/server/routes/auth.ts with enforcement in /server/middleware/auth.ts.
Responsibilities
- validate bearer/session identity
- map authenticated user to local domain records
- expose profile/session endpoints used by frontend and extensions
Sensitive Dependencies
- Supabase token verification behavior
- CORS + extension origin settings in
/server/index.ts - frontend auth handling in
/client/src/contexts/AuthContext.tsx
Change Checklist
- verify unauthorized, expired, and invalid token flows
- confirm no regression in extension auth-sync behavior
- run auth-focused integration/e2e tests
- verify no public route gained private data exposure
High-Risk Anti-Patterns
- broad auth bypasses
- silent fallback to unauthenticated identity
- changing token parsing without end-to-end verification