fixed auth middleware

app/__test__/auth/middleware.spec.ts

@@ -3,7 +3,7 @@ import { shouldSkipAuth } from "../../src/auth/middlewares";
 
 describe("auth middleware", () => {
    it("should skip auth on asset paths", () => {
-      expect(shouldSkipAuth({ req: new Request("http://localhost/assets/test.js") })).toBe(true);
-      expect(shouldSkipAuth({ req: new Request("http://localhost/") })).toBe(false);
+      expect(shouldSkipAuth(new Request("http://localhost/assets/test.js"))).toBe(true);
+      expect(shouldSkipAuth(new Request("http://localhost/"))).toBe(false);
    });
 });

app/src/auth/AppAuth.ts

@@ -276,6 +276,10 @@ export class AppAuth extends Module<typeof authConfigSchema> {
    }
 
    async createUser({ email, password, ...additional }: CreateUserPayload): Promise<DB["users"]> {
+      if (!this.enabled) {
+         throw new Error("Cannot create user, auth not enabled");
+      }
+
       const strategy = "password";
       const pw = this.authenticator.strategy(strategy) as PasswordStrategy;
       const strategy_value = await pw.hash(password);

app/src/auth/middlewares.ts

@@ -21,12 +21,16 @@ async function resolveAuth(app: ServerEnv["Variables"]["app"], c: Context<Server
    authenticator.requestCookieRefresh(c);
 }
 
-export function shouldSkipAuth(c: { req: Request }) {
-   return new URL(c.req.url).pathname.startsWith(config.server.assets_path);
+export function shouldSkipAuth(req: Request) {
+   const skip = new URL(req.url).pathname.startsWith(config.server.assets_path);
+   if (skip) {
+      //console.log("skip auth for", req.url);
+   }
+   return skip;
 }
 
 export const auth = createMiddleware<ServerEnv>(async (c, next) => {
-   if (!shouldSkipAuth) {
+   if (!shouldSkipAuth(c.req.raw)) {
       // make sure to only register once
       if (c.get("auth_registered")) {
          return;