2 files changed, 2 insertions, 32 deletions

diff --git a/src/lib/Utility/anilistOauth.ts b/src/lib/Utility/anilistOauth.ts
index 26654ec9..9bb570fb 100644
--- a/src/lib/Utility/anilistOauth.ts
+++ b/src/lib/Utility/anilistOauth.ts
@@ -2,9 +2,8 @@ import { env } from "$env/dynamic/private";
 import { env as publicEnv } from "$env/dynamic/public";
 
 // Exchange a refresh token for a fresh access token WITHOUT touching the auth
-// cookie. Used by the RSS feed, which is polled by an unattended reader that has
-// no session; the interactive /api/oauth/refresh endpoint additionally re-sets
-// the cookie, which this deliberately does not.
+// cookie — used by the RSS feed, which is polled by an unattended reader that
+// has no session, so there is no cookie to re-set.
 export const refreshAniListToken = async (
 	refreshToken: string,
 ): Promise<string | null> => {
diff --git a/src/routes/api/oauth/refresh/+server.ts b/src/routes/api/oauth/refresh/+server.ts
deleted file mode 100644
index 49306076..00000000
--- a/src/routes/api/oauth/refresh/+server.ts
+++ /dev/null
@@ -1,29 +0,0 @@
-import { redirect } from "@sveltejs/kit";
-import { env } from "$env/dynamic/private";
-import { env as env2 } from "$env/dynamic/public";
-
-export const GET = async ({ url, cookies }) => {
-	const formData = new FormData();
-
-	formData.append("grant_type", "refresh_token");
-	formData.append("client_id", env2.PUBLIC_ANILIST_CLIENT_ID as string);
-	formData.append("client_secret", env.ANILIST_CLIENT_SECRET as string);
-	formData.append("refresh_token", url.searchParams.get("token") || "");
-
-	const newUser = await (
-		await fetch("https://anilist.co/api/v2/oauth/token", {
-			method: "POST",
-			body: formData,
-		})
-	).json();
-
-	cookies.set("user", JSON.stringify(newUser), {
-		path: "/",
-		maxAge: 60 * 60 * 24 * 7,
-		httpOnly: false,
-		sameSite: "lax",
-	});
-
-	if (url.searchParams.get("redirect")) redirect(303, "/");
-	else return Response.json(newUser);
-};