This change splits the /comment_page handler into separate GET and POST paths and wraps authentication behind a small conditional decorator helper. The practical effect is that viewing comments can stay public, while posting comments is protected when REQUIRE_LOGIN is enabled, instead of forcing auth for every request to the route. It also makes the request flow easier to reason about by isolating rendering from mutation logic. should_post: true