From fee576f638d7d3849c03e306b0d393ffad8aabc5 Mon Sep 17 00:00:00 2001
From: Andrew Phillips <andrew.phillips2@canada.ca>
Date: Thu, 28 Aug 2025 16:21:58 -0300
Subject: [PATCH] feat: restructure routes to separate authenticated and public
 endpoints

Co-authored-by: aider (openai/andrew/openrouter/deepseek/deepseek-chat-v3.1) <aider@aider.chat>
---
 src/modes/server.rs | 32 +++++++++++++-------------------
 1 file changed, 13 insertions(+), 19 deletions(-)

diff --git a/src/modes/server.rs b/src/modes/server.rs
index d58aa98..9063ad1 100644
--- a/src/modes/server.rs
+++ b/src/modes/server.rs
@@ -98,33 +98,27 @@ async fn run_server(
         .route("/mcp", post(mcp::handle_mcp_request))
         .with_state(state.clone());
     
-    // Create routes that don't require authentication
-    let open_routes = Router::new()
+    // Create the app with documentation routes open and others protected
+    let app = Router::new()
+        // Add documentation routes without authentication
         .merge(api::add_docs_routes(Router::new()))
-        .with_state(state.clone())
-        .layer(axum::middleware::from_fn(logging_middleware))
-        .layer(
-            ServiceBuilder::new()
-                .layer(TraceLayer::new_for_http())
-                .layer(CorsLayer::permissive())
-        );
-
-    // Create routes that require authentication
-    let protected_routes = Router::new()
-        .merge(api::add_routes(Router::new()))
-        .merge(pages::add_routes(Router::new()))
-        .merge(mcp_router)
+        // Add API, pages, and MCP routes with authentication
+        .merge(
+            Router::new()
+                .merge(api::add_routes(Router::new()))
+                .merge(pages::add_routes(Router::new()))
+                .merge(mcp_router)
+                .layer(axum::middleware::from_fn(create_auth_middleware(config.password.clone(), config.password_hash.clone())))
+        )
+        // Apply state to all routes
         .with_state(state)
+        // Add other middleware layers to all routes
         .layer(axum::middleware::from_fn(logging_middleware))
-        .layer(axum::middleware::from_fn(create_auth_middleware(config.password.clone(), config.password_hash.clone())))
         .layer(
             ServiceBuilder::new()
                 .layer(TraceLayer::new_for_http())
                 .layer(CorsLayer::permissive())
         );
-
-    // Combine both route groups
-    let app = open_routes.merge(protected_routes);
     
     let addr: SocketAddr = bind_address.parse()?;