From 34fed9dcee4913b06c9bc062ef61b589faf7751b Mon Sep 17 00:00:00 2001
From: xrendan <brendan@brendansamek.com>
Date: Fri, 27 Mar 2026 11:58:57 -0600
Subject: [PATCH] Enforce admin authentication in all environments

Previously, admin routes (Avo, GoodJob) were unprotected in development
and Avo's authenticate_with block was commented out. This enforces
Warden-based auth and admin-only route guards unconditionally.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 config/initializers/avo.rb | 5 +++--
 config/routes.rb           | 7 +------
 2 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/config/initializers/avo.rb b/config/initializers/avo.rb
index c207085..186625d 100644
--- a/config/initializers/avo.rb
+++ b/config/initializers/avo.rb
@@ -19,8 +19,9 @@
 
   ## == Authentication ==
   config.current_user_method = :current_user
-  # config.authenticate_with do
-  # end
+  config.authenticate_with do
+    warden.authenticate! scope: :user
+  end
 
   ## == Authorization ==
   # config.is_admin_method = :is_admin
diff --git a/config/routes.rb b/config/routes.rb
index 1a100ad..a339029 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -1,12 +1,7 @@
 Rails.application.routes.draw do
-  if Rails.env.development?
+  authenticate :user, lambda { |u| u.admin? } do
     mount GoodJob::Engine => "/admin/good_job"
     mount Avo::Engine => "/admin"
-  else
-    authenticate :user, lambda { |u| u.admin? } do
-      mount GoodJob::Engine => "/admin/good_job"
-      mount Avo::Engine => "/admin"
-    end
   end
 
   # Custom Avo tool routes