refactor: split request auth from local owner lookup #365

New issue

Closed

opened 2026-05-11 21:02:06 +00:00 by barrettruth · 0 comments

barrettruth commented 2026-05-11 21:02:06 +00:00

Owner

Copy link

Parent: #355

Problem

Auth helpers mix local owner creation/lookup, API-key request auth, unauthorized responses, and IP/rate-limit utilities. Some routes intentionally use local owner access while others require request auth, but helper names do not make that boundary obvious.

Solution

Split the auth helper surface by responsibility:

• explicit local-owner lookup/bootstrap helper
• explicit request API-key auth helper
• explicit unauthorized/error response helper where useful
• preserve every current route's access semantics

Acceptance criteria

• Route code makes local-owner vs request-auth behavior obvious.
• No route becomes more or less permissive.
• Auth/API tests cover the unchanged behavior.

Parent: #355 ## Problem Auth helpers mix local owner creation/lookup, API-key request auth, unauthorized responses, and IP/rate-limit utilities. Some routes intentionally use local owner access while others require request auth, but helper names do not make that boundary obvious. ## Solution Split the auth helper surface by responsibility: - explicit local-owner lookup/bootstrap helper - explicit request API-key auth helper - explicit unauthorized/error response helper where useful - preserve every current route's access semantics ## Acceptance criteria - Route code makes local-owner vs request-auth behavior obvious. - No route becomes more or less permissive. - Auth/API tests cover the unchanged behavior.

barrettruth added the

track:api

track:core

type:cleanup

labels 2026-05-11 21:02:06 +00:00

barrettruth referenced this issue 2026-05-11 21:02:45 +00:00

tracker: foundation hardening before Google sync #355

barrettruth referenced this issue from a pull request that will close it, 2026-05-11 21:33:00 +00:00

refactor: split request auth from local owner lookup #380

barrettruth closed this issue 2026-05-12 12:42:09 +00:00

barrettruth referenced this issue from a commit 2026-05-12 12:42:10 +00:00

refactor: split request auth from local owner lookup (#380)

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

feat/software-sync

ship/delta-codex-skill

fix/cli-filter-args

fix-calendar-g-leader-shortcuts

harden-keyboard-capture

fix-queue-gc-hard-refresh

fix/task-panel-scroll-restoration

fix/calendar-quick-add-preview-stability

fix/467-local-first-shortcuts

docs/nixos-self-hosting-first-pass

calendar-elapsed-events

calendar-active-day-blue

calendar-outline-no-fill

calendar-neutral-day-state

fix-calendar-drag-visual-position

issue-364-task-api-route-adapters

issue-362-manpage-drift

issue-315-geocoding-config

release/cli-0.0.5

release/cli-0.0.4

fix/task-panel-save-atomicity

settings-modal

feat/add-task-external-links

feat/reminder-transport-settings

feat/reminder-foundation

build/oidc-release-pipeline

fix/settings-cleanup

fix/remove-oauth-config-ui

cli-v0.0.6

cli-v0.0.5

cli-v0.0.4

nightly-20260426

cli-v0.0.2

Labels

Clear labels   

bug

Something isn't working

  

documentation

Improvements or additions to documentation

  

duplicate

This issue or pull request already exists

  

enhancement

New feature or request

  

good first issue

Good for newcomers

  

help wanted

Extra attention is needed

  

invalid

This doesn't seem right

  

question

Further information is requested

  

status:blocked

Blocked on a decision, credential, or external dependency

  

track:api

API layer track

  

track:auto

Automation track

  

track:core

Core engine track

  

track:deploy

Deployment track

  

track:infra

Infrastructure track

  

track:ui

Web UI track

  

type:cleanup

Small cleanup, polish, or consolidation work

  

type:docs

Documentation and operator guidance

  

type:epic

Umbrella issue that coordinates related work

  

type:release

Release, packaging, and versioning work

  

type:research

Decision or investigation work before implementation

  

wontfix

This will not be worked on

No labels

bug

documentation

duplicate

enhancement

good first issue

help wanted

invalid

question

status:blocked

track:api

track:auto

track:core

track:deploy

track:infra

track:ui

type:cleanup

type:docs

type:epic

type:release

type:research

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

barrettruth/delta#365

No description provided.