feat: implement authenticated feed support across worker and web app

Wire up the full authenticated feeds pipeline:
- Worker resolves credentials from Supabase Vault for authenticated feeds
- Worker sets owner_id on entries for per-user dedup
- query_param auth now parses name=value format
- Add-feed dialog shows auth type + credential fields for pro/developer
- Subscribe mutation passes credentials to RPC
- Sidebar and settings show [auth] indicator for authenticated feeds

1 files changed, 16 insertions, 7 deletions

diff --git a/services/worker/internal/scheduler/refresh.go b/services/worker/internal/scheduler/refresh.go
index 229a20f..d1c5d26 100644
--- a/services/worker/internal/scheduler/refresh.go
+++ b/services/worker/internal/scheduler/refresh.go
@@ -27,16 +27,25 @@ func ProcessRefreshRequest(
 
 	var ownerIdentifier *string
 
+	authenticationConfig := fetcher.AuthenticationConfiguration{}
+
 	if feed.Visibility == "authenticated" {
-		logger.Warn(
-			"authenticated feed refresh not yet implemented",
-			"feed_identifier", feed.Identifier,
-		)
+		if feed.AuthenticationType == nil || feed.AuthenticationValue == nil {
+			logger.Warn(
+				"authenticated feed missing credentials, skipping",
+				"feed_identifier", feed.Identifier,
+			)
 
-		return
-	}
+			return
+		}
 
-	authenticationConfig := fetcher.AuthenticationConfiguration{}
+		authenticationConfig = fetcher.AuthenticationConfiguration{
+			AuthenticationType:  *feed.AuthenticationType,
+			AuthenticationValue: *feed.AuthenticationValue,
+		}
+
+		ownerIdentifier = feed.SubscriberUserIdentifier
+	}
 	entityTag := ""
 
 	if feed.EntityTag != nil {