chore(core): add dev feature guard to SSO endpoints (#4971)

* chore(core): guard sso api

guard sso api

* chore(core): guard sso interaction api

guard sso interaction api

packages/core/src/routes/interaction/single-sign-on.ts

@@ -3,6 +3,7 @@ import type Router from 'koa-router';
 import { type IRouterParamContext } from 'koa-router';
 import { z } from 'zod';
 
+import { EnvSet } from '#src/env-set/index.js';
 import RequestError from '#src/errors/RequestError/index.js';
 import { assignInteractionResults } from '#src/libraries/session.js';
 import { type WithLogContext } from '#src/middleware/koa-audit-log.js';
@@ -28,6 +29,11 @@ export default function singleSignOnRoutes<T extends IRouterParamContext>(
   router: Router<unknown, WithInteractionDetailsContext<WithLogContext<T>>>,
   tenant: TenantContext
 ) {
+  // FIXME: @simeng-li should remove this check after the feature is enabled in production
+  if (!EnvSet.values.isDevFeaturesEnabled) {
+    return;
+  }
+
   const { provider, libraries, queries } = tenant;
 
   const { ssoConnectors: ssoConnectorsLibrary } = libraries;

packages/core/src/routes/sso-connector/index.ts

@@ -8,6 +8,7 @@ import { generateStandardShortId } from '@logto/shared';
 import { conditional, assert } from '@silverhand/essentials';
 import { z } from 'zod';
 
+import { EnvSet } from '#src/env-set/index.js';
 import RequestError from '#src/errors/RequestError/index.js';
 import koaGuard from '#src/middleware/koa-guard.js';
 import koaPagination from '#src/middleware/koa-pagination.js';
@@ -26,6 +27,11 @@ import {
 } from './utils.js';
 
 export default function singleSignOnRoutes<T extends AuthedRouter>(...args: RouterInitArgs<T>) {
+  // FIXME: @simeng-li should remove this check after the feature is enabled in production
+  if (!EnvSet.values.isDevFeaturesEnabled) {
+    return;
+  }
+
   const [
     router,
     {