diff --git a/app/package.json b/app/package.json
index 327e4b5..2a1ae80 100644
--- a/app/package.json
+++ b/app/package.json
@@ -3,7 +3,7 @@
   "type": "module",
   "sideEffects": false,
   "bin": "./dist/cli/index.js",
-  "version": "0.1.0",
+  "version": "0.1.1",
   "scripts": {
     "build:all": "bun run build && bun run build:cli",
     "dev": "vite",
diff --git a/app/src/auth/api/AuthController.ts b/app/src/auth/api/AuthController.ts
index bd4ef63..5b0de2d 100644
--- a/app/src/auth/api/AuthController.ts
+++ b/app/src/auth/api/AuthController.ts
@@ -1,5 +1,5 @@
 import type { AppAuth } from "auth";
-import type { ClassController } from "core";
+import { type ClassController, isDebug } from "core";
 import { Hono, type MiddlewareHandler } from "hono";
 
 export class AuthController implements ClassController {
@@ -10,8 +10,16 @@ export class AuthController implements ClassController {
    }
 
    getMiddleware: MiddlewareHandler = async (c, next) => {
-      const user = await this.auth.authenticator.resolveAuthFromRequest(c);
-      this.auth.ctx.guard.setUserContext(user);
+      // @todo: ONLY HOTFIX
+      const url = new URL(c.req.url);
+      const last = url.pathname.split("/")?.pop();
+      const ext = last?.includes(".") ? last.split(".")?.pop() : undefined;
+      if (ext) {
+         isDebug() && console.log("Skipping auth", { ext }, url.pathname);
+      } else {
+         const user = await this.auth.authenticator.resolveAuthFromRequest(c);
+         this.auth.ctx.guard.setUserContext(user);
+      }
 
       await next();
    };
diff --git a/app/src/auth/authenticate/Authenticator.ts b/app/src/auth/authenticate/Authenticator.ts
index 082cd1c..1955643 100644
--- a/app/src/auth/authenticate/Authenticator.ts
+++ b/app/src/auth/authenticate/Authenticator.ts
@@ -228,9 +228,9 @@ export class Authenticator<Strategies extends Record<string, Strategy> = Record<
 
    async requestCookieRefresh(c: Context) {
       if (this.config.cookie.renew) {
-         console.log("renewing cookie", c.req.url);
          const token = await this.getAuthCookie(c);
          if (token) {
+            console.log("renewing cookie", c.req.url);
             await this.setAuthCookie(c, token);
          }
       }