fix double registration of auth middleware on data routes

app/src/auth/middlewares.ts

@@ -26,25 +26,28 @@ export const auth = (options?: {
    skip?: (string | RegExp)[];
 }) =>
    createMiddleware<ServerEnv>(async (c, next) => {
-      // make sure to only register once
-      if (c.get("auth_registered")) {
-         throw new Error(`auth middleware already registered for ${getPath(c)}`);
-      }
-      c.set("auth_registered", true);
-
       const app = c.get("app");
-      const skipped = shouldSkip(c, options?.skip) || !app?.module.auth.enabled;
       const guard = app?.modules.ctx().guard;
       const authenticator = app?.module.auth.authenticator;
 
-      if (!skipped) {
+      let skipped = shouldSkip(c, options?.skip) || !app?.module.auth.enabled;
-         const resolved = c.get("auth_resolved");
+
-         if (!resolved) {
+      // make sure to only register once
-            if (!app.module.auth.enabled) {
+      if (c.get("auth_registered")) {
-               guard?.setUserContext(undefined);
+         skipped = true;
-            } else {
+         console.warn(`auth middleware already registered for ${getPath(c)}`);
-               guard?.setUserContext(await authenticator?.resolveAuthFromRequest(c));
+      } else {
-               c.set("auth_resolved", true);
+         c.set("auth_registered", true);
+
+         if (!skipped) {
+            const resolved = c.get("auth_resolved");
+            if (!resolved) {
+               if (!app?.module.auth.enabled) {
+                  guard?.setUserContext(undefined);
+               } else {
+                  guard?.setUserContext(await authenticator?.resolveAuthFromRequest(c));
+                  c.set("auth_resolved", true);
+               }
             }
          }
       }

app/src/data/api/DataController.ts

@@ -70,7 +70,7 @@ export class DataController extends Controller {
 
    override getController() {
       const { permission, auth } = this.middlewares;
-      const hono = this.create().use(auth());
+      const hono = this.create().use(auth(), permission(SystemPermissions.accessApi));
 
       const definedEntities = this.em.entities.map((e) => e.name);
       const tbNumber = Type.Transform(Type.String({ pattern: "^[1-9][0-9]{0,}$" }))
@@ -85,8 +85,6 @@ export class DataController extends Controller {
          return func;
       }
 
-      hono.use("*", permission(SystemPermissions.accessApi));
-
       // info
       hono.get(
          "/",