From 7f06ba0ee93eebf4482a7eb5d5d25e9d8a072f9d Mon Sep 17 00:00:00 2001
From: Michelle Tilley <michelle@michelletilley.net>
Date: Mon, 23 Mar 2026 09:33:04 -0700
Subject: chore: Refactor CLI auth flows and token storage (#3317)

This PR eplaces the binary `is_hub_sync()` auth routing with an explicit
`SyncAuth` enum that classifies the client's authentication state at
runtime. This fixes a class of bugs where CLI session tokens were
silently mis-stored or used with the wrong auth scheme during Hub
migration.
---
 crates/atuin-server/src/handlers/user.rs | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'crates/atuin-server/src/handlers')

diff --git a/crates/atuin-server/src/handlers/user.rs b/crates/atuin-server/src/handlers/user.rs
index 6436e327..dda7a381 100644
--- a/crates/atuin-server/src/handlers/user.rs
+++ b/crates/atuin-server/src/handlers/user.rs
@@ -150,7 +150,10 @@ pub async fn register<DB: Database>(
     counter!("atuin_users_registered").increment(1);
 
     match db.add_session(&new_session).await {
-        Ok(_) => Ok(Json(RegisterResponse { session: token })),
+        Ok(_) => Ok(Json(RegisterResponse {
+            session: token,
+            auth: Some("cli".into()),
+        })),
         Err(e) => {
             error!("failed to add session: {}", e);
             Err(ErrorResponse::reply("failed to register user")
@@ -254,6 +257,7 @@ pub async fn login<DB: Database>(
 
     Ok(Json(LoginResponse {
         session: session.token,
+        auth: Some("cli".into()),
     }))
 }
 
-- 
cgit v1.3.1