fix double registration of auth middleware on data routes

2026-03-16 04:27:21 +00:00 · 2025-01-16 15:45:29 +01:00
parent 26a5fd8b34
commit 8226b644ae
2 changed files with 19 additions and 18 deletions
--- a/app/src/auth/middlewares.ts
+++ b/app/src/auth/middlewares.ts
@@ -26,25 +26,28 @@ export const auth = (options?: {
   skip?: (string | RegExp)[];
 }) =>
   createMiddleware<ServerEnv>(async (c, next) => {
-      // make sure to only register once
-      if (c.get("auth_registered")) {
-         throw new Error(`auth middleware already registered for ${getPath(c)}`);
-      }
-      c.set("auth_registered", true);
-
      const app = c.get("app");
-      const skipped = shouldSkip(c, options?.skip) || !app?.module.auth.enabled;
      const guard = app?.modules.ctx().guard;
      const authenticator = app?.module.auth.authenticator;

-      if (!skipped) {
-         const resolved = c.get("auth_resolved");
-         if (!resolved) {
-            if (!app.module.auth.enabled) {
-               guard?.setUserContext(undefined);
-            } else {
-               guard?.setUserContext(await authenticator?.resolveAuthFromRequest(c));
-               c.set("auth_resolved", true);
+      let skipped = shouldSkip(c, options?.skip) || !app?.module.auth.enabled;
+
+      // make sure to only register once
+      if (c.get("auth_registered")) {
+         skipped = true;
+         console.warn(`auth middleware already registered for ${getPath(c)}`);
+      } else {
+         c.set("auth_registered", true);
+
+         if (!skipped) {
+            const resolved = c.get("auth_resolved");
+            if (!resolved) {
+               if (!app?.module.auth.enabled) {
+                  guard?.setUserContext(undefined);
+               } else {
+                  guard?.setUserContext(await authenticator?.resolveAuthFromRequest(c));
+                  c.set("auth_resolved", true);
+               }
            }
         }
      }
--- a/app/src/data/api/DataController.ts
+++ b/app/src/data/api/DataController.ts
@@ -70,7 +70,7 @@ export class DataController extends Controller {

   override getController() {
      const { permission, auth } = this.middlewares;
-      const hono = this.create().use(auth());
+      const hono = this.create().use(auth(), permission(SystemPermissions.accessApi));

      const definedEntities = this.em.entities.map((e) => e.name);
      const tbNumber = Type.Transform(Type.String({ pattern: "^[1-9][0-9]{0,}$" }))
@@ -85,8 +85,6 @@ export class DataController extends Controller {
         return func;
      }

-      hono.use("*", permission(SystemPermissions.accessApi));
-
      // info
      hono.get(
         "/",