fix(core): Skip auth for controllers/routes that don't use the Authorized decorator, or use Authorized('none') (#6106)

packages/cli/src/decorators/registerController.ts

@@ -32,6 +32,11 @@ export const createAuthMiddleware =
 		res.status(403).json({ status: 'error', message: 'Unauthorized' });
 	};
 
+const authFreeRoutes: string[] = [];
+
+export const canSkipAuth = (method: string, path: string): boolean =>
+	authFreeRoutes.includes(`${method.toLowerCase()} ${path}`);
+
 export const registerController = (app: Application, config: Config, controller: object) => {
 	const controllerClass = controller.constructor;
 	const controllerBasePath = Reflect.getMetadata(CONTROLLER_BASE_PATH, controllerClass) as
@@ -69,6 +74,7 @@ export const registerController = (app: Application, config: Config, controller:
 					(controller as Controller)[handlerName](req, res),
 				),
 			);
+			if (!authRole || authRole === 'none') authFreeRoutes.push(`${method} ${prefix}${path}`);
 		});
 
 		app.use(prefix, router);