From 4f67dba6cbea3187ed77bfed259d19055a3f5db4 Mon Sep 17 00:00:00 2001
From: Gani Georgiev <gani.georgiev@gmail.com>
Date: Tue, 5 Nov 2024 09:06:18 +0200
Subject: [PATCH] [#5800] skip default loadAuthToken middleware if e.Auth is
 already set

---
 CHANGELOG.md        | 2 ++
 apis/middlewares.go | 9 ++++++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a4736fe0..bb734b7c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,8 @@
 
 - Fixed JSVM types errors ([#5797](https://github.com/pocketbase/pocketbase/issues/5797)).
 
+- Skip default `loadAuthToken` middleware if `e.Auth` is already loaded ([#5800](https://github.com/pocketbase/pocketbase/discussions/5800)).
+
 
 ## v0.23.0-rc10
 
diff --git a/apis/middlewares.go b/apis/middlewares.go
index ca18902a..f8fac9b5 100644
--- a/apis/middlewares.go
+++ b/apis/middlewares.go
@@ -196,7 +196,9 @@ func RequireSameCollectionContextAuth(collectionPathParam string) *hook.Handler[
 
 // loadAuthToken attempts to load the auth context based on the "Authorization: TOKEN" header value.
 //
-// This middleware does nothing in case of missing, invalid or expired token.
+// This middleware does nothing in case of:
+//   - missing, invalid or expired token
+//   - e.Auth is already loaded by another middleware
 //
 // This middleware is registered by default for all routes.
 //
@@ -207,6 +209,11 @@ func loadAuthToken() *hook.Handler[*core.RequestEvent] {
 		Id:       DefaultLoadAuthTokenMiddlewareId,
 		Priority: DefaultLoadAuthTokenMiddlewarePriority,
 		Func: func(e *core.RequestEvent) error {
+			// already loaded by another middleware
+			if e.Auth != nil {
+				return e.Next()
+			}
+
 			token := getAuthTokenFromRequest(e)
 			if token == "" {
 				return e.Next()