Product route: No authentication/authorization on write endpoints

## Severity: Medium
## Category: Security

### Description
In `api/src/routes/product.ts`, the `POST`, `PUT`, and `DELETE` endpoints have no authentication or authorization checks. Per the project's auth design (`@github.com` emails grant admin access), write operations should be gated behind admin authorization.

### Suggested Fix
Add middleware to verify authenticated user has admin privileges before allowing mutating operations on products.

### Affected File
- `api/src/routes/product.ts` (POST, PUT, DELETE handlers)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Product route: No authentication/authorization on write endpoints #14

Severity: Medium

Category: Security

Description

Suggested Fix

Affected File

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Product route: No authentication/authorization on write endpoints #14

Description

Severity: Medium

Category: Security

Description

Suggested Fix

Affected File

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions