remove auth requirement on time limit read endpoint

1 month ago · d60171d292
2 changed files with 12 additions and 11 deletions
--- a/backend/src/routes/settings.routes.ts
+++ b/backend/src/routes/settings.routes.ts
@ -4,8 +4,10 @@ import { authMiddleware } from '../middleware/auth.js';
 const router = Router();
-// Protected routes - only admins can get/set time limits
+// Public route - anyone can read the time limit
-router.get('/time-limit', authMiddleware, getTimeLimit);
+router.get('/time-limit', getTimeLimit);
 // Protected route - only admins can set time limits
 router.put('/time-limit', authMiddleware, setTimeLimit);
 export default router;
--- a/backend/src/routes/wordGroups.routes.ts
+++ b/backend/src/routes/wordGroups.routes.ts
@ -11,20 +11,19 @@ import { authMiddleware } from '../middleware/auth.js';
 const router = Router();
-// All routes require authentication
+// Public route - anyone can read word groups
 router.use(authMiddleware);
 // Word group routes (base routes first)
 router.get('/', getAllWordGroups);
-router.post('/', createWordGroup);
+
 // Protected routes - only admins can create/update/delete
 router.post('/', authMiddleware, createWordGroup);
 // Word routes - must come before generic :id routes
 // More specific routes first
-router.post('/:groupId/words', addWord);
+router.post('/:groupId/words', authMiddleware, addWord);
-router.delete('/words/:wordId', deleteWord);
+router.delete('/words/:wordId', authMiddleware, deleteWord);
 // Word group routes with IDs (generic routes last)
-router.put('/:id', updateWordGroup);
+router.put('/:id', authMiddleware, updateWordGroup);
-router.delete('/:id', deleteWordGroup);
+router.delete('/:id', authMiddleware, deleteWordGroup);
 export default router;