diff --git a/src/modes/server.rs b/src/modes/server.rs index d58aa98..9063ad1 100644 --- a/src/modes/server.rs +++ b/src/modes/server.rs @@ -98,33 +98,27 @@ async fn run_server( .route("/mcp", post(mcp::handle_mcp_request)) .with_state(state.clone()); - // Create routes that don't require authentication - let open_routes = Router::new() + // Create the app with documentation routes open and others protected + let app = Router::new() + // Add documentation routes without authentication .merge(api::add_docs_routes(Router::new())) - .with_state(state.clone()) - .layer(axum::middleware::from_fn(logging_middleware)) - .layer( - ServiceBuilder::new() - .layer(TraceLayer::new_for_http()) - .layer(CorsLayer::permissive()) - ); - - // Create routes that require authentication - let protected_routes = Router::new() - .merge(api::add_routes(Router::new())) - .merge(pages::add_routes(Router::new())) - .merge(mcp_router) + // Add API, pages, and MCP routes with authentication + .merge( + Router::new() + .merge(api::add_routes(Router::new())) + .merge(pages::add_routes(Router::new())) + .merge(mcp_router) + .layer(axum::middleware::from_fn(create_auth_middleware(config.password.clone(), config.password_hash.clone()))) + ) + // Apply state to all routes .with_state(state) + // Add other middleware layers to all routes .layer(axum::middleware::from_fn(logging_middleware)) - .layer(axum::middleware::from_fn(create_auth_middleware(config.password.clone(), config.password_hash.clone()))) .layer( ServiceBuilder::new() .layer(TraceLayer::new_for_http()) .layer(CorsLayer::permissive()) ); - - // Combine both route groups - let app = open_routes.merge(protected_routes); let addr: SocketAddr = bind_address.parse()?;