From 34cefc75b6d84fe090c2c23595cb3020aab838d8 Mon Sep 17 00:00:00 2001
From: Yigit Colakoglu <yigitcolakoglu@hotmail.com>
Date: Tue, 30 Dec 2025 16:58:19 -0800
Subject: [PATCH] Allow public access to documentation endpoints
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Skip auth for /docs, /redoc, /openapi.json

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 src/middleware/auth.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/middleware/auth.py b/src/middleware/auth.py
index 532fc6c..c4a4bc3 100644
--- a/src/middleware/auth.py
+++ b/src/middleware/auth.py
@@ -20,8 +20,9 @@ class APIKeyAuthMiddleware(BaseHTTPMiddleware):
         if not self.api_key:
             return await call_next(request)
 
-        # Skip auth for health check endpoints
-        if request.url.path in ["/health", "/healthz", "/"]:
+        # Skip auth for health check and documentation endpoints
+        public_paths = ["/health", "/healthz", "/", "/docs", "/redoc", "/openapi.json"]
+        if request.url.path in public_paths:
             return await call_next(request)
 
         # Get the Authorization header