From 1b79d531d0b03cfade4404263639e4a1727f69dc Mon Sep 17 00:00:00 2001
From: evanpelle <evanpelle@gmail.com>
Date: Fri, 12 Dec 2025 16:49:22 -0800
Subject: [PATCH] require jwts for production

---
 src/server/jwt.ts | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/server/jwt.ts b/src/server/jwt.ts
index 11ab6a369..e4a09b012 100644
--- a/src/server/jwt.ts
+++ b/src/server/jwt.ts
@@ -6,7 +6,7 @@ import {
   UserMeResponse,
   UserMeResponseSchema,
 } from "../core/ApiSchemas";
-import { ServerConfig } from "../core/configuration/Config";
+import { GameEnv, ServerConfig } from "../core/configuration/Config";
 import { PersistentIdSchema } from "../core/Schemas";
 
 type TokenVerificationResult =
@@ -22,7 +22,14 @@ export async function verifyClientToken(
   config: ServerConfig,
 ): Promise<TokenVerificationResult> {
   if (PersistentIdSchema.safeParse(token).success) {
-    return { type: "success", persistentId: token, claims: null };
+    if (config.env() === GameEnv.Dev) {
+      return { type: "success", persistentId: token, claims: null };
+    } else {
+      return {
+        type: "error",
+        message: "persistent ID not allowed in production",
+      };
+    }
   }
   try {
     const issuer = config.jwtIssuer();