.PDF_SERVICE_TOKEN` (the route handler still
re-validates it — defense in depth). Everything else stays auth-gated. The
match lives in a dependency-free, edge-safe, unit-tested helper
(lib/pdf-export-auth.ts); middleware already reads server env at runtime via
auth()/NEXTAUTH_SECRET, so reading PDF_SERVICE_TOKEN there is consistent.

Verified on a running build: correct svc + real PO -> 200, correct svc + bogus
PO -> 404 (handler ran), wrong/no svc -> 307 (still gated). 324 unit tests
green; tsc clean.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-24 14:55:40 +05:30