MOPC/MOPC-Portal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(auth): make audience vote, live-scores and ceremony routes public

Browse Source 
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Matt
2026-06-10 18:02:08 +02:00
parent dcd85c9b13
commit 64f88890f5
2 changed files with 23 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
tests/unit/auth-public-paths.test.ts
View File

@@ -22,4 +22,24 @@ describe('middleware public paths', () => {
it('blocks a protected page without a session', () => {
expect(authorized('/admin/logistics', null)).toBe(false)
})
// Grand finale: audience QR voting, public scoreboard, and the big-screen
// ceremony view are all reached by attendees with NO account.
it('allows audience voting pages without a session', () => {
expect(authorized('/vote/competition/round123', null)).toBe(true)
expect(authorized('/vote/session456', null)).toBe(true)
})
it('allows the public live scoreboard without a session', () => {
expect(authorized('/live-scores/session456', null)).toBe(true)
})
it('allows the big-screen ceremony view without a session', () => {
expect(authorized('/live/ceremony/round123', null)).toBe(true)
})
it('keeps jury and admin live surfaces private', () => {
expect(authorized('/jury/competitions/round123/live', null)).toBe(false)
expect(authorized('/admin', null)).toBe(false)
})
})