[#5800] skip default loadAuthToken middleware if e.Auth is already set

2025-03-20 06:21:06 +02:00 · 2024-11-05 09:06:18 +02:00 · 2024-11-05 09:06:18 +02:00 · 4f67dba6cb
commit 4f67dba6cb
parent 47354f5aa9
2 changed files with 10 additions and 1 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -5,6 +5,8 @@

 - Fixed JSVM types errors ([#5797](https://github.com/pocketbase/pocketbase/issues/5797)).

+- Skip default `loadAuthToken` middleware if `e.Auth` is already loaded ([#5800](https://github.com/pocketbase/pocketbase/discussions/5800)).
+

 ## v0.23.0-rc10

--- a/apis/middlewares.go
+++ b/apis/middlewares.go
@ -196,7 +196,9 @@ func RequireSameCollectionContextAuth(collectionPathParam string) *hook.Handler[

 // loadAuthToken attempts to load the auth context based on the "Authorization: TOKEN" header value.
 //
-// This middleware does nothing in case of missing, invalid or expired token.
+// This middleware does nothing in case of:
+//   - missing, invalid or expired token
+//   - e.Auth is already loaded by another middleware
 //
 // This middleware is registered by default for all routes.
 //
@ -207,6 +209,11 @@ func loadAuthToken() *hook.Handler[*core.RequestEvent] {
 		Id:       DefaultLoadAuthTokenMiddlewareId,
 		Priority: DefaultLoadAuthTokenMiddlewarePriority,
 		Func: func(e *core.RequestEvent) error {
+			// already loaded by another middleware
+			if e.Auth != nil {
+				return e.Next()
+			}
+
 			token := getAuthTokenFromRequest(e)
 			if token == "" {
 				return e.Next()