malty/ca-grow-ops-manager
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: Skip JWT auth for edge device endpoints
Some checks are pending
Test / backend-test (push) Waiting to run
Details
Test / frontend-test (push) Waiting to run
Details

Browse source
This commit is contained in:
fullsizemalt 2026-01-06 00:43:24 -08:00
parent 14e76f2cdf
commit 55bdef78e4
1 changed files with 11 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
backend/src/routes/environment.routes.ts
View file

@ -40,8 +40,15 @@ const profileSchema = z.object({
});
export async function environmentRoutes(fastify: FastifyInstance) {
// Auth middleware
fastify.addHook('onRequest', async (request) => {
// Auth middleware - skip for edge device endpoints (they use API key auth)
const edgeEndpoints = ['/heartbeat', '/ingest'];
fastify.addHook('onRequest', async (request, reply) => {
// Skip JWT for edge device endpoints
const path = request.url.split('?')[0];
if (edgeEndpoints.some(ep => path.endsWith(ep))) {
return; // Edge endpoints handle their own auth
}
try {
await request.jwtVerify();
} catch (err) {
@ -491,10 +498,12 @@ export async function environmentRoutes(fastify: FastifyInstance) {
*/
fastify.post('/heartbeat', {
preHandler: async (request, reply) => {
// For demo: Accept any Bearer token (no validation)
const authHeader = request.headers.authorization;
if (!authHeader?.startsWith('Bearer ')) {
return reply.status(401).send({ error: 'API key required' });
}
// TODO: In production, validate API key against registered edge devices
},
handler: async (request, reply) => {
try {