From 71ce2c63fb8b256da111ee114493571ec51142fa Mon Sep 17 00:00:00 2001
From: jackiettran <41605212+jackiettran@users.noreply.github.com>
Date: Thu, 30 Oct 2025 16:16:27 -0400
Subject: [PATCH] alpha testing feature flag

---
 backend/middleware/alphaAccess.js |  5 +++
 backend/routes/alpha.js           |  5 +++
 backend/routes/auth.js            | 64 ++++++++++++++++---------------
 frontend/src/App.tsx              |  7 ++++
 4 files changed, 51 insertions(+), 30 deletions(-)

diff --git a/backend/middleware/alphaAccess.js b/backend/middleware/alphaAccess.js
index eca546a..d13f257 100644
--- a/backend/middleware/alphaAccess.js
+++ b/backend/middleware/alphaAccess.js
@@ -7,6 +7,11 @@ const logger = require("../utils/logger");
  */
 const requireAlphaAccess = async (req, res, next) => {
   try {
+    // Bypass alpha access check if feature is disabled
+    if (process.env.ALPHA_TESTING_ENABLED !== 'true') {
+      return next();
+    }
+
     let hasAccess = false;
 
     // Check 1: Valid alpha access cookie
diff --git a/backend/routes/alpha.js b/backend/routes/alpha.js
index 20ccce9..b2d7315 100644
--- a/backend/routes/alpha.js
+++ b/backend/routes/alpha.js
@@ -8,6 +8,11 @@ const router = express.Router();
 
 // Helper function to check if user has alpha access
 async function checkAlphaAccess(req) {
+  // Bypass alpha access check if feature is disabled
+  if (process.env.ALPHA_TESTING_ENABLED !== 'true') {
+    return true;
+  }
+
   // Check 1: Valid alpha access cookie
   if (req.cookies && req.cookies.alphaAccessCode) {
     const { code } = req.cookies.alphaAccessCode;
diff --git a/backend/routes/auth.js b/backend/routes/auth.js
index 8322124..62c53fd 100644
--- a/backend/routes/auth.js
+++ b/backend/routes/auth.js
@@ -66,31 +66,33 @@ router.post(
 
       // Alpha access validation
       let alphaInvitation = null;
-      if (req.signedCookies && req.signedCookies.alphaAccessCode) {
-        const { code } = req.signedCookies.alphaAccessCode;
-        if (code) {
-          alphaInvitation = await AlphaInvitation.findOne({
-            where: { code },
-          });
-
-          if (!alphaInvitation) {
-            return res.status(403).json({
-              error: "Invalid alpha access code",
+      if (process.env.ALPHA_TESTING_ENABLED === 'true') {
+        if (req.cookies && req.cookies.alphaAccessCode) {
+          const { code } = req.cookies.alphaAccessCode;
+          if (code) {
+            alphaInvitation = await AlphaInvitation.findOne({
+              where: { code },
             });
-          }
 
-          if (alphaInvitation.status === "revoked") {
-            return res.status(403).json({
-              error: "This alpha access code is no longer valid",
-            });
+            if (!alphaInvitation) {
+              return res.status(403).json({
+                error: "Invalid alpha access code",
+              });
+            }
+
+            if (alphaInvitation.status === "revoked") {
+              return res.status(403).json({
+                error: "This alpha access code is no longer valid",
+              });
+            }
           }
         }
-      }
 
-      if (!alphaInvitation) {
-        return res.status(403).json({
-          error: "Alpha access required. Please enter your invitation code first.",
-        });
+        if (!alphaInvitation) {
+          return res.status(403).json({
+            error: "Alpha access required. Please enter your invitation code first.",
+          });
+        }
       }
 
       const user = await User.create({
@@ -356,17 +358,19 @@ router.post(
         });
 
         // Check if there's an alpha invitation for this email
-        const alphaInvitation = await AlphaInvitation.findOne({
-          where: { email: email.toLowerCase().trim() },
-        });
-
-        if (alphaInvitation && !alphaInvitation.usedBy) {
-          // Link invitation to new user
-          await alphaInvitation.update({
-            usedBy: user.id,
-            usedAt: new Date(),
-            status: "active",
+        if (process.env.ALPHA_TESTING_ENABLED === 'true') {
+          const alphaInvitation = await AlphaInvitation.findOne({
+            where: { email: email.toLowerCase().trim() },
           });
+
+          if (alphaInvitation && !alphaInvitation.usedBy) {
+            // Link invitation to new user
+            await alphaInvitation.update({
+              usedBy: user.id,
+              usedAt: new Date(),
+              status: "active",
+            });
+          }
         }
       }
 
diff --git a/frontend/src/App.tsx b/frontend/src/App.tsx
index 6c2fd22..7db69f2 100644
--- a/frontend/src/App.tsx
+++ b/frontend/src/App.tsx
@@ -38,6 +38,13 @@ const AppContent: React.FC = () => {
 
   useEffect(() => {
     const checkAlphaAccess = async () => {
+      // Bypass alpha access check if feature is disabled
+      if (process.env.REACT_APP_ALPHA_TESTING_ENABLED !== 'true') {
+        setHasAlphaAccess(true);
+        setCheckingAccess(false);
+        return;
+      }
+
       try {
         const response = await axios.get(`${API_URL}/alpha/verify-session`, {
           withCredentials: true,