Problem
backend/src/atomify_api/routers/test.py defines two unauthenticated endpoints:
POST /test — writes arbitrary messages to the databaseGET /test — reads all test records from the database
These endpoints are unconditionally registered in main.py:
app.include_router(test_router)
This is scaffolding/boilerplate that was never removed. In production it allows anyone to write to the test_records table without any credentials.
Solution
Remove the test router and its associated model/migration from the codebase. If a DB connectivity check is needed in production, the existing /health endpoint is the right place for that.
Problem
backend/src/atomify_api/routers/test.pydefines two unauthenticated endpoints:POST /test— writes arbitrary messages to the databaseGET /test— reads all test records from the databaseThese endpoints are unconditionally registered in
main.py:This is scaffolding/boilerplate that was never removed. In production it allows anyone to write to the
test_recordstable without any credentials.Solution
Remove the test router and its associated model/migration from the codebase. If a DB connectivity check is needed in production, the existing
/healthendpoint is the right place for that.