From 8b2da08ec10bec170f480dad25ccccbae36876b4 Mon Sep 17 00:00:00 2001
From: yusing <yusing.wys@gmail.com>
Date: Sat, 14 Feb 2026 19:54:00 +0800
Subject: [PATCH] fix(oidc): allow requests to proceed when OIDC is not enabled

fix(oidc): ignore OIDC middleware when OIDC is not enabled

The OIDC middleware now gracefully handles the case when OIDC is not enabled by:
- Returning early in the before() hook when IsOIDCEnabled() is false
- Logging an error instead of returning an error in finalize() when OIDC is not configured
---
 internal/net/gphttp/middleware/oidc.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/internal/net/gphttp/middleware/oidc.go b/internal/net/gphttp/middleware/oidc.go
index 0b7c20a7..f0e7c115 100644
--- a/internal/net/gphttp/middleware/oidc.go
+++ b/internal/net/gphttp/middleware/oidc.go
@@ -7,6 +7,7 @@ import (
 	"sync"
 	"sync/atomic"
 
+	"github.com/rs/zerolog/log"
 	"github.com/yusing/godoxy/internal/auth"
 	"github.com/yusing/goutils/http/httpheaders"
 )
@@ -28,7 +29,7 @@ var OIDC = NewMiddleware[oidcMiddleware]()
 
 func (amw *oidcMiddleware) finalize() error {
 	if !auth.IsOIDCEnabled() {
-		return errors.New("OIDC not enabled but OIDC middleware is used")
+		log.Error().Msg("OIDC not enabled but OIDC middleware is used")
 	}
 	return nil
 }
@@ -97,6 +98,10 @@ func (amw *oidcMiddleware) initSlow() error {
 }
 
 func (amw *oidcMiddleware) before(w http.ResponseWriter, r *http.Request) (proceed bool) {
+	if !auth.IsOIDCEnabled() {
+		return true
+	}
+
 	if err := amw.init(); err != nil {
 		// no need to log here, main OIDC should've already failed and logged
 		http.Error(w, err.Error(), http.StatusInternalServerError)