chore: route auth-guard linter (baseline 56 unprotected :id-routes)

Scans all routes/*.js for :id-bearing routes without an auth-guard (requireOwnership, requireRole, requirePermission, authMiddleware, parentAuth, or spread middleware arrays like ...auth/...teacher). BASELINE=56 — any new unprotected :id route causes exit(1). Reduce BASELINE as old routes are migrated. Usage: npm run lint:routes # or mark intentional public routes: // @public-by-design: <reason> router.get('/:token', handler); Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-06 17:02:17 +03:00
parent 6b2ec38d9a
commit 513ec059bf
2 changed files with 146 additions and 0 deletions
@@ -9,6 +9,7 @@
    "migrate": "node src/db/migrate.js",
    "seed": "node src/db/seed.js",
    "seed:permissions": "node src/db/seed-permissions.js",
+    "lint:routes": "node scripts/check-route-auth.js",
    "test": "node --test tests/*.test.js"
  },
  "dependencies": {