From 45e7e88b093341fd88df32bc622ec1cfc5329a65 Mon Sep 17 00:00:00 2001 From: Nicolas Meienberger Date: Wed, 17 Dec 2025 16:23:50 +0100 Subject: [PATCH] fix: apply middlewares before the controller definition --- app/server/index.ts | 28 +++++++++++++--------------- 1 file changed, 13 insertions(+), 15 deletions(-) diff --git a/app/server/index.ts b/app/server/index.ts index ab354b3d..ebe9ba18 100644 --- a/app/server/index.ts +++ b/app/server/index.ts @@ -58,21 +58,19 @@ const app = new Hono() }), ) .get("healthcheck", (c) => c.json({ status: "ok" })) - .route( - "/api/v1/auth", - authController.use( - rateLimit({ - windowMs: 15 * 60 * 1000, // 15 minutes - limit: 5, // stricter limit for auth endpoints to prevent brute force - }), - ).basePath("/api/v1"), - ) - .route("/api/v1/volumes", volumeController.use(requireAuth)) - .route("/api/v1/repositories", repositoriesController.use(requireAuth)) - .route("/api/v1/backups", backupScheduleController.use(requireAuth)) - .route("/api/v1/notifications", notificationsController.use(requireAuth)) - .route("/api/v1/system", systemController.use(requireAuth)) - .route("/api/v1/events", eventsController.use(requireAuth)); + .route("/api/v1/auth", authController.basePath("/api/v1")) + .use("/api/v1/volumes/*", requireAuth) + .use("/api/v1/repositories/*", requireAuth) + .use("/api/v1/backups/*", requireAuth) + .use("/api/v1/notifications/*", requireAuth) + .use("/api/v1/system/*", requireAuth) + .use("/api/v1/events/*", requireAuth) + .route("/api/v1/volumes", volumeController) + .route("/api/v1/repositories", repositoriesController) + .route("/api/v1/backups", backupScheduleController) + .route("/api/v1/notifications", notificationsController) + .route("/api/v1/system", systemController) + .route("/api/v1/events", eventsController); // API documentation endpoints require authentication app.get("/api/v1/openapi.json", requireAuth, generalDescriptor(app));