root 3ea150bad1 fix: extract softAuth to shared module and apply to icon_sets router ...

Move the softAuth middleware from devices.js into a new shared
lib/api/soft_auth.js module. Apply router.use(softAuth) and
router.use(errorMiddleware) to icon_sets.js so that POST/DELETE
owner-only routes return 401 (not 500) when no auth is present.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

2026-06-09 09:10:16 +10:00

2.5 KiB

Raw Blame History

View Raw