Skip to content

Bug: Candles endpoint missing authentication #13

Open
#15
Open
Bug: Candles endpoint missing authentication#13
#15
@FuturMix

Description

@FuturMix
FuturMix
opened on Jun 14, 2026

Description

GET /api/candles has no authentication check. Every other API route in the codebase calls authenticate(req), but this endpoint was missed.

Location

apps/web/src/app/api/candles/route.ts — GET handler

Impact

  • Severity: HIGH
  • Unauthenticated access to market data API
  • Potential for rate-limit abuse against upstream exchange APIs
  • Inconsistent with the auth pattern used in all other endpoints

Suggested Fix

Add the standard authenticate(req) call:

export async function GET(req: NextRequest) {
  const auth = await authenticate(req);
  if (!auth) return unauthorized();
  // ... rest of handler
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions