From bc11adfbac5b6b7708f11111b5b4f4cc81074a27 Mon Sep 17 00:00:00 2001
From: wangdl <wangdl@longde.cloud>
Date: Thu, 18 Jun 2026 18:58:56 +0800
Subject: [PATCH] fix: allow /admin/ paths through global JwtAuthGuard

Global JwtAuthGuard was blocking /admin/learning/* requests before
AdminAuthGuard could process x-api-key. Now bypasses all /admin/*
paths (not just /admin-api/*), letting controller-level admin auth
handle those routes.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 src/common/guards/jwt-auth.guard.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/common/guards/jwt-auth.guard.ts b/src/common/guards/jwt-auth.guard.ts
index 65dae14..297c755 100644
--- a/src/common/guards/jwt-auth.guard.ts
+++ b/src/common/guards/jwt-auth.guard.ts
@@ -33,7 +33,7 @@ export class JwtAuthGuard implements CanActivate {
     const request = context.switchToHttp().getRequest<Request>();
 
     // Admin and internal routes use their own auth guards
-    if (request.path.startsWith('/admin-api') || request.path.startsWith('/internal')) {
+    if (request.path.startsWith('/admin') || request.path.startsWith('/internal')) {
       return true;
     }