refactor: remove backend changes from dashboard PR

Backend CORS/CSRF changes moved to #92. Source registry removed (sources hardcoded in frontend). Co-authored-by: Ona <no-reply@ona.com>
fix: use useQuery instead of getQueryData
2026-03-25 11:21:17 +00:00 · 2026-03-23 00:23:11 +00:00 · 2026-03-23 00:17:33 +00:00 · 2026-03-23 00:14:59 +00:00
4 changed files with 4 additions and 61 deletions
--- a/.ona/automations.yaml
+++ b/.ona/automations.yaml
@@ -17,23 +17,3 @@ services:
        FORWARD_URL=$(gitpod environment port open 4983 --name drizzle-studio-server | sed 's|https://||')
        echo "Drizzle Studio: https://local.drizzle.studio/?host=${FORWARD_URL}&port=443"
        cd apps/aelis-backend && bunx drizzle-kit studio --host 0.0.0.0 --port 4983
-
-  aelis-backend:
-    name: Aelis Backend
-    description: Hono API server for aelis-backend (port 3000)
-    triggeredBy:
-      - manual
-    commands:
-      start: |
-        gitpod --context environment environment port open 3000 --name "Aelis Backend" --protocol https
-        cd apps/aelis-backend && bun run dev
-
-  admin-dashboard:
-    name: Admin Dashboard
-    description: Vite dev server for admin-dashboard (port 5174)
-    triggeredBy:
-      - manual
-    commands:
-      start: |
-        gitpod --context environment environment port open 5174 --name "Admin Dashboard" --protocol https
-        cd apps/admin-dashboard && bun run dev --host
--- a/apps/admin-dashboard/src/routes/_dashboard.tsx
+++ b/apps/admin-dashboard/src/routes/_dashboard.tsx
@@ -47,15 +47,10 @@ export const Route = createRoute({
  getParentRoute: () => rootRoute,
  id: "dashboard",
  beforeLoad: async ({ context }) => {
-    let session: Awaited<ReturnType<typeof getSession>> | null = null
-    try {
-      session = await context.queryClient.ensureQueryData({
-        queryKey: ["session"],
-        queryFn: getSession,
-      })
-    } catch {
-      throw redirect({ to: "/login" })
-    }
+    const session = await context.queryClient.ensureQueryData({
+      queryKey: ["session"],
+      queryFn: getSession,
+    })
    if (!session?.user) {
      throw redirect({ to: "/login" })
    }
--- a/apps/aelis-backend/src/auth/index.ts
+++ b/apps/aelis-backend/src/auth/index.ts
@@ -16,9 +16,6 @@ export function createAuth(db: Database) {
 			provider: "pg",
 			schema,
 		}),
-		advanced: {
-			disableCSRFCheck: process.env.NODE_ENV !== "production",
-		},
 		emailAndPassword: {
 			enabled: true,
 		},
--- a/apps/aelis-backend/src/server.ts
+++ b/apps/aelis-backend/src/server.ts
@@ -1,5 +1,4 @@
 import { Hono } from "hono"
-import { cors } from "hono/cors"

 import { registerAdminHttpHandlers } from "./admin/http.ts"
 import { createRequireAdmin } from "./auth/admin-middleware.ts"
@@ -51,34 +50,6 @@ function main() {

 	const app = new Hono()

-	const isDev = process.env.NODE_ENV !== "production"
-	const allowedOrigins = process.env.CORS_ORIGINS?.split(",").map((o) => o.trim()) ?? []
-
-	function resolveOrigin(origin: string): string | undefined {
-		if (isDev) return origin
-		return allowedOrigins.includes(origin) ? origin : undefined
-	}
-
-	app.use(
-		"/api/auth/*",
-		cors({
-			origin: resolveOrigin,
-			allowHeaders: ["Content-Type", "Authorization"],
-			allowMethods: ["POST", "GET", "OPTIONS"],
-			exposeHeaders: ["Content-Length"],
-			maxAge: 600,
-			credentials: true,
-		}),
-	)
-
-	app.use(
-		"*",
-		cors({
-			origin: resolveOrigin,
-			credentials: true,
-		}),
-	)
-
 	app.get("/health", (c) => c.json({ status: "ok" }))

 	const authSessionMiddleware = createRequireSession(auth)