fix: enforce authentication on sensitive backend routes#63
Open
code-with-kishan wants to merge 1 commit intoanothercoder-nik:masterfrom
Open
fix: enforce authentication on sensitive backend routes#63code-with-kishan wants to merge 1 commit intoanothercoder-nik:masterfrom
code-with-kishan wants to merge 1 commit intoanothercoder-nik:masterfrom
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🔐 Enforce Authentication on Sensitive Backend Routes
This pull request improves backend security by enforcing explicit authentication on sensitive API endpoints that previously relied on implicit or upstream checks.
🚨 Problem
Several backend routes handling critical operations (recording uploads, rendering jobs, and email invitations) did not explicitly enforce authentication at the route level.
If middleware configuration was bypassed or misapplied, these endpoints could be accessed without proper authorization.
✅ What’s Changed
Authentication is now explicitly enforced using
authenticateTokenmiddleware on sensitive routes:Recording APIs
/upload-chunk/upload-complete-video/merge-chunks/session/:sessionId/videos/recordings/:participantIdRender API
/renderEmail APIs
/send-invitation/send-bulk-invitations🛡️ Security Impact
🔗 Related Issue
Fixes #62
🏷️ Program
ECWoC’26
🙌 Notes for Reviewers
🙋 Request for Review
Hi @anothercoder-nik 👋
I’ve implemented authentication enforcement for the sensitive backend routes as discussed in Issue #62.
If any changes, improvements, or adjustments are required, please let me know — I’d be happy to update the PR accordingly.
Looking forward to your feedback. Thank you!
Thank you for reviewing! 🚀