Matt 146691be00 fix(auth): allow /api/cron paths past middleware (self-guarded by CRON_SECRET) ...

The middleware matcher intercepts /api/cron/* but the prefix was absent from
publicPaths, so unauthenticated scheduler calls were 307'd to /login and the
cron handlers never ran. All 9 cron routes already enforce x-cron-secret, so
opening the prefix is safe and unblocks the new final-document-reminders cron
(and repairs the existing crons). Same class of gap as the /lunch/pick fix.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-09 16:03:55 +02:00

..

app

feat(final-docs): auto pre-deadline reminder cron

2026-06-09 16:00:42 +02:00

components

feat(final-docs): Final Documents panel on team + mentor views

2026-06-09 15:53:39 +02:00

contexts

Initial commit: MOPC platform with Docker deployment setup

2026-01-30 13:41:32 +01:00

hooks

Competition/Round architecture: full platform rewrite (Phases 1-9)

2026-02-15 23:04:15 +01:00

lib

fix(auth): allow /api/cron paths past middleware (self-guarded by CRON_SECRET)

2026-06-09 16:03:55 +02:00

server

feat(final-docs): auto pre-deadline reminder cron

2026-06-09 16:00:42 +02:00

types

refactor(awards): remove AWARD_MASTER role, fold features into jury chair flow

2026-05-07 15:21:09 +02:00

instrumentation.ts

Move round scheduler in-app via instrumentation.ts, remove cron endpoint

2026-02-18 11:35:28 +01:00

middleware.ts

Initial commit: MOPC platform with Docker deployment setup

2026-01-30 13:41:32 +01:00