# Daily Digest Blog

Next.js App Router blog with Supabase-backed posts and an authenticated admin panel.

## Run locally

```bash
npm install
npm run dev
```

Dev server runs on `http://localhost:3002`.

## Environment variables

Set these in `.env.local`:

- `NEXT_PUBLIC_SUPABASE_URL`
- `NEXT_PUBLIC_SUPABASE_ANON_KEY`
- `SUPABASE_SERVICE_ROLE_KEY` (used by external scripts/tools if needed)
- `CRON_API_KEY`

## Public vs admin access

- Public blog (`/`) is open to everyone.
- Reading messages (`GET /api/messages`) is public.
- Admin UI (`/admin`) requires a signed-in Supabase user.
- If not signed in, `/admin` redirects to `/login`.
- Write APIs (`POST/DELETE /api/messages`) require either:
  - a valid Supabase user bearer token, or
  - `x-api-key: <CRON_API_KEY>` (for automation/cron).

## Login flow

1. Open `/login`
2. Sign in with a Supabase Auth email/password user
3. You are redirected to `/admin`

## Digest automation endpoint

- `POST /api/digest` requires `x-api-key: <CRON_API_KEY>`
- Used for cron-based digest publishing