43 lines
1.0 KiB
Markdown
43 lines
1.0 KiB
Markdown
# Daily Digest Blog
|
|
|
|
Next.js App Router blog with Supabase-backed posts and an authenticated admin panel.
|
|
|
|
## Run locally
|
|
|
|
```bash
|
|
npm install
|
|
npm run dev
|
|
```
|
|
|
|
Dev server runs on `http://localhost:3002`.
|
|
|
|
## Environment variables
|
|
|
|
Set these in `.env.local`:
|
|
|
|
- `NEXT_PUBLIC_SUPABASE_URL`
|
|
- `NEXT_PUBLIC_SUPABASE_ANON_KEY`
|
|
- `SUPABASE_SERVICE_ROLE_KEY` (used by external scripts/tools if needed)
|
|
- `CRON_API_KEY`
|
|
|
|
## Public vs admin access
|
|
|
|
- Public blog (`/`) is open to everyone.
|
|
- Reading messages (`GET /api/messages`) is public.
|
|
- Admin UI (`/admin`) requires a signed-in Supabase user.
|
|
- If not signed in, `/admin` redirects to `/login`.
|
|
- Write APIs (`POST/DELETE /api/messages`) require either:
|
|
- a valid Supabase user bearer token, or
|
|
- `x-api-key: <CRON_API_KEY>` (for automation/cron).
|
|
|
|
## Login flow
|
|
|
|
1. Open `/login`
|
|
2. Sign in with a Supabase Auth email/password user
|
|
3. You are redirected to `/admin`
|
|
|
|
## Digest automation endpoint
|
|
|
|
- `POST /api/digest` requires `x-api-key: <CRON_API_KEY>`
|
|
- Used for cron-based digest publishing
|