Commit 18e0701
refactor(webapp): drop ApiAuthenticationResultSuccess.scopes + delete dead authorization.server.ts
Two related cleanups falling out of the RBAC migration.
The `scopes?: string[]` field on `ApiAuthenticationResultSuccess` was
populated from JWT claims by the legacy auth path and consumed only
by `services/authorization.server.ts`'s `checkAuthorization`. The new
apiBuilder bridge (which constructs the same result type) doesn't
populate scopes, and every call site has migrated to the rbac
ability model. Verified by grep: no handler reads
`authentication.scopes` / `authenticationResult.scopes` anywhere
outside the dead `authorization.server` module.
A perpetually-undefined optional field is a footgun — future code
might branch on it and silently misbehave. Drop it from the type and
remove the two dead-write populations in `authenticateApiKey` and
`authenticateApiKeyWithFailure`.
`services/authorization.server.ts` (the file that defined
`AuthorizationEntity`, `AuthorizationResources`, and the
`checkAuthorization` function) is wholly dead — nothing in
`apps/webapp/app` imports it any more. Delete it. The route comments
that reference "the legacy `checkAuthorization`" are kept for
historical context.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>1 parent 8953f21 commit 18e0701
2 files changed
Lines changed: 0 additions & 116 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
52 | 52 | | |
53 | 53 | | |
54 | 54 | | |
55 | | - | |
56 | 55 | | |
57 | 56 | | |
58 | 57 | | |
| |||
163 | 162 | | |
164 | 163 | | |
165 | 164 | | |
166 | | - | |
167 | 165 | | |
168 | 166 | | |
169 | 167 | | |
| |||
246 | 244 | | |
247 | 245 | | |
248 | 246 | | |
249 | | - | |
250 | 247 | | |
251 | 248 | | |
252 | 249 | | |
| |||
This file was deleted.
0 commit comments