fix double registration of auth middleware on data routes

2026-03-17 21:06:04 +00:00 · 2025-01-16 15:45:29 +01:00
parent 26a5fd8b34
commit 8226b644ae
2 changed files with 19 additions and 18 deletions
--- a/app/src/auth/middlewares.ts
+++ b/app/src/auth/middlewares.ts
@@ -26,21 +26,23 @@ export const auth = (options?: {
   skip?: (string | RegExp)[];
 }) =>
   createMiddleware<ServerEnv>(async (c, next) => {
      // make sure to only register once
      if (c.get("auth_registered")) {
         throw new Error(`auth middleware already registered for ${getPath(c)}`);
      }
      c.set("auth_registered", true);
      const app = c.get("app");
      const skipped = shouldSkip(c, options?.skip) || !app?.module.auth.enabled;
      const guard = app?.modules.ctx().guard;
      const authenticator = app?.module.auth.authenticator;
      let skipped = shouldSkip(c, options?.skip) || !app?.module.auth.enabled;
      // make sure to only register once
      if (c.get("auth_registered")) {
         skipped = true;
         console.warn(`auth middleware already registered for ${getPath(c)}`);
      } else {
         c.set("auth_registered", true);
         if (!skipped) {
            const resolved = c.get("auth_resolved");
            if (!resolved) {
-            if (!app.module.auth.enabled) {
+               if (!app?.module.auth.enabled) {
                  guard?.setUserContext(undefined);
               } else {
                  guard?.setUserContext(await authenticator?.resolveAuthFromRequest(c));
@@ -48,6 +50,7 @@ export const auth = (options?: {
               }
            }
         }
      }
      await next();
--- a/app/src/data/api/DataController.ts
+++ b/app/src/data/api/DataController.ts
@@ -70,7 +70,7 @@ export class DataController extends Controller {
   override getController() {
      const { permission, auth } = this.middlewares;
-      const hono = this.create().use(auth());
+      const hono = this.create().use(auth(), permission(SystemPermissions.accessApi));
      const definedEntities = this.em.entities.map((e) => e.name);
      const tbNumber = Type.Transform(Type.String({ pattern: "^[1-9][0-9]{0,}$" }))
@@ -85,8 +85,6 @@ export class DataController extends Controller {
         return func;
      }
      hono.use("*", permission(SystemPermissions.accessApi));
      // info
      hono.get(
         "/",