From 24704e28b6fb931b3dfd652b31f1850dd242073f Mon Sep 17 00:00:00 2001
From: Till JS <tills95@gmail.com>
Date: Fri, 17 Apr 2026 13:37:17 +0200
Subject: [PATCH] fix(wetter): mount routes before auth middleware
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Weather data is public — no user-specific data involved. Move the
wetter route registration above authMiddleware() so requests don't
require a JWT token. Rate limiting still applies.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 apps/api/src/index.ts | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/apps/api/src/index.ts b/apps/api/src/index.ts
index 6e4e372de..04347ed47 100644
--- a/apps/api/src/index.ts
+++ b/apps/api/src/index.ts
@@ -51,6 +51,10 @@ app.notFound(notFoundHandler);
 app.use('*', cors({ origin: CORS_ORIGINS, credentials: true }));
 app.route('/health', healthRoute('mana-api'));
 app.use('/api/*', rateLimitMiddleware({ max: 200, windowMs: 60_000 }));
+
+// Public routes — no auth required (weather data is public)
+app.route('/api/v1/wetter', wetterRoutes);
+
 app.use('/api/*', authMiddleware());
 
 // ─── MCP Endpoint ──────────────────────────────────────────
@@ -76,7 +80,6 @@ app.route('/api/v1/traces', tracesRoutes);
 app.route('/api/v1/presi', presiRoutes);
 app.route('/api/v1/research', researchRoutes);
 app.route('/api/v1/who', whoRoutes);
-app.route('/api/v1/wetter', wetterRoutes);
 
 // ─── Server Info ────────────────────────────────────────────
 console.log(`mana-api starting on port ${PORT}...`);