🐛 fix: allow authenticated users to bypass privacy shield

DevaOnBreaches · DevaOnBreaches · commit b55556f35cc8 · 2026-03-31T05:42:24.000+05:30
diff --git a/api/v1/breaches.py b/api/v1/breaches.py
@@ -309,7 +309,7 @@ async def search_data_breaches(
         alert_record = datastore_client.get(alert_key)
 
         # Always check shieldOn first (privacy - can't cache this)
-        if alert_record and alert_record.get("shieldOn", False):
+        if alert_record and alert_record.get("shieldOn", False) and not token:
             raise HTTPException(status_code=404, detail="Not found")
 
         # Validate token if provided
