chore: remove debug console.log in API authentication handler

[SUMMERxKx]

Remove stale console.log('shouldPreventAnonymousRead', ...) statement that runs on every unauthenticated API request in production, adding unnecessary noise to logs and bypassing the structured logging system.

Proposed changes (including videos or screenshots)

A debug console.log statement was left in the REST API authentication handler (apps/meteor/app/api/server/ApiClass.ts, line 838). This line:

console.log('shouldPreventAnonymousRead', shouldPreventAnonymousRead);

runs inside the _internalRouteActionHandler function on every unauthenticated API request, causing:

1. Log noise in production — prints to stdout on every anonymous/unauthenticated call
2. Bypasses structured logging — the project uses @rocket.chat/logger for all logging, but this uses raw console.log
3. Minor performance overhead — unnecessary I/O on a hot authentication path

This PR simply removes the single console.log line. No functional behavior is changed — the authentication logic (shouldPreventAnonymousRead, shouldPreventUserRead, and the api.unauthorized() response) remains exactly the same.

Issue(s)

Fixes #39231

Steps to test or reproduce

To reproduce the debug log:

1. Start a Rocket.Chat server
2. Make any unauthenticated API request, e.g.: curl http://localhost:3000/api/v1/channels.list
3. Observe shouldPreventAnonymousRead true printed to the server's stdout

To verify the fix:

1. Apply this PR
2. Repeat the same unauthenticated API request
3. Confirm the shouldPreventAnonymousRead message no longer appears in stdout
4. Confirm the API still correctly returns a 401 Unauthorized response

Further comments

This is a minimal, zero-risk change — 1 file changed, 1 line deleted. No functional logic is altered.

Summary by CodeRabbit

• Chores
  • Removed internal debug logging to improve code cleanliness.

Task: ARCH-2073

[dionisio-bot]

Looks like this PR is not ready to merge, because of the following issues:

• This PR is missing the 'stat: QA assured' label
• This PR is missing the required milestone or project

Please fix the issues and try again

If you have any trouble, please check the PR guidelines

[changeset-bot]

⚠️ No Changeset found

Latest commit: ad1ae0b

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Walkthrough

Removes a debug console.log statement from the API authentication handler in ApiClass.ts. The statement was outputting shouldPreventAnonymousRead during request processing. No functional behavior changes; the removal eliminates unnecessary debug noise from stdout.

Changes

Cohort / File(s)	Summary
Debug logging cleanup apps/meteor/app/api/server/ApiClass.ts	Removed leftover debug console.log statement that was logging the shouldPreventAnonymousRead variable during API request processing.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~1 minute

Suggested labels

type: chore, area: authentication

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Linked Issues check	✅ Passed	The PR fully addresses issue #39231 by removing the debug console.log('shouldPreventAnonymousRead', shouldPreventAnonymousRead) from _internalRouteActionHandler in ApiClass.ts as requested.
Out of Scope Changes check	✅ Passed	The PR contains only the single, scoped change of removing the debug console.log statement from ApiClass.ts, with no unrelated modifications.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Title check	✅ Passed	The title accurately describes the main change: removing a debug console.log statement from the API authentication handler. It is concise, specific, and directly related to the core purpose of the changeset.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

Tip

Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs).
Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cubic-dev-ai]

No issues found across 1 file

[ggazzo]

/jira ARCH-2021