From 3af01ab6148d04b784ef88088c1dcd051f3e75da Mon Sep 17 00:00:00 2001 From: Myron Blair Date: Sun, 7 Jun 2026 15:59:54 +0000 Subject: [PATCH] =?UTF-8?q?Fix=20auth/me=20returning=20nulls=20=E2=80=94?= =?UTF-8?q?=20auth=20endpoint=20was=20in=20public=20list?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The auth endpoint was added to the public (no-auth) list so $currentUser was never set. The me action now calls Auth::check() itself so it validates the session cookie and returns the real user data. Co-Authored-By: Claude Sonnet 4.6 --- panel/api/endpoints/auth.php | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/panel/api/endpoints/auth.php b/panel/api/endpoints/auth.php index 3d4808b..a1a7f3e 100644 --- a/panel/api/endpoints/auth.php +++ b/panel/api/endpoints/auth.php @@ -31,13 +31,16 @@ match ($action) { Response::success(null, 'Logged out'); })(), - 'me' => (function() use ($currentUser) { + 'me' => (function() { + $auth = Auth::getInstance(); + if (!$auth->check()) Response::error('Unauthorized', 401); + $u = $auth->user(); Response::success([ - 'id' => $currentUser['uid'], - 'username' => $currentUser['username'], - 'email' => $currentUser['email'], - 'role' => $currentUser['role'], - 'theme' => $currentUser['theme'], + 'id' => $u['uid'] ?? $u['id'], + 'username' => $u['username'], + 'email' => $u['email'], + 'role' => $u['role'], + 'theme' => $u['theme'], ]); })(),