Skip to content

Remove unused API, apipie, rack-cors, and jwt#1352

Open
maebeale wants to merge 2 commits intomainfrom
maebeale/remove-unused-api
Open

Remove unused API, apipie, rack-cors, and jwt#1352
maebeale wants to merge 2 commits intomainfrom
maebeale/remove-unused-api

Conversation

@maebeale
Copy link
Collaborator

@maebeale maebeale commented Mar 7, 2026

What is the goal of this PR and why is this important?

  • Remove the dormant API layer (app/controllers/api/v1/) and its supporting gems
  • The API was built for a WordPress integration that is no longer active
  • No frontend code, external clients, or tests reference these endpoints
  • Eliminates dead code, unused middleware (rack-cors runs on every request), and a Rails 8 compatibility patch for apipie that we no longer need to maintain

How did you approach the change?

  • Searched the entire codebase for references to the API endpoints, JWT, apipie, and rack-cors — confirmed nothing depends on them
  • Removed in two commits:
    1. API controllers, routes, apipie gem/config, JWT auth service, and error class
    2. rack-cors and jwt gems with rationale for why they are safe to remove
  • Updated AGENTS.md to reflect the removals

Anything else to add?

  • rack-cors had no CORS initializer — it was adding middleware with no configuration
  • jwt was only used by AuthenticationToken, which was only used by the API
  • If cross-origin support is needed in the future, rack-cors can be re-added with a proper initializer

maebeale added 2 commits March 6, 2026 20:28
@maebeale
Remove unused API controllers, apipie, and JWT auth
e76702c 
The API (app/controllers/api/v1/) was built for a WordPress integration
that never materialized or was abandoned. No frontend code calls these
endpoints, no external clients consume them, and there are no tests.

Removes:
- 5 API v1 controllers (auth, quotes, resources, workshops)
- AuthenticationToken JWT service and AuthenticationFailed error
- apipie-rails gem and its Rails 8 compatibility patch
- API routes and apipie documentation mount
@maebeale
Remove rack-cors and jwt gems (no longer needed)
20cb76f 
rack-cors: This app is a traditional server-rendered Rails app using
Turbo/Stimulus — all requests originate from the same domain. CORS
headers are only needed when a browser makes cross-origin requests
(e.g. a separate SPA or external site calling your API). With the API
removed and no cross-origin consumers, rack-cors adds middleware to
every request for no benefit. Rails does not include built-in CORS
support, so if cross-origin needs arise later, rack-cors can be
re-added with a proper initializer (one never existed here).

jwt: Only used by the now-removed AuthenticationToken service for API
auth. No other code references the JWT gem.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@maebeale