From ffa2631e9ce1d0d47f140b2430a8fb2f51b9f2b3 Mon Sep 17 00:00:00 2001
From: Christian Walker <christiandwalker2021@gmail.com>
Date: Fri, 24 Apr 2026 13:42:24 -0400
Subject: [PATCH 1/2] Lowkey I think this is fine

---
 apps/api/src/lib/functions/middleware.ts | 21 ++++++++++++---------
 packages/shared/constants.ts             |  3 ++-
 2 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/apps/api/src/lib/functions/middleware.ts b/apps/api/src/lib/functions/middleware.ts
index d3a0e55..b91c5f8 100644
--- a/apps/api/src/lib/functions/middleware.ts
+++ b/apps/api/src/lib/functions/middleware.ts
@@ -3,9 +3,8 @@ import { auth } from "../auth";
 import { logInfo } from "./database";
 import { nanoid } from "nanoid";
 import type { ApiContext } from "../types";
-import { API_ERROR_MESSAGES } from "shared";
+import { API_ERROR_MESSAGES, API_MIDDLEWARE_PUBLIC_ROUTES } from "shared";
 
-export const MIDDLEWARE_PUBLIC_ROUTES = ["/health", "/api/auth"];
 /**
  * Middleware to set user and session context for each request. This middleware checks the authentication status of the incoming request, retrieves the user session if it exists, and sets relevant information in the context for downstream handlers to use. It also logs the request path and authentication status for monitoring purposes.
  * @param c - The Hono context object
@@ -26,11 +25,12 @@ export async function setUserSessionContextMiddleware(c: Context, next: Next) {
 		c.set("user", null);
 		c.set("session", null);
 		c.set("teamId", null);
-		return next();
 	}
-
-	c.set("user", session.user);
-	c.set("session", session.session);
+	else{
+		c.set("user", session.user);
+		c.set("session", session.session);
+	}
+	
 	await next();
 }
 
@@ -40,9 +40,12 @@ export async function setUserSessionContextMiddleware(c: Context, next: Next) {
  * @param next - The next middleware function in the chain
  */
 export async function authenticatedMiddleware(c: ApiContext, next: Next) {
-	const isPublicRoute = MIDDLEWARE_PUBLIC_ROUTES.some((route) =>
-		c.req.path.startsWith(route),
-	);
+	const isPublicRoute = API_MIDDLEWARE_PUBLIC_ROUTES.some((route) => {
+		if (route instanceof RegExp) {
+			return route.test(c.req.path);
+		}
+		return c.req.path.startsWith(route);
+	});
 	if (isPublicRoute) {
 		return next();
 	}
diff --git a/packages/shared/constants.ts b/packages/shared/constants.ts
index 4d065f3..f49f9a4 100644
--- a/packages/shared/constants.ts
+++ b/packages/shared/constants.ts
@@ -55,7 +55,8 @@ export const AUTH_CONFIG = {
 	},
 };
 
-export const PUBLIC_ROUTES = ["/", "/sign-in", "/sign-up", "/forgot-password"];
+export const PUBLIC_ROUTES = ["/", /^\/sign-in/, /^\/sign-up/, /^\/forgot-password/];
+export const API_MIDDLEWARE_PUBLIC_ROUTES = [/^\/health/, /^\/api\/auth/];
 
 export const THEME_CONFIG = {
 	accessKey: "fallback-theme",

From 6510038fe0f7ff82acaadae4546ea5a0bf0bb677 Mon Sep 17 00:00:00 2001
From: Christian Walker <christiandwalker2021@gmail.com>
Date: Fri, 24 Apr 2026 18:36:02 -0400
Subject: [PATCH 2/2] Whoops that was wrong

---
 apps/api/src/lib/functions/middleware.ts |  5 ++---
 apps/web/src/lib/functions/auth.ts       |  7 ++++++-
 packages/shared/constants.ts             | 13 +++++++++++--
 3 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/apps/api/src/lib/functions/middleware.ts b/apps/api/src/lib/functions/middleware.ts
index b91c5f8..e5764db 100644
--- a/apps/api/src/lib/functions/middleware.ts
+++ b/apps/api/src/lib/functions/middleware.ts
@@ -25,12 +25,11 @@ export async function setUserSessionContextMiddleware(c: Context, next: Next) {
 		c.set("user", null);
 		c.set("session", null);
 		c.set("teamId", null);
-	}
-	else{
+	} else {
 		c.set("user", session.user);
 		c.set("session", session.session);
 	}
-	
+
 	await next();
 }
 
diff --git a/apps/web/src/lib/functions/auth.ts b/apps/web/src/lib/functions/auth.ts
index 713c69d..bb3d31c 100644
--- a/apps/web/src/lib/functions/auth.ts
+++ b/apps/web/src/lib/functions/auth.ts
@@ -8,7 +8,12 @@ import { redirect } from "@tanstack/react-router";
  * @returns True if the pathname is a public route, false otherwise
  */
 export function isPublicRoute(pathname: string) {
-	return PUBLIC_ROUTES.includes(pathname);
+	return PUBLIC_ROUTES.some((route) => {
+		if (route instanceof RegExp) {
+			return route.test(pathname);
+		}
+		return pathname === route;
+	});
 }
 
 /**
diff --git a/packages/shared/constants.ts b/packages/shared/constants.ts
index f49f9a4..f4dda17 100644
--- a/packages/shared/constants.ts
+++ b/packages/shared/constants.ts
@@ -55,8 +55,17 @@ export const AUTH_CONFIG = {
 	},
 };
 
-export const PUBLIC_ROUTES = ["/", /^\/sign-in/, /^\/sign-up/, /^\/forgot-password/];
-export const API_MIDDLEWARE_PUBLIC_ROUTES = [/^\/health/, /^\/api\/auth/];
+export const PUBLIC_ROUTES = [
+	/^\/sign-in(\/.*)?$/,
+	/^\/sign-up(\/.*)?$/,
+	/^\/forgot-password(\/.*)?$/,
+	"/",
+];
+
+export const API_MIDDLEWARE_PUBLIC_ROUTES = [
+	/^\/health/,
+	/^\/api\/auth(\/.*)?$/,
+];
 
 export const THEME_CONFIG = {
 	accessKey: "fallback-theme",