feat(api): add auth middleware to protect game endpoints

- Add requireAuth middleware using Better Auth session validation - Apply to all game routes (start, answer) - Unauthenticated requests return 401
2026-04-12 13:38:32 +02:00 · 2026-04-12 13:38:32 +02:00 · a3685a9e68
commit a3685a9e68
parent 91a3112d8b
13 changed files with 196 additions and 24 deletions
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@ -56,10 +56,16 @@ importers:
      better-auth:
        specifier: ^1.6.2
        version: 1.6.2(@opentelemetry/api@1.9.1)(drizzle-kit@0.31.10)(drizzle-orm@0.45.1(@opentelemetry/api@1.9.1)(@types/pg@8.20.0)(kysely@0.28.16)(pg@8.20.0))(pg@8.20.0)(react-dom@19.2.4(react@19.2.4))(react@19.2.4)(vitest@4.1.0(@opentelemetry/api@1.9.1)(@types/node@25.5.0)(jsdom@29.0.1(@noble/hashes@2.2.0))(vite@8.0.1(@types/node@25.5.0)(esbuild@0.27.4)(jiti@2.6.1)(tsx@4.21.0)))
+      cors:
+        specifier: ^2.8.6
+        version: 2.8.6
      express:
        specifier: ^5.2.1
        version: 5.2.1
    devDependencies:
+      '@types/cors':
+        specifier: ^2.8.19
+        version: 2.8.19
      '@types/express':
        specifier: ^5.0.6
        version: 5.0.6
@ -1243,6 +1249,9 @@ packages:
  '@types/cookiejar@2.1.5':
    resolution: {integrity: sha512-he+DHOWReW0nghN24E1WUqM0efK4kI9oTqDm6XmK8ZPe2djZ90BSNdGnIyCLzCPw7/pogPlGbzI2wHGGmi4O/Q==}

+  '@types/cors@2.8.19':
+    resolution: {integrity: sha512-mFNylyeyqN93lfe/9CSxOGREz8cpzAhH+E93xJ4xWQf62V8sQ/24reV2nyzUWM6H6Xji+GGHpkbLe7pVoUEskg==}
+
  '@types/deep-eql@4.0.2':
    resolution: {integrity: sha512-c9h9dVVMigMPc4bwTvC5dxqtqJZwQPePsWjPlpSOnojbor6pGqdk541lfA7AqFQr5pB1BRdq0juY9db81BwyFw==}

@ -1662,6 +1671,10 @@ packages:
  cookiejar@2.1.4:
    resolution: {integrity: sha512-LDx6oHrK+PhzLKJU9j5S7/Y3jM/mUHvD/DeI1WQmJn652iPC5Y4TBzC9l+5OMOXlyTTA+SmVUPm0HQUwpD5Jqw==}

+  cors@2.8.6:
+    resolution: {integrity: sha512-tJtZBBHA6vjIAaF6EnIaq6laBBP9aq/Y3ouVJjEfoHbRBcHBAHYcMh/w8LDrk2PvIMMq8gmopa5D4V8RmbrxGw==}
+    engines: {node: '>= 0.10'}
+
  crc-32@1.2.2:
    resolution: {integrity: sha512-ROmzCKrTnOwybPcJApAA6WBWij23HVfGVNKqqrZpuyZOHqK2CwHSvpGuyt/UNNvaIjEd8X5IFGp4Mh+Ie1IHJQ==}
    engines: {node: '>=0.8'}
@ -2397,6 +2410,10 @@ packages:
    resolution: {integrity: sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==}
    engines: {node: '>=0.10.0'}

+  object-assign@4.1.1:
+    resolution: {integrity: sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==}
+    engines: {node: '>=0.10.0'}
+
  object-inspect@1.13.4:
    resolution: {integrity: sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew==}
    engines: {node: '>= 0.4'}
@ -3821,6 +3838,10 @@ snapshots:

  '@types/cookiejar@2.1.5': {}

+  '@types/cors@2.8.19':
+    dependencies:
+      '@types/node': 24.12.0
+
  '@types/deep-eql@4.0.2': {}

  '@types/esrecurse@4.3.1': {}
@ -4306,6 +4327,11 @@ snapshots:

  cookiejar@2.1.4: {}

+  cors@2.8.6:
+    dependencies:
+      object-assign: 4.1.1
+      vary: 1.1.2
+
  crc-32@1.2.2: {}

  cross-spawn@7.0.6:
@ -4985,6 +5011,8 @@ snapshots:

  normalize-path@3.0.0: {}

+  object-assign@4.1.1: {}
+
  object-inspect@1.13.4: {}

  obug@2.1.1: {}