From 505c324c268f845e6dd431e9f0fe426be1b427d8 Mon Sep 17 00:00:00 2001
From: DecDuck <declanahofmeyr@gmail.com>
Date: Sun, 21 Jun 2026 17:01:37 +1000
Subject: [PATCH] Fix #414

---
 server/composables/user.ts               | 7 ++++++-
 server/middleware/require-user.global.ts | 3 +--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/server/composables/user.ts b/server/composables/user.ts
index c29b0694..463640dd 100644
--- a/server/composables/user.ts
+++ b/server/composables/user.ts
@@ -9,7 +9,12 @@ export const updateUser = async () => {
   const user = useUser();
   if (user.value === null) return;
 
-  user.value = await $dropFetch<UserModel | null>("/api/v1/user");
+  user.value = await $dropFetch<UserModel | null>("/api/v1/user", {
+    // Forward headers manually when called outside a component
+    headers: import.meta.server
+      ? useRequestHeaders(["cookie", "authorization"])
+      : undefined,
+  });
 };
 
 export async function completeSignin() {
diff --git a/server/middleware/require-user.global.ts b/server/middleware/require-user.global.ts
index 93084d32..87fba8c9 100644
--- a/server/middleware/require-user.global.ts
+++ b/server/middleware/require-user.global.ts
@@ -2,14 +2,13 @@ const whitelistedPrefixes = ["/auth", "/api", "/setup"];
 const requireAdmin = ["/admin"];
 
 export default defineNuxtRouteMiddleware(async (to, _from) => {
-  if (import.meta.server) return;
   const error = useError();
   if (error.value !== undefined) return;
   if (whitelistedPrefixes.findIndex((e) => to.fullPath.startsWith(e)) != -1)
     return;
 
   const user = useUser();
-  if (user === undefined) {
+  if (user.value === undefined) {
     await updateUser();
   }
   if (!user.value) {