Changelog Admin Authentication Stabilised

#Stable authentication for changelog admin

We fixed authentication issues that were blocking changelog updates for logged‑in admins. In some cases, the system incorrectly reported that the auth session was missing, even when the user was signed in.

The changelog admin now verifies identity using a combination of Supabase access tokens and a hardened server‑side check.

#Authorization header support

Admin requests to changelog APIs now support Authorization headers carrying Supabase Bearer tokens. This reduces reliance on cookie state and makes the authentication logic more explicit and debuggable.

The admin UI automatically attaches the correct token when saving or deleting entries.

#Graceful fallbacks and error states

If authentication fails, the system now returns clear errors and avoids partial writes. The admin UI surfaces these messages so you can quickly see whether the issue is related to login state, configuration, or permissions.

Improvements

• Fixed “Auth session missing” errors in changelog API routes
• Added Authorization header support for admin changelog endpoints
• Improved handling of expired or invalid sessions
• Added consistent logging across auth‑sensitive operations