Hi,
I successfully extend Strapi v4’s user permissions plugin to intergrate refresh token and httOnly cookies, and am trying to do so in the newest version. Unfortunately, it seems that my middleware is never called.
Here is my strapi-server.ts file:
import { callback, logout, refreshToken, update } from './controller'
import { getCookies } from './middleware'
import customRoutes from './routes'
export default plugin => {
strapi.log.info('Included JWT token in httpOnly cookies')
plugin.middlewares = {
...plugin.middlewares,
getCookies,
}
plugin.controllers.auth = {
...plugin.controllers.auth,
callback,
refreshToken,
logout,
update,
}
plugin.routes['content-api'].routes.push(...customRoutes)
return plugin
}
Here is the content of middleware.ts:
'use strict'
const { CookieName } = require('./config')
export function getCookies() {
console.log('henlo') // <-- this never gets called
return async (ctx, next) => {
if (ctx.request.url.startsWith('/api')) {
const accessToken = ctx.cookies.get(CookieName.ACCESS_TOKEN)
if (accessToken) {
ctx.request.headers.authorization = `Bearer ${accessToken}`
}
}
await next()
}
}
Have I missed something ? This v5 is still pretty new to me. Excellent job on the rest though 
This topic has been created from a Discord post (1262538318340558940) to give it more visibility.
It will be on Read-Only mode here.
Join the conversation on Discord