From 55bdef78e4754a7c904e94b30b04b62997cc9587 Mon Sep 17 00:00:00 2001
From: fullsizemalt <106900403+fullsizemalt@users.noreply.github.com>
Date: Tue, 6 Jan 2026 00:43:24 -0800
Subject: [PATCH] fix: Skip JWT auth for edge device endpoints

---
 backend/src/routes/environment.routes.ts | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/backend/src/routes/environment.routes.ts b/backend/src/routes/environment.routes.ts
index 3b74edb..165eb93 100644
--- a/backend/src/routes/environment.routes.ts
+++ b/backend/src/routes/environment.routes.ts
@@ -40,8 +40,15 @@ const profileSchema = z.object({
 });
 
 export async function environmentRoutes(fastify: FastifyInstance) {
-    // Auth middleware
-    fastify.addHook('onRequest', async (request) => {
+    // Auth middleware - skip for edge device endpoints (they use API key auth)
+    const edgeEndpoints = ['/heartbeat', '/ingest'];
+    fastify.addHook('onRequest', async (request, reply) => {
+        // Skip JWT for edge device endpoints
+        const path = request.url.split('?')[0];
+        if (edgeEndpoints.some(ep => path.endsWith(ep))) {
+            return; // Edge endpoints handle their own auth
+        }
+
         try {
             await request.jwtVerify();
         } catch (err) {
@@ -491,10 +498,12 @@ export async function environmentRoutes(fastify: FastifyInstance) {
      */
     fastify.post('/heartbeat', {
         preHandler: async (request, reply) => {
+            // For demo: Accept any Bearer token (no validation)
             const authHeader = request.headers.authorization;
             if (!authHeader?.startsWith('Bearer ')) {
                 return reply.status(401).send({ error: 'API key required' });
             }
+            // TODO: In production, validate API key against registered edge devices
         },
         handler: async (request, reply) => {
             try {