Backend scaffold test endpoints exposed in production without authentication #301
Description
Problem
backend/src/atomify_api/routers/test.py defines two unauthenticated endpoints:
POST /test— writes arbitrary messages to the databaseGET /test— reads all test records from the database
These endpoints are unconditionally registered in main.py:
app.include_router(test_router)This is scaffolding/boilerplate that was never removed. In production it allows anyone to write to the test_records table without any credentials.
Solution
Remove the test router and its associated model/migration from the codebase. If a DB connectivity check is needed in production, the existing /health endpoint is the right place for that.