From ccac6a4d2f57fb7f7df8aa4a0773e695ca6810c4 Mon Sep 17 00:00:00 2001
From: arrelin <arrelin54@mail.ru>
Date: Fri, 23 Jan 2026 17:28:31 +0300
Subject: [PATCH] fix: add auth layer to family protected routes

Fix authentication for /families/:id/members endpoint by adding
auth_layer instead of just session_layer to family_protected_routes.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
---
 backend/src/lib.rs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/backend/src/lib.rs b/backend/src/lib.rs
index 2d6dea9..cefb467 100644
--- a/backend/src/lib.rs
+++ b/backend/src/lib.rs
@@ -176,7 +176,7 @@ pub async fn create_app(db: DatabaseConnection) -> Result<Router, DbErr> {
         .route("/my-family/invite-links", get(routes::invite_link::get_my_invite_links))
         .route("/my-family/invite-links/:token", delete(routes::invite_link::delete_invite_link))
         .route("/invite/:token/join", post(routes::invite_link::join_family_via_invite))
-        .layer(auth_layer)
+        .layer(auth_layer.clone())
         .with_state(db.clone());
 
     let family_protected_routes = Router::new()
@@ -201,7 +201,7 @@ pub async fn create_app(db: DatabaseConnection) -> Result<Router, DbErr> {
         .route("/families/:family_id/shopping-items/clear-all", delete(routes::shopping_item::clear_all))
         .route("/families/:family_id/members", get(routes::user::get_family_members))
         .route_layer(axum_middleware::from_fn(middleware::require_family_access))
-        .layer(session_layer.clone())
+        .layer(auth_layer.clone())
         .with_state(db.clone());
 
     let public_routes = Router::new()