remove auth requirement on time limit read endpoint

1 month ago · d60171d292
2 changed files with 12 additions and 11 deletions
--- a/backend/src/routes/settings.routes.ts
+++ b/backend/src/routes/settings.routes.ts
@ -4,8 +4,10 @@ import { authMiddleware } from '../middleware/auth.js';
				@@ -4,8 +4,10 @@ import { authMiddleware } from '../middleware/auth.js';

 const router = Router();

-// Protected routes - only admins can get/set time limits
-router.get('/time-limit', authMiddleware, getTimeLimit);
+// Public route - anyone can read the time limit
+router.get('/time-limit', getTimeLimit);
+
+// Protected route - only admins can set time limits
 router.put('/time-limit', authMiddleware, setTimeLimit);

 export default router;
--- a/backend/src/routes/wordGroups.routes.ts
+++ b/backend/src/routes/wordGroups.routes.ts
@ -11,20 +11,19 @@ import { authMiddleware } from '../middleware/auth.js';
				@@ -11,20 +11,19 @@ import { authMiddleware } from '../middleware/auth.js';

 const router = Router();

-// All routes require authentication
-router.use(authMiddleware);
-
-// Word group routes (base routes first)
+// Public route - anyone can read word groups
 router.get('/', getAllWordGroups);
-router.post('/', createWordGroup);
+
+// Protected routes - only admins can create/update/delete
+router.post('/', authMiddleware, createWordGroup);

 // Word routes - must come before generic :id routes
 // More specific routes first
-router.post('/:groupId/words', addWord);
-router.delete('/words/:wordId', deleteWord);
+router.post('/:groupId/words', authMiddleware, addWord);
+router.delete('/words/:wordId', authMiddleware, deleteWord);

 // Word group routes with IDs (generic routes last)
-router.put('/:id', updateWordGroup);
-router.delete('/:id', deleteWordGroup);
+router.put('/:id', authMiddleware, updateWordGroup);
+router.delete('/:id', authMiddleware, deleteWordGroup);

 export default router;