From 3ac0a1779035a8e0338c34777b8a1a5dadc89cd9 Mon Sep 17 00:00:00 2001
From: "gabriel.pereira" <gabriel.pereira@sothis.com.br>
Date: Mon, 20 Oct 2025 14:49:52 -0300
Subject: [PATCH] =?UTF-8?q?FEAT:=20reintroduzir=20prote=C3=A7=C3=A3o=20de?=
 =?UTF-8?q?=20acesso=20=C3=A0=20rota=20/public,=20garantindo=20que=20apena?=
 =?UTF-8?q?s=20usu=C3=A1rios=20autenticados=20possam=20acess=C3=A1-la?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app.js | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/app.js b/app.js
index 84091dd..8151d3b 100644
--- a/app.js
+++ b/app.js
@@ -55,11 +55,6 @@ function createApp() {
     return res.redirect("/login");
   }
 
-  // monta rotas de autenticação públicas
-  app.use("/", authRoutes);
-
-  // servir /public APENAS quando autenticado
-  app.use("/public", requireAuth, express.static(path.join(__dirname, "public")));
 
   // proteger demais rotas (ex.: /upload, /consulta)
   app.use((req, res, next) => {
@@ -594,6 +589,9 @@ function createApp() {
   // Usa as rotas de autenticação
   app.use("/", authRoutes);
 
+    // servir /public APENAS quando autenticado
+  app.use("/public", requireAuth, express.static(path.join(__dirname, "public")));
+
   // Middleware para proteger rotas
   app.use((req, res, next) => {
     if (!req.session.user && req.path !== "/login" && !req.path.startsWith("/auth")) {