MOPC-Portal

Author SHA1 Message Date

Author	SHA1	Message	Date
Matt	64f88890f5	fix(auth): make audience vote, live-scores and ceremony routes public Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-10 18:02:08 +02:00
Matt	a6fc697e4d	fix(auth): allow /lunch/pick public access for accountless external attendees All checks were successful Build and Push Docker Image / build (push) Successful in 7m30s Details The external dish-picker page is reached via a signed token by attendees who have no account. The middleware authorized() callback redirected any non allowlisted path to /login, which is a dead end for accountless users — so the picker shipped in `8d4f0ba` was unreachable in prod (307 → /login). Add /lunch/pick to publicPaths; data stays gated by token verification in tRPC. Adds a regression test asserting the path is public and a protected path is not. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-05 12:18:10 +02:00

Matt

64f88890f5

fix(auth): make audience vote, live-scores and ceremony routes public

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-10 18:02:08 +02:00

Matt

a6fc697e4d

fix(auth): allow /lunch/pick public access for accountless external attendees

Build and Push Docker Image / build (push) Successful in 7m30s

Details

The external dish-picker page is reached via a signed token by attendees who
have no account. The middleware authorized() callback redirected any non
allowlisted path to /login, which is a dead end for accountless users — so the
picker shipped in 8d4f0ba was unreachable in prod (307 → /login). Add
/lunch/pick to publicPaths; data stays gated by token verification in tRPC.

Adds a regression test asserting the path is public and a protected path is not.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-05 12:18:10 +02:00

2 Commits