From d60171d2927a1d9af5058b355f608795dbdc454f Mon Sep 17 00:00:00 2001 From: Stephanie Gredell Date: Mon, 8 Dec 2025 09:27:18 -0800 Subject: [PATCH] remove auth requirement on time limit read endpoint --- backend/src/routes/settings.routes.ts | 6 ++++-- backend/src/routes/wordGroups.routes.ts | 17 ++++++++--------- 2 files changed, 12 insertions(+), 11 deletions(-) diff --git a/backend/src/routes/settings.routes.ts b/backend/src/routes/settings.routes.ts index 24fcdd3..2e3f9ee 100644 --- a/backend/src/routes/settings.routes.ts +++ b/backend/src/routes/settings.routes.ts @@ -4,8 +4,10 @@ import { authMiddleware } from '../middleware/auth.js'; const router = Router(); -// Protected routes - only admins can get/set time limits -router.get('/time-limit', authMiddleware, getTimeLimit); +// Public route - anyone can read the time limit +router.get('/time-limit', getTimeLimit); + +// Protected route - only admins can set time limits router.put('/time-limit', authMiddleware, setTimeLimit); export default router; diff --git a/backend/src/routes/wordGroups.routes.ts b/backend/src/routes/wordGroups.routes.ts index 5689781..85a353e 100644 --- a/backend/src/routes/wordGroups.routes.ts +++ b/backend/src/routes/wordGroups.routes.ts @@ -11,20 +11,19 @@ import { authMiddleware } from '../middleware/auth.js'; const router = Router(); -// All routes require authentication -router.use(authMiddleware); - -// Word group routes (base routes first) +// Public route - anyone can read word groups router.get('/', getAllWordGroups); -router.post('/', createWordGroup); + +// Protected routes - only admins can create/update/delete +router.post('/', authMiddleware, createWordGroup); // Word routes - must come before generic :id routes // More specific routes first -router.post('/:groupId/words', addWord); -router.delete('/words/:wordId', deleteWord); +router.post('/:groupId/words', authMiddleware, addWord); +router.delete('/words/:wordId', authMiddleware, deleteWord); // Word group routes with IDs (generic routes last) -router.put('/:id', updateWordGroup); -router.delete('/:id', deleteWordGroup); +router.put('/:id', authMiddleware, updateWordGroup); +router.delete('/:id', authMiddleware, deleteWordGroup); export default router;