Lock down coming-soon mode to block all users including authenticated

Remove auth bypass from coming-soon middleware so no one can access the in-development site in production. Remove unused login button from coming-soon page since wiki has its own OIDC login flow.
2026-03-19 10:27:19 +00:00 · 2026-03-19 10:27:19 +00:00 · ea6c4d8329
commit ea6c4d8329
parent 44805dbecf
2 changed files with 1 additions and 29 deletions
--- a/app/middleware/coming-soon.global.js
+++ b/app/middleware/coming-soon.global.js
@ -13,25 +13,6 @@ export default defineNuxtRouteMiddleware(async (to, from) => {
    return;
  }

-  // Allow authenticated users to bypass coming-soon
-  const authToken = useCookie("auth-token");
-  if (authToken.value) {
-    // On the server, verify the JWT is actually valid
-    if (import.meta.server) {
-      try {
-        const { jwtSecret } = useRuntimeConfig();
-        const jwt = await import("jsonwebtoken").then((m) => m.default);
-        jwt.verify(authToken.value, jwtSecret);
-        return;
-      } catch {
-        // Invalid/expired token — fall through to coming-soon redirect
-      }
-    } else {
-      // Client-side: trust the cookie (SSR already validated on initial load)
-      return;
-    }
-  }
-
-  // Redirect all other routes to coming-soon
+  // Redirect all other routes to coming-soon — no exceptions
  return navigateTo("/coming-soon");
 });
--- a/app/pages/coming-soon.vue
+++ b/app/pages/coming-soon.vue
@ -4,13 +4,6 @@
      <h1 class="text-display-xl font-bold mb-4">Ghost Guild</h1>
      <p class="text-display-sm text-guild-400">Coming Soon</p>
    </a>
-    <button
-      class="mt-12 text-sm text-guild-500 hover:text-guild-300 transition-colors"
-      @click="openLoginModal"
-    >
-      Member login
-    </button>
-    <LoginModal />
  </div>
 </template>

@ -18,6 +11,4 @@
 definePageMeta({
  layout: "coming-soon",
 });
-
-const { openLoginModal } = useLoginModal();
 </script>