From 4d6aeedccdde63f66791e9a9007a281e61a351d9 Mon Sep 17 00:00:00 2001
From: DmitrL-dev <84296377+DmitrL-dev@users.noreply.github.com>
Date: Tue, 31 Mar 2026 08:38:46 +1000
Subject: [PATCH] fix(auth): whitelist /api/auth/demo in JWT middleware to fix
 demo login

---
 internal/infrastructure/auth/middleware.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/internal/infrastructure/auth/middleware.go b/internal/infrastructure/auth/middleware.go
index 55155a1..1841432 100644
--- a/internal/infrastructure/auth/middleware.go
+++ b/internal/infrastructure/auth/middleware.go
@@ -33,6 +33,7 @@ func NewJWTMiddleware(secret []byte) *JWTMiddleware {
 			"/api/auth/register": true,
 			"/api/auth/verify":   true,
 			"/api/auth/plans":    true,
+			"/api/auth/demo":     true,
 			"/api/v1/scan":       true, // public demo scanner
 			"/api/v1/usage":      true, // public usage/quota check
 			"/api/v1/soc/events": true, // sensor ingest (auth via RBAC API key when enabled)