Skip to content

Add requireAuth to unprotected API routes#15

Merged
kopahead merged 1 commit intomainfrom
fix/require-auth-middleware
Apr 26, 2026
Merged

Add requireAuth to unprotected API routes#15
kopahead merged 1 commit intomainfrom
fix/require-auth-middleware

Conversation

@kopahead
Copy link
Copy Markdown
Contributor

@kopahead kopahead commented Apr 26, 2026

Summary

  • Add requireAuth middleware to workspaces, conversations, connectors, and query routes
  • Replace manual JWT parsing in workspaces.ts and query.ts with c.get('user') from middleware
  • Remove dead code (unused JwtPayload and SessionPayload interfaces)

All four route modules were publicly accessible without authentication. Now they return 401 Not authenticated for unauthenticated requests.

Closes #14

Test plan

  • curl localhost:3001/api/workspaces returns 401
  • curl -X POST localhost:3001/api/workspaces/ws-demo/query returns 401
  • curl -X POST localhost:3001/api/connectors/mcp/test returns 401
  • Dashboard login + workspace list still works with valid session
  • pnpm test passes (19/19)

🤖 Generated with Claude Code

@kopahead @claude
Add requireAuth to workspaces, conversations, connectors, query routes
ba7ddf2 
These routes were publicly accessible without authentication. Now all
use the requireAuth middleware. Replaced manual JWT parsing in
workspaces.ts and query.ts with c.get('user') from the middleware.

Closes #14

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@kopahead kopahead merged commit f073d46 into main Apr 26, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add requireAuth middleware to unprotected API routes

1 participant

@kopahead