fix(backend): remove dev auth bypass (#78)

Always register auth handlers and use requireSession regardless of NODE_ENV. Co-authored-by: Ona <no-reply@ona.com>
2026-03-20 00:51:20 +00:00 · 2026-03-16 00:12:11 +00:00
parent 0b51b97f6c
commit 9ac88d921c
1 changed files with 3 additions and 8 deletions
--- a/apps/aelis-backend/src/server.ts
+++ b/apps/aelis-backend/src/server.ts
@@ -2,7 +2,7 @@ import { LocationSource } from "@aelis/source-location"
 import { Hono } from "hono"

 import { registerAuthHandlers } from "./auth/http.ts"
-import { mockAuthSessionMiddleware, requireSession } from "./auth/session-middleware.ts"
+import { requireSession } from "./auth/session-middleware.ts"
 import { registerFeedHttpHandlers } from "./engine/http.ts"
 import { createFeedEnhancer } from "./enhancement/enhance-feed.ts"
 import { createLlmClient } from "./enhancement/llm-client.ts"
@@ -43,16 +43,11 @@ function main() {

 	app.get("/health", (c) => c.json({ status: "ok" }))

-	const isDev = process.env.NODE_ENV !== "production"
-	const authSessionMiddleware = isDev ? mockAuthSessionMiddleware("dev-user") : requireSession
-
-	if (!isDev) {
-		registerAuthHandlers(app)
-	}
+	registerAuthHandlers(app)

 	registerFeedHttpHandlers(app, {
 		sessionManager,
-		authSessionMiddleware,
+		authSessionMiddleware: requireSession,
 	})
 	registerLocationHttpHandlers(app, { sessionManager })