chore: remove unused /api/oauth/refresh route (M5b)

author: Fuwn <[email protected]> 2026-06-02 13:15:46 +0000
committer: Fuwn <[email protected]> 2026-06-02 13:15:46 +0000
commit: 08c4f1831d8761ff443bbb9ad49c3feaedcf8480 (patch)
tree: e4717c435009bfbaba8a7b01e365a7c41334d905 /src/lib/Utility/anilistOauth.ts
parent: fix(security): replace RSS feed URL tokens with encrypted token (M5) (diff)
download: due.moe-08c4f1831d8761ff443bbb9ad49c3feaedcf8480.tar.xz
due.moe-08c4f1831d8761ff443bbb9ad49c3feaedcf8480.zip
1 files changed, 2 insertions, 3 deletions
diff --git a/src/lib/Utility/anilistOauth.ts b/src/lib/Utility/anilistOauth.ts
index 26654ec9..9bb570fb 100644
--- a/src/lib/Utility/anilistOauth.ts
+++ b/src/lib/Utility/anilistOauth.ts
@@ -2,9 +2,8 @@ import { env } from "$env/dynamic/private";
 import { env as publicEnv } from "$env/dynamic/public";
 
 // Exchange a refresh token for a fresh access token WITHOUT touching the auth
-// cookie. Used by the RSS feed, which is polled by an unattended reader that has
-// no session; the interactive /api/oauth/refresh endpoint additionally re-sets
-// the cookie, which this deliberately does not.
+// cookie — used by the RSS feed, which is polled by an unattended reader that
+// has no session, so there is no cookie to re-set.
 export const refreshAniListToken = async (
 	refreshToken: string,
 ): Promise<string | null> => {
author	Fuwn <[email protected]>	2026-06-02 13:15:46 +0000
committer	Fuwn <[email protected]>	2026-06-02 13:15:46 +0000
commit	08c4f1831d8761ff443bbb9ad49c3feaedcf8480 (patch)
tree	e4717c435009bfbaba8a7b01e365a7c41334d905 /src/lib/Utility/anilistOauth.ts
parent	fix(security): replace RSS feed URL tokens with encrypted token (M5) (diff)
download	due.moe-08c4f1831d8761ff443bbb9ad49c3feaedcf8480.tar.xz due.moe-08c4f1831d8761ff443bbb9ad49c3feaedcf8480.zip