Skip to content

fix: add optionalAuth to public pages and fix Addie content creation#770

Merged
bokelley merged 1 commit into
mainfrom
bokelley/fix-insights-auth
Jan 14, 2026
Merged

fix: add optionalAuth to public pages and fix Addie content creation#770
bokelley merged 1 commit into
mainfrom
bokelley/fix-insights-auth

Conversation

@bokelley

Copy link
Copy Markdown
Contributor

Summary

  • Add optionalAuth middleware to /latest/* routes so users show as logged in
  • Add optionalAuth middleware to /events/* routes for same reason
  • Extract proposeContentForUser function from HTTP route handler
  • Update Addie's propose_content tool to call function directly instead of HTTP
  • This fixes silent content creation failures caused by 401 Unauthorized errors

Background

  1. Users were not showing as logged in on public pages (/latest/research, /events) because those routes didn't have optionalAuth middleware
  2. Addie's content creation was silently failing because callApi made HTTP requests without proper auth headers, resulting in 401 errors

Implementation

The direct function call approach is more secure than adding ADMIN_API_KEY to internal HTTP requests:

  • No admin credentials exposed
  • Works within the same process
  • Uses proper user context for authorization checks

Uses dynamic import to avoid pulling auth.ts at module load time which affected test suite initialization.

Test plan

  • Build passes
  • All 241 tests pass
  • Verified with Vibium that logged-in status shows correctly on /latest/research

🤖 Generated with Claude Code

- Add optionalAuth middleware to /latest/* routes so users show as logged in
- Add optionalAuth middleware to /events/* routes for same reason
- Extract proposeContentForUser function from HTTP route handler
- Update Addie's propose_content tool to call function directly instead of HTTP
- This fixes silent content creation failures caused by 401 Unauthorized errors

The direct function call approach is more secure than adding ADMIN_API_KEY
to internal HTTP requests, and avoids the auth header complexity entirely.

Uses dynamic import to avoid pulling auth.ts at module load time which
affected test suite initialization.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@bokelley bokelley merged commit 8cc54ef into main Jan 14, 2026
6 checks passed
bokelley added a commit that referenced this pull request Jan 16, 2026
…770)

- Add optionalAuth middleware to /latest/* routes so users show as logged in
- Add optionalAuth middleware to /events/* routes for same reason
- Extract proposeContentForUser function from HTTP route handler
- Update Addie's propose_content tool to call function directly instead of HTTP
- This fixes silent content creation failures caused by 401 Unauthorized errors

The direct function call approach is more secure than adding ADMIN_API_KEY
to internal HTTP requests, and avoids the auth header complexity entirely.

Uses dynamic import to avoid pulling auth.ts at module load time which
affected test suite initialization.

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
bokelley added a commit that referenced this pull request Jan 20, 2026
…770)

- Add optionalAuth middleware to /latest/* routes so users show as logged in
- Add optionalAuth middleware to /events/* routes for same reason
- Extract proposeContentForUser function from HTTP route handler
- Update Addie's propose_content tool to call function directly instead of HTTP
- This fixes silent content creation failures caused by 401 Unauthorized errors

The direct function call approach is more secure than adding ADMIN_API_KEY
to internal HTTP requests, and avoids the auth header complexity entirely.

Uses dynamic import to avoid pulling auth.ts at module load time which
affected test suite initialization.

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant