1 files changed, 7 insertions, 6 deletions

diff --git a/src/middlewares/Authentication.ts b/src/middlewares/Authentication.ts

index 630a45ff..4b0f2b38 100644
--- a/src/middlewares/Authentication.ts
+++ b/src/middlewares/Authentication.ts
@@ -3,11 +3,12 @@ import { HTTPError } from "lambert-server";
 import { checkToken, Config } from "@fosscord/server-util";
 
 export const NO_AUTHORIZATION_ROUTES = [
-	"/api/v8/auth/login",
-	"/api/v8/auth/register",
-	"/api/v8/webhooks/",
-	"/api/v8/gateway",
-	"/api/v8/experiments"
+	/^\/api(\/v\d+)?\/auth\/login/,
+	/^\/api(\/v\d+)?\/auth\/register/,
+	/^\/api(\/v\d+)?\/webhooks\//,
+	/^\/api(\/v\d+)?\/gateway/,
+	/^\/api(\/v\d+)?\/experiments/,
+	/^\/api(\/v\d+)?\/guilds\/\d+\/widget\.(json|png)/
 ];
 
 declare global {
@@ -22,7 +23,7 @@ declare global {
 export async function Authentication(req: Request, res: Response, next: NextFunction) {
 	if (!req.url.startsWith("/api")) return next();
 	if (req.url.startsWith("/api/v8/invites") && req.method === "GET") return next();
-	if (NO_AUTHORIZATION_ROUTES.some((x) => req.url.startsWith(x))) return next();
+	if (NO_AUTHORIZATION_ROUTES.some((x) => x.test(req.url))) return next();
 	if (!req.headers.authorization) return next(new HTTPError("Missing Authorization Header", 401));
 
 	try {