middleware can only be added once

hws/middleware.go

@@ -10,11 +10,14 @@ type MiddlewareFunc func(w http.ResponseWriter, r *http.Request) (*http.Request,
 
 // Server.AddMiddleware registers all the middleware.
 // Middleware will be run in the order that they are provided.
+// Can only be called once
 func (server *Server) AddMiddleware(middleware ...Middleware) error {
 	if !server.routes {
 		return errors.New("Server.AddRoutes must be called before Server.AddMiddleware")
 	}
-
+	if server.middleware {
+		return errors.New("Server.AddMiddleware already called")
+	}
 	// RUN LOGGING MIDDLEWARE FIRST
 	server.server.Handler = logging(server.server.Handler, server.logger)
 

hwsauth/authenticate.go

@@ -2,6 +2,7 @@ package hwsauth
 
 import (
 	"net/http"
+	"reflect"
 	"time"
 
 	"git.haelnorr.com/h/golib/jwt"
@@ -45,6 +46,9 @@ func (auth *Authenticator[T, TX]) getAuthenticatedUser(
 	if err != nil {
 		return authenticatedModel[T]{}, errors.Wrap(err, "auth.load")
 	}
+	if reflect.ValueOf(model).IsNil() {
+		return authenticatedModel[T]{}, errors.New("no user matching JWT in database")
+	}
 	authUser := authenticatedModel[T]{
 		model: model,
 		fresh: aT.Fresh,

hwsauth/refreshtokens.go

@@ -2,6 +2,7 @@ package hwsauth
 
 import (
 	"net/http"
+	"reflect"
 
 	"git.haelnorr.com/h/golib/jwt"
 	"github.com/pkg/errors"
@@ -18,7 +19,9 @@ func (auth *Authenticator[T, TX]) refreshAuthTokens(
 	if err != nil {
 		return getNil[T](), errors.Wrap(err, "auth.load")
 	}
-
+	if reflect.ValueOf(model).IsNil() {
+		return getNil[T](), errors.New("no user matching JWT in database")
+	}
 	rememberMe := map[string]bool{
 		"session": false,
 		"exp":     true,