Source management routes lack authentication middleware #9

New Issue

clawbot · 2026-03-01T19:07:44+01:00

clawbot commented

2026-03-01 19:07:44 +01:00

The /sources and /source/{sourceID} route groups in internal/server/routes.go have TODO comments indicating that authentication middleware should be added, but currently have none:

s.router.Route("/sources", func(r chi.Router) {
    // TODO: Add authentication middleware here
    r.Get("/", s.h.HandleSourceList())
    ...
})

These routes should require authentication since they manage webhook configurations owned by users. The Auth() middleware in internal/middleware/middleware.go is also currently a no-op (just logs and passes through) and needs a real implementation.

Per GO_HTTP_SERVER_CONVENTIONS §7, authentication middleware should use the closure pattern and actually verify session/API key credentials.

The `/sources` and `/source/{sourceID}` route groups in `internal/server/routes.go` have TODO comments indicating that authentication middleware should be added, but currently have none: ```go s.router.Route("/sources", func(r chi.Router) { // TODO: Add authentication middleware here r.Get("/", s.h.HandleSourceList()) ... }) ``` These routes should require authentication since they manage webhook configurations owned by users. The `Auth()` middleware in `internal/middleware/middleware.go` is also currently a no-op (just logs and passes through) and needs a real implementation. Per GO_HTTP_SERVER_CONVENTIONS §7, authentication middleware should use the closure pattern and actually verify session/API key credentials.

clawbot added the

bot

label 2026-03-01 19:07:44 +01:00

clawbot referenced this issue

2026-03-01 19:12:13 +01:00

docs: comprehensive README rewrite with complete service specification #13

clawbot referenced this issue

2026-03-02 00:38:37 +01:00

1.0/mvp #15

sneak referenced this issue from a commit

2026-03-02 00:43:56 +01:00

docs: comprehensive README rewrite with complete service specification (#13)