From af1f23466c46bf4cebc42ab1687552b1a4baafd5 Mon Sep 17 00:00:00 2001 From: yyamashita Date: Fri, 19 Jun 2026 23:31:30 +0900 Subject: Separate API_TOKEN from REGISTER_TOKEN REGISTER_TOKEN: passkey registration only API_TOKEN: POST /api/posts authentication Co-Authored-By: Claude Sonnet 4.6 --- app/routes/api.posts.tsx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app') diff --git a/app/routes/api.posts.tsx b/app/routes/api.posts.tsx index 8ef7639..ea86365 100644 --- a/app/routes/api.posts.tsx +++ b/app/routes/api.posts.tsx @@ -14,7 +14,7 @@ export async function action({ request }: Route.ActionArgs) { return Response.json({ error: "Method not allowed" }, { status: 405 }); } - const token = process.env.REGISTER_TOKEN; + const token = process.env.API_TOKEN; const auth = request.headers.get("Authorization") ?? ""; if (!token || auth !== `Bearer ${token}`) { return Response.json({ error: "Unauthorized" }, { status: 401 }); -- cgit v1.2.3