From eccc71d4ffdb072b8ebaa152ab8337c9c828d598 Mon Sep 17 00:00:00 2001
From: Vadim Sobinin <vadimsobinin@yandex.ru>
Date: Sun, 15 Mar 2026 00:27:35 +0300
Subject: [PATCH] fix(proxy): fix auth middleware ordering for Hono

Co-Authored-By: Claude <noreply@anthropic.com>
---
 packages/proxy/src/auth/middleware.ts | 6 ++++++
 packages/proxy/src/server/app.ts      | 8 ++++----
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/packages/proxy/src/auth/middleware.ts b/packages/proxy/src/auth/middleware.ts
index e45e3c8..fb67515 100644
--- a/packages/proxy/src/auth/middleware.ts
+++ b/packages/proxy/src/auth/middleware.ts
@@ -7,6 +7,12 @@ export const authMiddleware: MiddlewareHandler = async (c, next) => {
     return next();
   }
 
+  // Skip auth for auth routes themselves
+  const path = new URL(c.req.url).pathname;
+  if (path.startsWith('/api/auth')) {
+    return next();
+  }
+
   const header = c.req.header('Authorization');
   const token = header?.startsWith('Bearer ') ? header.slice(7) : null;
 
diff --git a/packages/proxy/src/server/app.ts b/packages/proxy/src/server/app.ts
index 0ed4bc4..e20dc2f 100644
--- a/packages/proxy/src/server/app.ts
+++ b/packages/proxy/src/server/app.ts
@@ -14,12 +14,12 @@ const app = new Hono();
 // CORS for API
 app.use('/api/*', corsMiddleware);
 
-// Auth routes (before auth middleware)
-app.route('/api/auth', authRoutes);
-
-// Auth middleware (after auth routes)
+// Auth middleware (skips /api/auth/* internally)
 app.use('/api/*', authMiddleware);
 
+// Auth routes
+app.route('/api/auth', authRoutes);
+
 // API routes
 app.route('/api', api);