diff --git a/server/src/routes/synology.ts b/server/src/routes/synology.ts
index 7dd44d8..c01e49e 100644
--- a/server/src/routes/synology.ts
+++ b/server/src/routes/synology.ts
@@ -12,7 +12,6 @@ import {
     searchSynologyPhotos,
     getSynologyAssetInfo,
     pipeSynologyProxy,
-    synologyAuthFromQuery,
     getSynologyTargetUserId,
     streamSynologyAsset,
     handleSynologyError,
@@ -133,7 +132,7 @@ router.get('/assets/:photoId/info', authenticate, async (req: Request, res: Resp
     }
 });
 
-router.get('/assets/:photoId/thumbnail', synologyAuthFromQuery, async (req: Request, res: Response) => {
+router.get('/assets/:photoId/thumbnail', authenticate, async (req: Request, res: Response) => {
     const authReq = req as AuthRequest;
     const { photoId } = req.params;
     const { size = 'sm' } = req.query;
@@ -149,7 +148,7 @@ router.get('/assets/:photoId/thumbnail', synologyAuthFromQuery, async (req: Requ
     }
 });
 
-router.get('/assets/:photoId/original', synologyAuthFromQuery, async (req: Request, res: Response) => {
+router.get('/assets/:photoId/original', authenticate, async (req: Request, res: Response) => {
     const authReq = req as AuthRequest;
     const { photoId } = req.params;
 
diff --git a/server/src/services/synologyService.ts b/server/src/services/synologyService.ts
index 7b3182e..646c592 100644
--- a/server/src/services/synologyService.ts
+++ b/server/src/services/synologyService.ts
@@ -270,19 +270,6 @@ function normalizeSynologyPhotoInfo(item: SynologyPhotoItem): SynologyPhotoInfo
     };
 }
 
-export function synologyAuthFromQuery(req: Request, res: ExpressResponse, next: NextFunction) {
-    const queryToken = req.query.token as string | undefined;
-    if (queryToken) {
-        const userId = consumeEphemeralToken(queryToken, SYNOLOGY_PROVIDER);
-        if (!userId) return res.status(401).send('Invalid or expired token');
-        const user = db.prepare('SELECT id, username, email, role, mfa_enabled FROM users WHERE id = ?').get(userId) as any;
-        if (!user) return res.status(401).send('User not found');
-        (req as AuthRequest).user = user;
-        return next();
-    }
-    return (authenticate as any)(req, res, next);
-}
-
 export function getSynologyTargetUserId(req: Request): number {
     const { userId } = req.query;
     return Number(userId);