chore: update next auth

[arian81]

main goal is to check auth proxy for preview urls

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
portal	Ready	Preview, Comment	Apr 22, 2026 2:22pm

[greptile-apps]

Greptile Summary

This PR bumps next-auth from 4.24.11 to 4.24.14 and removes TYPEFORM_API_KEY from the env schema and example. The resume proxy handler in [...path].ts is left in a broken state: the Authorization header was commented out rather than replaced or the handler removed, meaning all proxied Typeform requests will fail unauthenticated.

• The Authorization: Bearer ... line in src/pages/api/resumes/[...path].ts is commented out, making every request to the Typeform API unauthenticated and non-functional.
• The env import on line 5 of that file is now unused and should be removed.

Confidence Score: 4/5

Safe to merge only if the broken resume proxy is intentional/tracked; otherwise the handler needs the auth header restored or the file removed.

One P1 finding: the commented-out Authorization header leaves the Typeform proxy non-functional. All other changes (next-auth bump, TYPEFORM_API_KEY removal from schema/env) are clean. P1 ceiling is 4/5.

src/pages/api/resumes/[...path].ts — Authorization header is commented out, breaking the proxy.

Important Files Changed

Filename	Overview
src/pages/api/resumes/[...path].ts	Authorization header commented out, breaking the Typeform proxy; env import now unused
src/env/schema.mjs	Removed TYPEFORM_API_KEY from server env schema, consistent with .env.example change
.env.example	Removed TYPEFORM_API_KEY example entry, consistent with schema change
package.json	Bumped next-auth from ^4.24.11 to ^4.24.14 (patch update)
pnpm-lock.yaml	Lock file regenerated to reflect dependency update; quote style normalised by pnpm

Prompt To Fix All With AI

Fix the following 3 code review issues. Work through them one at a time, proposing concise fixes.

---

### Issue 1 of 3
src/pages/api/resumes/[...path].ts:20
**Commented-out auth breaks the proxy**

The `Authorization` header is commented out but the Typeform fetch call remains active. Every proxied request will now reach Typeform without credentials and receive a `401`, making this endpoint non-functional for all authorized users. If the intent is to remove Typeform entirely, delete the handler; otherwise restore the header (or replace it with the new auth mechanism).

### Issue 2 of 3
src/pages/api/resumes/[...path].ts:5
**Unused `env` import**

`env` is imported on line 5 but is no longer referenced anywhere in the file after the `TYPEFORM_API_KEY` usage was commented out. Remove the import to keep the file clean.

### Issue 3 of 3
src/pages/api/resumes/[...path].ts:37
**Wrong HTTP status for unauthorized**

Unauthenticated callers receive `400 Bad Request` instead of the semantically correct `401 Unauthorized`. Consider updating to `res.status(401)`.

_{Reviews (2): Last reviewed commit: "chore: remove depreciated typeform env" | Re-trigger Greptile}

[greptile-apps]

Commented-out auth breaks the proxy

The Authorization header is commented out but the Typeform fetch call remains active. Every proxied request will now reach Typeform without credentials and receive a 401, making this endpoint non-functional for all authorized users. If the intent is to remove Typeform entirely, delete the handler; otherwise restore the header (or replace it with the new auth mechanism).

Prompt To Fix With AI

This is a comment left during a code review.
Path: src/pages/api/resumes/[...path].ts
Line: 20

Comment:
**Commented-out auth breaks the proxy**

The `Authorization` header is commented out but the Typeform fetch call remains active. Every proxied request will now reach Typeform without credentials and receive a `401`, making this endpoint non-functional for all authorized users. If the intent is to remove Typeform entirely, delete the handler; otherwise restore the header (or replace it with the new auth mechanism).

How can I resolve this? If you propose a fix, please make it concise.