fix: correct admin path bypass in global JwtAuthGuard

request.path includes the global 'api' prefix, so /admin/learning routes appear as /api/admin/learning. Bypass /api/admin in addition to existing /admin-api and /internal paths. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-06-18 19:00:38 +08:00 · 2026-06-18 19:00:38 +08:00 · 04da939a22
commit 04da939a22
parent bc11adfbac
1 changed files with 1 additions and 1 deletions
--- a/src/common/guards/jwt-auth.guard.ts
+++ b/src/common/guards/jwt-auth.guard.ts
@ -33,7 +33,7 @@ export class JwtAuthGuard implements CanActivate {
    const request = context.switchToHttp().getRequest<Request>();

    // Admin and internal routes use their own auth guards
-    if (request.path.startsWith('/admin') || request.path.startsWith('/internal')) {
+    if (request.path.startsWith('/api/admin') || request.path.startsWith('/admin-api') || request.path.startsWith('/internal')) {
      return true;
    }