Skip to content

Fix inconsistent auth guard usage across API routes #47

Description

@nisshchayarathi

Summary
Some routes may rely on UI gating instead of server-side auth checks. Audit and ensure server-side enforcement.

Acceptance criteria

  • Audit app/api/** for missing requireAuth.
  • Add auth guard to user-specific routes.
  • Add tests or a small checklist note in docs.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingsecurity

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions