feat(backend): bypass auth in development (#62)

Use mockAuthSessionMiddleware with a fully populated dev user when NODE_ENV is not production. Auth handlers are only registered in production. Co-authored-by: Ona <no-reply@ona.com>
2026-03-20 17:11:17 +00:00 · 2026-03-11 00:21:34 +00:00
parent 34ead53e1d
commit 805e4f2bc6
2 changed files with 38 additions and 6 deletions
--- a/apps/aelis-backend/src/server.ts
+++ b/apps/aelis-backend/src/server.ts
@@ -2,7 +2,7 @@ import { LocationSource } from "@aelis/source-location"
 import { Hono } from "hono"

 import { registerAuthHandlers } from "./auth/http.ts"
-import { requireSession } from "./auth/session-middleware.ts"
+import { mockAuthSessionMiddleware, requireSession } from "./auth/session-middleware.ts"
 import { createFeedEnhancer } from "./enhancement/enhance-feed.ts"
 import { createLlmClient } from "./enhancement/llm-client.ts"
 import { registerFeedHttpHandlers } from "./feed/http.ts"
@@ -43,10 +43,16 @@ function main() {

 	app.get("/health", (c) => c.json({ status: "ok" }))

-	registerAuthHandlers(app)
+	const isDev = process.env.NODE_ENV !== "production"
+	const authSessionMiddleware = isDev ? mockAuthSessionMiddleware("dev-user") : requireSession
+
+	if (!isDev) {
+		registerAuthHandlers(app)
+	}
+
 	registerFeedHttpHandlers(app, {
 		sessionManager,
-		authSessionMiddleware: requireSession,
+		authSessionMiddleware,
 	})
 	registerLocationHttpHandlers(app, { sessionManager })