dragonflight/services/mam-api/src/middleware/auth.js

/**
 * Authentication middleware.
 *
 * When AUTH_ENABLED=true in the environment, every protected route requires
 * an active session (set by POST /api/v1/auth/login).
 *
 * When AUTH_ENABLED is unset or any other value, the middleware is a no-op
 * so the stack can be deployed and tested without setting up users first.
 * Set AUTH_ENABLED=true in production after running POST /api/v1/auth/setup
 * to create the first admin account.
 */
export const requireAuth = (req, res, next) => {
  if (process.env.AUTH_ENABLED !== 'true') return next();
  if (!req.session || !req.session.userId) {
    return res.status(401).json({ error: 'Unauthorized' });
  }
  next();
};
fix(auth+bugs): optional auth bypass, login routes, conform column name, panel metadata fields, login page: auth.js 2026-05-15 23:40:10 -04:00			`/**`
			`* Authentication middleware.`
			`*`
			`* When AUTH_ENABLED=true in the environment, every protected route requires`
			`* an active session (set by POST /api/v1/auth/login).`
			`*`
			`* When AUTH_ENABLED is unset or any other value, the middleware is a no-op`
			`* so the stack can be deployed and tested without setting up users first.`
			`* Set AUTH_ENABLED=true in production after running POST /api/v1/auth/setup`
			`* to create the first admin account.`
			`*/`
add services/mam-api/src/middleware/auth.js 2026-04-07 21:58:26 -04:00			`export const requireAuth = (req, res, next) => {`
fix(auth+bugs): optional auth bypass, login routes, conform column name, panel metadata fields, login page: auth.js 2026-05-15 23:40:10 -04:00			`if (process.env.AUTH_ENABLED !== 'true') return next();`
add services/mam-api/src/middleware/auth.js 2026-04-07 21:58:26 -04:00			`if (!req.session \|\| !req.session.userId) {`
			`return res.status(401).json({ error: 'Unauthorized' });`
			`}`
			`next();`
			`};`