fix: allow /admin/ paths through global JwtAuthGuard

Global JwtAuthGuard was blocking /admin/learning/* requests before AdminAuthGuard could process x-api-key. Now bypasses all /admin/* paths (not just /admin-api/*), letting controller-level admin auth handle those routes. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-06-18 18:58:56 +08:00 · 2026-06-18 18:58:56 +08:00 · bc11adfbac
commit bc11adfbac
parent ed2dcb02f6
1 changed files with 1 additions and 1 deletions
--- a/src/common/guards/jwt-auth.guard.ts
+++ b/src/common/guards/jwt-auth.guard.ts
@ -33,7 +33,7 @@ export class JwtAuthGuard implements CanActivate {
    const request = context.switchToHttp().getRequest<Request>();

    // Admin and internal routes use their own auth guards
-    if (request.path.startsWith('/admin-api') || request.path.startsWith('/internal')) {
+    if (request.path.startsWith('/admin') || request.path.startsWith('/internal')) {
      return true;
    }